Archive for August 24, 2010

Top Six Potential Threats of Cloud Computing

Cloud computing promises to provide new and exciting opportunities for organizations to create a lean and robust infrastructure that is cost-effective. Though these benefits are valuable, the security issues must be understood by every organization before it embraces the new technology of cloud computing and allow its wide spread. Without addressing the security compliance issues, the rewards of loud computing cannot be fully realized. Here in this post we list the top threats of clout computing that are quite common in all cloud providers. Keeping these threats in mind, customers must evaluate cloud infrastructure vendors on more than price and top feature sets before deciding to move critical systems and applications.

cloud-computing

Recommended Reading:

1. Illicit Cloud Use and Common Platform Attacks

This category of threat includes illegal use of a cloud provider’s infrastructure to launch attacks or conduct illegal activity on the Internet. For instance, the cloud might be used to attack or abuse other users within the same cloud infrastructure by leveraging common address spaces, common networks or hardware to assist in the attack.

2. Insecure Cloud Application Programming
Interface Access

This category of threat includes the relative insecurity of cloud application programming interface (API) frameworks. The insecurity could also be in the operations that might be performed programmatically to manage cloud-based systems. Often the security controls, authentication and authorization mechanisms provided, lack the ability to prevent authentication bypass attacks and API hacks. This weakness may allow unauthorized access to privileged functions or operations.

3. Malicious Insiders

This category of threat is perhaps the most dangerous of all threats to cloud computing. The insider threat can also be the most difficult to prevent. In cloud computing, this threat carries disastrous implications because large segments of a customer’s infrastructure can be at risk while under the control of another party. Many cloud providers lack transparency about hiring practices, screening and background investigation processes. Getting a job at an Internet service provider (ISP) or SaaS provider, with ill intent, might be easier than many believe. Compounding this threat is the inability of cloud providers to monitor access to critical systems once an employee is granted privileged access to the infrastructure.

4. Shared Infrastructure

This category of thread is due to the sharing the cloud provider’s infrastructures across hundreds of customers though the cloud computing was never designed to operate in such a massive multitenant mode. Often, basic protections and customer compartmentalization is lacking in the cloud stack causing vulnerability in cloud infrastructure at all levels of the stack right from hardware, hypervisor, network, operating system to storage and also application layers.

5. Data Theft and Loss

Data is the lifeblood of most organizations. It has a high value and consequently is the target of many attacks. Preventing unauthorized access to cloud-based data is a top priority in cloud security. However, many cloud providers do not adequately protect customer data-at-rest. Data theft is but one type of risk that cloud providers must adequately address in their cloud implementations. Another risk is data loss, which carries equally severe impacts. Storage might be corrupted; drives might fail; and partitions could accidentally be deleted. Also, the cloud provider might lack adequate backup capability.

6. Account Hijacking

Phishing, pharming and email-based attacks designed to direct users to a fraudulent website with the goal of stealing their user names and passwords are a constant threat. Once the users’ credentials are obtained, the attacker can access customer accounts, change data and misdirect customers to other fraudulent sites. A company’s cloud-based infrastructure could actually be used as a staging ground for new attacks — all executed
under the company identity.

Via White Paper : Unisys Secure Cloud Addressing the Top Threats of Cloud Computing

Hard Drive Recovery – Great Hard Disk Data Recovery Software Reference

Always keep your System backed up. Software tools can not always recover lost data. Please read our post on how to backup your computer (disks). You can even take a backup on a cloud storage which is reliable too. Read How to backup your files using online backup services.

image

Bootable Live Disks

Linux Live CD/DVD (such as Knoppix/Ubuntu Live) – When the Hard Drive is non functioning, your system will not boot. If you have stored or want to access files that are there on the drive, the first thing to do is, boot your computer using Live CD/DVD distributed by Linux (Knoppix or any other Live OS CD). Live CD/DVD can boot your computer via CD/DVD and installing RAMDISK image (on RAM of course). Advantage here is, Live CD/DVD can mount your internal Hard Drive and you could explore files that are recoverable. This is really helpful and we have used this technique in the past with great success.

Hard Drive Consistency Checkers

If your Hard Drive is able to boot but you feel or see some disk related errors, it would be worthwhile to run Disk consistency checking software such as;

CHKDSK – A DOS/Windows utility that can find disk errors and fix.

Disk Utility – A Disk related tool for MAC OS X that can verify the integrity of the Disk.

fsck – a Disk consistency checker for the UNIX.

These software tools are capable of finding disk errors and possibly fix them. But, it should be noted that not all errors can be fixed by these tools, they are not miracle tools anyways :)

Data Files Recovery

Sometimes we accidentally delete important files only to regret later. Fortunately there are some free data recovery tools that can just undo deleted files.

Recuva recovers files deleted from your Windows computer, Recycle Bin, digital camera card, or MP3 player.

PhotoRec is another such tool.

Data Forensics

After a break-in or seizure of computer systems or disks, forensic analysis can happen on the disk to understand the data or recover data from the disk. There are tools that can perform forensic analysis of the recovered disk from criminals etc.

The Coroner’s Toolkit (TCT) - TCT is a collection of programs by Dan Farmer and Wietse Venema for a post-mortem analysis of a UNIX system.

Forensic Toolkit (Commercial) –  Data forensic software created by AccessData.

EnCase (Commercial) – Disk security and recovery experts.

 

Are there better tools? Did we miss any tool? Please have your comments below.

Best Fault Tree Analysis software to analyze complex systems

While Root Cause Analysis is a set of problem solving methods that is aimed at identifying the root cause of an incident, Fault Tree Analysis is one of the popular techniques that is used in the field of safety engineering to quantitatively determine the probability of a safety hazard. FTA is a deductive, top-down method aimed at analyzing the effects of initiating faults and events on a complex system. There are many software that help you in the Fault Tree Analysis. Some of them are quite expensive but worth every penny.Here in this post we look at some popular Fault Tree Analysis software that are available.

fault-tree-analysis-software

Recommended Reading:

Open Source Software

1. OpenFTA

auvation_tiny

OpenFTA is open source product for conducting a formal Fault Tree Analysis. Its an advanced tool for fault tree analysis. It has an intuitive front-end which allows the user to construct, modify or analyse fault trees. OpenFTA has been designed to gain wide international acceptance for fault tree analysis, particularly in the aerospace, nuclear, medical equipment and defense fields

More info here.

Commercial Software

2. Relex Fault Tree

Relex-Tag

In applications where reliability and safety are paramount, it is necessary to identify all factors contributing to critical safety issues and failures in a product or system. Relex Fault Tree helps you construct a graphical representation of the critical issue and its contributing events. It provides the analysis tools required to help mitigate its occurrence or impact. The powerful analytical capabilities of Relex Fault Tree quantify system risk and reliability, helps you make targeted decisions about design, maintenance, and controls to reduce the probability of failure.

More info here.

3. ITEM ToolKit

Item

ITEM ToolKit’s Fault Tree Software offers a diverse graphical user interface (GUI) flexible, powerful and easy ways for constructing Fault Trees. The GUI consists of menus, toolbars, and project and system windows. You can simply add different gates and events in the System Window to create a hierarchy of your system, ITEM ToolKit will construct the Fault Tree Diagram for you. You can also build your Fault Tree the traditional way by adding gates and events in the Diagram Window.

More info here.

4. FaultTree+

isograph1

FaultTree+ is the world’s most popular fault tree software package incorporating fault tree analysis, event tree analysis and Markov analysis. FaultTree+ has three different modules. The Fault Tree Analysis module allows you to construct and analyze fault tree diagrams. The Event Tree Analysis allow you to analyze the possible outcomes of an event occurring. And the Markov Analysis enables  the construction of Markov models for components with large interdependencies.

More info here.

Dia Review – Free And Open Source Diagramming Tool

Often, diagramming is necessary to document a project, or for a business proposal etc. Diagrams in the documentation plays a vital role in communicating the details to the engineering team. E.g. Flowcharts always help to understand the problem better. There are popular commercial diagramming tools such as Microsoft Visio, which is one of the industry leader. Visio has lots of featureimages but expensive. If you are looking for a free Flowchart, Network or a generic diagramming tool, the Dia which is Free and Open Source software is worth taking a look. It is cross-platform, it can run on Windows, Linux etc. It supports various kinds of diagrams; 

  • Flowchart
  • Network Diagrams
  • Circuit Diagrams
  • Telephone systems
  • UML
  • Civil and much more.

Recommended Reading:

A sample flowchart created using Dia

image

Simple and Easy User Interface

Dia has a decent GUI (user interface) and pretty intuitive. It has lots of in-built graphic images for creating various diagrams. It is very easy to design flowcharts and other diagrams. Arrows and lines can automatically attach to other diagrams and managing a large diagram is quite easy. Diagrams can be exported to various formats such as PNG, JPG, WMF etc.

Object Sheet Editor

image

An UML Diagram

image

How to add a custom shape to Dia?

If you need to have more graphic images, Refer to this tutorial.

Quality of Diagrams

Well, quality of the graphic images/icons are good but compared to other tools, they are a little archaic. Icons are very basic and richness of the graphic quality could be improved. But, overall, Dia is a great tool and it is pretty reliable too. It can work as an alternative to Microsoft Visio.

Related Posts with Thumbnails