Bahtiyar Bircan, profile picture
Uploaded byBahtiyar Bircan
5,802 views

Cloud Computing v.s. Cyber Security

This document discusses cloud computing and its implications for cyber security. It begins with definitions of cloud computing and an overview of its key properties and benefits, such as scalability, on-demand access, and lower costs. It then explores both defensive and offensive uses of cloud computing for cyber activities. Defensively, the cloud can enable services like DDoS protection, backup and disaster recovery, and security auditing. However, attackers have also adapted malicious tools and techniques to the cloud, using its resources for activities like password cracking, botnets, and command-and-control servers. The document concludes with a case study showing how easily cyber attacks can be launched from the cloud anonymously and at low or no cost.

Embed presentation

11 Haziran 2015 Cloud Computing v.s. Cyber Security Bahtiyar BİRCAN TOBB-ETU bahtiyarb@gmail.com
Agenda Cloud Computing Definition Cloud Properties and Benefits Cloud Computing fo Cyber Defense Cloud Computing for Cyber Offense Case Study: Cloud Based Cyber Attack 2
Cloud Computing
Cloud Computing Definiton “Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g. ,networks, servers, storage,applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.” NIST Cloud computing refers to the on-demand provision of computational resources (data, software) via a computer network, rather than from a local computer. Wikipedia 4
• On-demand self-service • Dynamic Resource Allocation • Device / Location Independence • Distributed architecture • Scalable and Elastic • High Computing Power • High Bandwith • High Storage Capacity Cloud Characteristics 5
Cloud Computing Benefits 6
Cloud Models 7
Cloud for Cyber Defense
• DDoS Protection • Web Application Attack Prevention • Backup and Disaster Recovery • Vulnerability Scan • Penetration Testing & Security Audit • Log Managamenet / SIEM • Forensics as a Service Cloud Usage for Cyber Defense 9
DDoS Protection Cloud Based DDoS Protection Services • CloudFlare, Incapsula 10
Web Application Attack Prevention 11
Vulnerability Scanning 12
Vulnerability Scanning 13
Penetration Testing & Security Audit 14
Forensics as a Service 15
Cloud for Cyber Offense
Cloud for Cyber Offense Hacking as a Service • Cloud properties for criminals – Scalability, – Quick Deployment – Dynamic resource usage – High computing power – High bandwith • Cyber criminals adapted their tools and techniques for cloud computing • Unfortunately they are better at using cloud platforms 17
Cloud for Cyber Offense Cloud Usage in Cyber Offense • DDoS as a Service • Botnet as a Service • Malware as a Service • Password Cracking • BotClouds • C&C Servers • Warez as a Service 18
DDoS as a Service 19 Source: McAfee
Botnet as a Service 20Source: McAfee
Malware as a Service 21 Source: Solutionary
Password Cracking as a Service Password Cracking Experiment • Lentgth: 1-6 character • Algorithm: SHA1 • Method: Brute Force • Hardware: – Amazon cg1.4xlarge – 22 GB memory – 2 x Intel Xeon X5570, quad-core – 2 x NVIDIA Tesla M2050 GPUs – 1690 GB of instance storage • Crack time: 49 min • Price: 2100 $ 22
Password Cracking as a Service 23
Command & Control Servers 24
Case Study: Cloud Based Cyber Attack
• How easy it is to build cyber attack infrastructure at cloud? • Can we build it at no cost ? • Can we build it anonymously? Case Study: Cloud Based Cyber Attack 26
Get anonymous e-mail account Register to cloud provider Get free trial of cloud Linux image Install attack software on VM Register free DNS domain Start attack Large scale attack Attack Scenario 27
• Known e-mail providers: – Gmail, – Yahoo, – Yandex, – Mail.ru • One-time mail providers – Mailinator Attack Step 1: Get Anonymous E-mail 28
• Lots of cloud providers give free trial accounts – 1 week – 1 year trial – Amazon – Rackspace – Siemens Cloud Services – … Attack Step 2: Register to Cloud Provider 29
Attack Step 3: Get a Trial of Linux VM Image 30
Attack Step 4: Install Attack Software on VM 31
Attack Step 5: Register Free DNS Domain 32
Attack Step 6: Launch an Attack Possible Attacks • Denial of Service • Port Scanning • Vulnerability Scan • Exploitation • Pshishing Site • Malware Server • Password Cracking 33
Attack Step 7: Large Scale Attacks Creating 20 Cloud Bots • Script for creating 20 cloud bot servers 34
Attack Step 7: Large Scale Attacks Creating 1000 Cloud Bots • Script for creating 1000 cloud bot servers 35
Thanks Bahtiyar BİRCAN TOBB-ETU bahtiyarb@gmail.com

More Related Content

PPTX
Cloud Encryption
byRituparnaNag
 
PPTX
Cloud with Cyber Security
byNiki Upadhyay
 
PPT
security Issues of cloud computing
byprachupanchal
 
PPT
Cloud Computing & Security Concerns
byUniversity of San Francisco
 
PPTX
Data Confidentiality in Cloud Computing
byRitesh Dwivedi
 
PDF
The Security and Privacy Threats to Cloud Computing
byAnkit Singh
 
PPT
On technical security issues in cloud computing
bysashi799
 
PDF
SOME SECURITY CHALLENGES IN CLOUD COMPUTING
byHoang Nguyen
 
Cloud Encryption
byRituparnaNag
 
Cloud with Cyber Security
byNiki Upadhyay
 
security Issues of cloud computing
byprachupanchal
 
Cloud Computing & Security Concerns
byUniversity of San Francisco
 
Data Confidentiality in Cloud Computing
byRitesh Dwivedi
 
The Security and Privacy Threats to Cloud Computing
byAnkit Singh
 
On technical security issues in cloud computing
bysashi799
 
SOME SECURITY CHALLENGES IN CLOUD COMPUTING
byHoang Nguyen
 

What's hot

PPTX
Cloud computing and data security
byMohammed Fazuluddin
 
PDF
Cloud computing security and privacy
byAdeel Javaid
 
PPTX
Security in cloud computing
byveena venugopal
 
PPTX
Ensuring data storage security in cloud computing
byUday Wankar
 
PPTX
Cloud computing security
byGahya Pandian
 
PPT
Cloud computing security
byAkhila Param
 
PPTX
Authentication cloud
byvidhya dharmarajan
 
PDF
Evaluation Of The Data Security Methods In Cloud Computing Environments
byijfcstjournal
 
PPT
Security Issues of Cloud Computing
byFalgun Rathod
 
PPT
Lee Newcombe, Capgemini “Security threats associated with cloud computing”
byChris Purrington
 
PDF
Cloud Computing Security
byPiyush Mittal
 
PPTX
Security in Cloud Computing
byRohit Buddabathina
 
PPT
Security & Privacy In Cloud Computing
bysaurabh soni
 
PPTX
Security Issues in Cloud Computing
byJyotika Pandey
 
PPT
Cloud Computing Security Challenges
byYateesh Yadav
 
PPTX
PhD Projects in Cloud Computing Security Research Topics
byPhD Services
 
DOCX
Cloud Computing Security Issues in Infrastructure as a Service” report
byVivek Maurya
 
PPTX
Cloud Computing Security Threats and Responses
byshafzonly
 
PDF
Data security in cloud environment
byShivam Singh
 
PDF
Cloud Computing Security Organization Assessments Service Categories Responsi...
bySlideTeam
 
Cloud computing and data security
byMohammed Fazuluddin
 
Cloud computing security and privacy
byAdeel Javaid
 
Security in cloud computing
byveena venugopal
 
Ensuring data storage security in cloud computing
byUday Wankar
 
Cloud computing security
byGahya Pandian
 
Cloud computing security
byAkhila Param
 
Authentication cloud
byvidhya dharmarajan
 
Evaluation Of The Data Security Methods In Cloud Computing Environments
byijfcstjournal
 
Security Issues of Cloud Computing
byFalgun Rathod
 
Lee Newcombe, Capgemini “Security threats associated with cloud computing”
byChris Purrington
 
Cloud Computing Security
byPiyush Mittal
 
Security in Cloud Computing
byRohit Buddabathina
 
Security & Privacy In Cloud Computing
bysaurabh soni
 
Security Issues in Cloud Computing
byJyotika Pandey
 
Cloud Computing Security Challenges
byYateesh Yadav
 
PhD Projects in Cloud Computing Security Research Topics
byPhD Services
 
Cloud Computing Security Issues in Infrastructure as a Service” report
byVivek Maurya
 
Cloud Computing Security Threats and Responses
byshafzonly
 
Data security in cloud environment
byShivam Singh
 
Cloud Computing Security Organization Assessments Service Categories Responsi...
bySlideTeam
 

Viewers also liked

PPTX
Energy conservation week celebration
bySudha Arun
 
PPTX
Data Warehouse Optimization
byCloudera, Inc.
 
PDF
CUDA performance study on Hadoop MapReduce Cluster
byairbots
 
PDF
Export-Oriented Industrialization (EOI): Arguments For and Against What Have ...
byDr.Choen Krainara
 
PDF
Making Display Advertising Work for Auto Dealers
bySpeed Shift Media
 
PDF
Real-World Data Governance: Data Governance Roles & Responsibilities
byDATAVERSITY
 
PPTX
Top 10 heavy duty diesel mechanic interview questions and answers
bytonychoper8206
 
PPT
Seminar datawarehousing
byKavisha Uniyal
 
DOCX
Lab Report on copper cycle
byKaranvir Sidhu
 
PPTX
Equity derivatives
byRahul Sane
 
PPTX
How to perform an efficient Cold Chain Compliance and Gap Analysis
byAlternatives Technologie Pharma
 
PPTX
Financial Management Best Practices
byAutotask
 
PDF
AWS 클라우드 서비스 소개 및 사례 (방희란) - AWS 101 세미나
byAmazon Web Services Korea
 
PDF
Churn management
byMohammed Akram Ayyubi
 
PDF
Consulting Company Valuation Model
byTony Rice
 
PPT
Lecture 1 introduction to construction procurement process.
byAszahari Aie
 
PDF
Bài 1: Làm quen với ASP.NET - Giáo trình FPT - Có ví dụ kèm theo
byMasterCode.vn
 
PPT
Energy management final ppt
byEcoEvents
 
PPTX
Top 10 electrical project engineer interview questions and answers
byrobin26331
 
PPS
Energy management system
bykashbhat
 
Energy conservation week celebration
bySudha Arun
 
Data Warehouse Optimization
byCloudera, Inc.
 
CUDA performance study on Hadoop MapReduce Cluster
byairbots
 
Export-Oriented Industrialization (EOI): Arguments For and Against What Have ...
byDr.Choen Krainara
 
Making Display Advertising Work for Auto Dealers
bySpeed Shift Media
 
Real-World Data Governance: Data Governance Roles & Responsibilities
byDATAVERSITY
 
Top 10 heavy duty diesel mechanic interview questions and answers
bytonychoper8206
 
Seminar datawarehousing
byKavisha Uniyal
 
Lab Report on copper cycle
byKaranvir Sidhu
 
Equity derivatives
byRahul Sane
 
How to perform an efficient Cold Chain Compliance and Gap Analysis
byAlternatives Technologie Pharma
 
Financial Management Best Practices
byAutotask
 
AWS 클라우드 서비스 소개 및 사례 (방희란) - AWS 101 세미나
byAmazon Web Services Korea
 
Churn management
byMohammed Akram Ayyubi
 
Consulting Company Valuation Model
byTony Rice
 
Lecture 1 introduction to construction procurement process.
byAszahari Aie
 
Bài 1: Làm quen với ASP.NET - Giáo trình FPT - Có ví dụ kèm theo
byMasterCode.vn
 
Energy management final ppt
byEcoEvents
 
Top 10 electrical project engineer interview questions and answers
byrobin26331
 
Energy management system
bykashbhat
 

Similar to Cloud Computing v.s. Cyber Security

PDF
Cloud Computing and Security - ISACA Hyderabad Chapter Presentation
byVenkateswar Reddy Melachervu
 
PPTX
Lss implementing cyber security in the cloud, and from the cloud-feb14
byL S Subramanian
 
PDF
Security Issues in Cloud Computing Solution of DDOS and Introducing Two-Tier ...
byijccsa
 
PDF
Cyber Security and Cloud Computing
byKeet Sugathadasa
 
PDF
TOP 5 Most View Article in Computer Science & Information Technology Research
byAIRCC Publishing Corporation
 
PPT
Privacy Issues of Cloud Computing in the Federal Sector
byLew Oleinick
 
PPTX
CLOUD COMPUTING
byAnil Kumar Suhana
 
PPTX
A study on securing cloud environment from d do s attack to preserve data ava...
byManimaran A
 
PPTX
Cloud computing
byTushar Jain
 
PDF
SECURITY ATTACK ISSUES AND MITIGATION TECHNIQUES IN CLOUD COMPUTING ENVIRONMENTS
byijujournal
 
PDF
SECURITY ATTACK ISSUES AND MITIGATION TECHNIQUES IN CLOUD COMPUTING ENVIRONMENTS
byijujournal
 
PPT
htcia-5-2015
byTony Godfrey
 
PDF
Taiye Lambo - Auditing the cloud
bynooralmousa
 
PDF
Cloud computing & Security presentation
byParveen Yadav
 
DOCX
CLOUD COMPUTING -Risks, Countermeasures, Costs and Benefits-
byLillian Ekwosi-Egbulem
 
PDF
Intrusion Detection on Public IaaS - Kevin L. Jackson
byGovCloud Network
 
PPTX
M1TGCPFCI-B test ILTsdfasfnjkehkejejeerj
bypumipatlalun
 
DOCX
About Cloud Computing
byNaman Talati
 
PDF
Cloud Computing Essay
byPaper Writing Services Reviews
 
PDF
Dr. Michael Valivullah, NASS/USDA - Cloud Computing
byikanow
 
Cloud Computing and Security - ISACA Hyderabad Chapter Presentation
byVenkateswar Reddy Melachervu
 
Lss implementing cyber security in the cloud, and from the cloud-feb14
byL S Subramanian
 
Security Issues in Cloud Computing Solution of DDOS and Introducing Two-Tier ...
byijccsa
 
Cyber Security and Cloud Computing
byKeet Sugathadasa
 
TOP 5 Most View Article in Computer Science & Information Technology Research
byAIRCC Publishing Corporation
 
Privacy Issues of Cloud Computing in the Federal Sector
byLew Oleinick
 
CLOUD COMPUTING
byAnil Kumar Suhana
 
A study on securing cloud environment from d do s attack to preserve data ava...
byManimaran A
 
Cloud computing
byTushar Jain
 
SECURITY ATTACK ISSUES AND MITIGATION TECHNIQUES IN CLOUD COMPUTING ENVIRONMENTS
byijujournal
 
SECURITY ATTACK ISSUES AND MITIGATION TECHNIQUES IN CLOUD COMPUTING ENVIRONMENTS
byijujournal
 
htcia-5-2015
byTony Godfrey
 
Taiye Lambo - Auditing the cloud
bynooralmousa
 
Cloud computing & Security presentation
byParveen Yadav
 
CLOUD COMPUTING -Risks, Countermeasures, Costs and Benefits-
byLillian Ekwosi-Egbulem
 
Intrusion Detection on Public IaaS - Kevin L. Jackson
byGovCloud Network
 
M1TGCPFCI-B test ILTsdfasfnjkehkejejeerj
bypumipatlalun
 
About Cloud Computing
byNaman Talati
 
Cloud Computing Essay
byPaper Writing Services Reviews
 
Dr. Michael Valivullah, NASS/USDA - Cloud Computing
byikanow
 

Recently uploaded

PDF
UnityNet AI Induced Harm & Youth Protection Position Statement 2025-11-15
byLHelferty
 
PPTX
AI: Beyond Generative AI and LLM | Harrie de Groot (harrie.dev)
byHarrie de Groot
 
PDF
PMI PMBOK8 Released on November 13, 2025
byScott M. Graffius
 
PDF
November 2025 OpenMetadata Community Spotlight - Astronomer & Airflow 3
byOpenMetadata
 
PDF
Supervised Machine Learning Approaches for Log-Based Anomaly Detection: A Cas...
byMohammed BEKKOUCHE
 
PDF
Running Non-Cloud-Native Databases in Cloud-Native Environments_ Challenges a...
byAlkin Tezuysal
 
PDF
Beyond Basics: How to Build Scalable, Intelligent Imagery Pipelines
bySafe Software
 
PPTX
Support, Monitoring, Continuous Improvement & Scaling Agentic Automation [3/3]
byUiPathCommunity
 
PDF
OutSystsems User Group Brabant November 2025
bymail496323
 
PDF
AWS Cloud Technical Essentials - AWS Certificate
byVICTOR MAESTRE RAMIREZ
 
PPTX
Understanding the digital experience of FE teaching staff in 2024/25
byJisc
 
PDF
Command Line Text Processing - RHCSA +.pdf
byLinuxCert Guru
 
PDF
How to Spot a Fraudulent Shopping Website
byAshwini Singh
 
PDF
UiPath DevConnect 2025: UiPath ScreenPlay - The Future of Human-Like Automation
byDianaGray10
 
PDF
IDSECCONF2025 - Budi Rahardjo - Cyber Security and AI.pdf
byidsecconf
 
PDF
SELinux Basics: Managing SELinux Modes and Context - RHCSA+.pdf
byLinuxCert Guru
 
PPTX
Explaining ourselves – people, computers and AI
byAlan Dix
 
PDF
IDSECCONF2025 - Faisal Ilham - Semi Automating Vulnerability Scanner and Expl...
byidsecconf
 
PDF
THE THREATS OF INSTABILITY IN BRAZIL'S INTERCONNECTED ELECTRICAL SYSTEM AND H...
byFaga1939
 
PPTX
Streamlining Business Processes with UiPath Apps
byTracy Dixon
 
UnityNet AI Induced Harm & Youth Protection Position Statement 2025-11-15
byLHelferty
 
AI: Beyond Generative AI and LLM | Harrie de Groot (harrie.dev)
byHarrie de Groot
 
PMI PMBOK8 Released on November 13, 2025
byScott M. Graffius
 
November 2025 OpenMetadata Community Spotlight - Astronomer & Airflow 3
byOpenMetadata
 
Supervised Machine Learning Approaches for Log-Based Anomaly Detection: A Cas...
byMohammed BEKKOUCHE
 
Running Non-Cloud-Native Databases in Cloud-Native Environments_ Challenges a...
byAlkin Tezuysal
 
Beyond Basics: How to Build Scalable, Intelligent Imagery Pipelines
bySafe Software
 
Support, Monitoring, Continuous Improvement & Scaling Agentic Automation [3/3]
byUiPathCommunity
 
OutSystsems User Group Brabant November 2025
bymail496323
 
AWS Cloud Technical Essentials - AWS Certificate
byVICTOR MAESTRE RAMIREZ
 
Understanding the digital experience of FE teaching staff in 2024/25
byJisc
 
Command Line Text Processing - RHCSA +.pdf
byLinuxCert Guru
 
How to Spot a Fraudulent Shopping Website
byAshwini Singh
 
UiPath DevConnect 2025: UiPath ScreenPlay - The Future of Human-Like Automation
byDianaGray10
 
IDSECCONF2025 - Budi Rahardjo - Cyber Security and AI.pdf
byidsecconf
 
SELinux Basics: Managing SELinux Modes and Context - RHCSA+.pdf
byLinuxCert Guru
 
Explaining ourselves – people, computers and AI
byAlan Dix
 
IDSECCONF2025 - Faisal Ilham - Semi Automating Vulnerability Scanner and Expl...
byidsecconf
 
THE THREATS OF INSTABILITY IN BRAZIL'S INTERCONNECTED ELECTRICAL SYSTEM AND H...
byFaga1939
 
Streamlining Business Processes with UiPath Apps
byTracy Dixon
 

Cloud Computing v.s. Cyber Security

  • 1.
    11 Haziran 2015 CloudComputing v.s. Cyber Security Bahtiyar BİRCAN TOBB-ETU bahtiyarb@gmail.com
  • 2.
    Agenda Cloud Computing Definition CloudProperties and Benefits Cloud Computing fo Cyber Defense Cloud Computing for Cyber Offense Case Study: Cloud Based Cyber Attack 2
  • 3.
  • 4.
    Cloud Computing Definiton “Cloudcomputing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g. ,networks, servers, storage,applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.” NIST Cloud computing refers to the on-demand provision of computational resources (data, software) via a computer network, rather than from a local computer. Wikipedia 4
  • 5.
    • On-demand self-service •Dynamic Resource Allocation • Device / Location Independence • Distributed architecture • Scalable and Elastic • High Computing Power • High Bandwith • High Storage Capacity Cloud Characteristics 5
  • 6.
  • 7.
  • 8.
  • 9.
    • DDoS Protection •Web Application Attack Prevention • Backup and Disaster Recovery • Vulnerability Scan • Penetration Testing & Security Audit • Log Managamenet / SIEM • Forensics as a Service Cloud Usage for Cyber Defense 9
  • 10.
    DDoS Protection Cloud BasedDDoS Protection Services • CloudFlare, Incapsula 10
  • 11.
  • 12.
  • 13.
  • 14.
    Penetration Testing &Security Audit 14
  • 15.
    Forensics as aService 15
  • 16.
  • 17.
    Cloud for CyberOffense Hacking as a Service • Cloud properties for criminals – Scalability, – Quick Deployment – Dynamic resource usage – High computing power – High bandwith • Cyber criminals adapted their tools and techniques for cloud computing • Unfortunately they are better at using cloud platforms 17
  • 18.
    Cloud for CyberOffense Cloud Usage in Cyber Offense • DDoS as a Service • Botnet as a Service • Malware as a Service • Password Cracking • BotClouds • C&C Servers • Warez as a Service 18
  • 19.
    DDoS as aService 19 Source: McAfee
  • 20.
    Botnet as aService 20Source: McAfee
  • 21.
    Malware as aService 21 Source: Solutionary
  • 22.
    Password Cracking asa Service Password Cracking Experiment • Lentgth: 1-6 character • Algorithm: SHA1 • Method: Brute Force • Hardware: – Amazon cg1.4xlarge – 22 GB memory – 2 x Intel Xeon X5570, quad-core – 2 x NVIDIA Tesla M2050 GPUs – 1690 GB of instance storage • Crack time: 49 min • Price: 2100 $ 22
  • 23.
  • 24.
  • 25.
  • 26.
    • How easyit is to build cyber attack infrastructure at cloud? • Can we build it at no cost ? • Can we build it anonymously? Case Study: Cloud Based Cyber Attack 26
  • 27.
    Get anonymous e-mailaccount Register to cloud provider Get free trial of cloud Linux image Install attack software on VM Register free DNS domain Start attack Large scale attack Attack Scenario 27
  • 28.
    • Known e-mailproviders: – Gmail, – Yahoo, – Yandex, – Mail.ru • One-time mail providers – Mailinator Attack Step 1: Get Anonymous E-mail 28
  • 29.
    • Lots ofcloud providers give free trial accounts – 1 week – 1 year trial – Amazon – Rackspace – Siemens Cloud Services – … Attack Step 2: Register to Cloud Provider 29
  • 30.
    Attack Step 3:Get a Trial of Linux VM Image 30
  • 31.
    Attack Step 4:Install Attack Software on VM 31
  • 32.
    Attack Step 5:Register Free DNS Domain 32
  • 33.
    Attack Step 6:Launch an Attack Possible Attacks • Denial of Service • Port Scanning • Vulnerability Scan • Exploitation • Pshishing Site • Malware Server • Password Cracking 33
  • 34.
    Attack Step 7:Large Scale Attacks Creating 20 Cloud Bots • Script for creating 20 cloud bot servers 34
  • 35.
    Attack Step 7:Large Scale Attacks Creating 1000 Cloud Bots • Script for creating 1000 cloud bot servers 35
  • 36.