In this tip, the fourth in our series of technical tips on cloud security, we focus on yet another group of threats...
facing a cloud computing model. Threats towards Infrastructure as a Service (IaaS) can include those related to Platform as a Service (PaaS) and Software as a Service (SaaS). There are also additional threats, however, as the nature of an IaaS offering means that a user controls most of it. This tip covers the most significant of those additional threats.
The most important threat you'll face when using an IaaS offering is dealing with vulnerabilities in underlying operating systems (OS's) and services. Other major threats, such as vulnerabilities in remote management, poor quality credentials and DNS protocol and implementation flaws, will be discussed in my next tip.
You'll note that, in a departure from my previous tips, I call this the most "important" threat instead of the most "likely." This is because, at the infrastructure level, the number of threats seem to increase exponentially. While some threats may be likely, they are not as important. This is about remediating the nasty ones. Remember that the threats to SaaS and PaaS that we have already covered remain applicable.
Threats in underlying operating system and services
Handling these vulnerabilities in the underlying OS's or services of your IaaS offering is the most imperative security measure to take. At this time, Linux, variants of Linux and Windows-based operating systems are the main options available in public IaaS offerings. While other OS's may be available, Linux and Windows hold over 90% of the market. Both of these OS's and services that run on them have, and will continue to have, vulnerabilities. OS and service vulnerabilities are publicized through many outlets, and in many instances, exploits are publically available. Therefore, you need to deal with them in a timely manner.
OS-related vulnerabilities refers to core OS functionality such as TCP/IP networking, system calls, system libraries, memory functions and Windows Security Accounts Manager (SAM) . When referring to services, I am talking about programs that use the underlying OS functions to accomplish a task, such as a DNS server, Windows File Sharing or NetBIOS. It is important to differentiate these, as the mitigation strategies may be different. Speaking of mitigation, here are the steps to adequately address these vulnerabilities:
- Remove: The first option is to remove the threat.
- OS function: For Linux, you can modify the core OS code and rebuild the kernel or system library, then recompile. For Windows, I do not know of a practical way to remove an OS function (as I have defined it).
- Service: For Linux, you can remove the executable. For Windows, you may be able to remove the executable, but many services are implemented as part of a single program (i.e., svchost.exe) and thus it is not practical in most instances.
- Disable: The second best option is to disable the function or service.
- OS function: For Linux, you can typically perform modification of the kernel configuration file and a rebuild of the kernel. For Windows, this is done through the "Services" snap-in or the "Add/Remove Windows components" in the "Add and Remove Program" Control Panel.
- Service: For Linux, typically done in inetd/rc structure (or equivalent). For Windows, you would use the "Services" snap-in.
- Block: The third option for those threats you cannot remove or disable is to block access to them.
A host-based firewall can be used to allow only certain traffic into the host. You need to understand that while this is effective against all service-related threats, it does not protect against OS functions that the firewall relies on (i.e., a flaw in the underlying network functions will affect the firewall as well).
Furthermore, it is important to note that in an IaaS environment, you can only use host-based firewalls to provide this mitigation. If you rely on a network firewall, then you are putting that control in the hands of your provider (e.g., they are the ones that control any guest-to-guest traffic on a physical server).
Note: You need to check for dependencies, as removing or disabling functions or services may render your system inoperable. Test your systems first.
In our next tip
We have addressed the top threat in a public cloud IaaS offering. Next time, we'll cover threats in common remote management solutions:, such as VPNs, Remote Desktop, Remote Shell and Web Console user interfaces (UIs). The last tip will address threats related to poor-quality administrative credentials and DNS protocol and implementation flaws.
ABOUT THE AUTHOR:
Phil Cox is a principal consultant of SystemExperts Corporation, a consulting firm that specializes in system security and management. He is a well-known authority in the areas of system integration and security.
His experience includes Windows, UNIX, and IP-based networks integration, firewall design and implementation and ISO 17799 and PCI compliance. Phil frequently writes and lectures on issues dealing with heterogeneous system integration and compliance with PCI-DSS. He is the lead author of Windows 2000 Security Handbook Second Edition (Osborne McGraw-Hill) and contributing author for Windows NT/2000 Network Security (Macmillan Technical Publishing).
Phil holds a BS in Computer Science from the College of Charleston