Preface
Page: ii-ii (1)
Author: Akashdeep Bhardwaj*
DOI: 10.2174/9789815136111123010002
PDF Price: $15
Ransomware: Rising Threat of New-Age Digital Extortion
Page: 1-15 (15)
Author: Akashdeep Bhardwaj*
DOI: 10.2174/9789815136111123010003
PDF Price: $15
Abstract
What if someone stopped you from accessing your files or using your
computer? What if they demanded an amount to get access back to you? Most financial
and social interactions revolve around three critical aspects – firstly, the use of digital
data and files; secondly, computer systems; and last, the insecure internet. This is
where Ransomware using Bitcoin has become a major cause of concern in the form of
a new-age digital extortion threat to home and corporate users. This chapter discusses
Ransomware and the methods adopted by cybercriminals for holding ransom innocent
users' digital data and systems and proposes a malware detection system. Crypto and
Locker ransomware is reviewed for their propagation, attack techniques, and new
emerging threat vectors, such as file Encryption Ransomware, Screen Lock
Ransomware, Windows & Browser Lock, Pop Advertisements, and URL Redirection.
The author proposed a Cloud-based malware detection system, performing comparison
evaluation with and without the proposed anti-malware solution in the form of
sandboxes, so even if the environment got compromised, it could be easily
decommissioned and rebuilt from a fresh, clean virtual snapshot. Malware Behavioral
environments were set up for analyzing malware before and after receiving malware
payload files and logs from infected user devices. Malware Code Analysis gathered
assembly code and memory dumps from memory and performed analysis on malware
payload instructions. Reporting environment analyzed Web URLs proactively for
malicious sites hosting malware code or payloads and checked the user system and
devices for before and after analysis logs.
Design A Resilient Network Infrastructure Security Policy Framework
Page: 16-28 (13)
Author: Akashdeep Bhardwaj*
DOI: 10.2174/9789815136111123010004
PDF Price: $15
Abstract
The information security policy development lifecycle tends to lack focus on
the use of standard terms and semantics. This results in blurred outlines for monitoring,
evaluation, and enforcement of the security policy for the employees confusing
adhering to and implementing it, which leads to a lack of a process of publishing from
the security policy, end-user awareness, translation of high-level policy to lowest level
component configuration plans and actions to take in time of crisis. This leads to the
critical need to design an empirically tested, comprehensive security policy. This
chapter proposes bridging the gap between the high-level information security policy
descriptions and low-level network infrastructure security implementation. With new
and innovative technologies, such as Cloud, Remote Computing, Enterprise Mobility,
and e-commerce on the rise, network security has remained an ever-increasing
challenge. This chapter presents a security framework to bridge the gap between highlevel specification requirements and the low-level implementation phase for network
infrastructure security using the network architecture model with the security policies
associated with the network components required to be enforced. An architectural
model and a set of design-level security policies are considered to achieve the
framework design. Also discussed are the advantages and desired characteristics of the
model, relating to existing processes worked in the design area, and future research
directions are pointed.
Security Algorithms For Cloud Computing
Page: 29-41 (13)
Author: Akashdeep Bhardwaj*
DOI: 10.2174/9789815136111123010005
PDF Price: $15
Abstract
With growing awareness and concerns regarding Cloud Computing and
Information Security, there is growing awareness and usage of Security Algorithms in
data systems and processes. This chapter presents a brief overview and comparison of
Cryptographic algorithms, with an emphasis on Symmetric algorithms should be used
for Cloud-based applications and services that require data and link encryption. In this
chapter, we review Symmetric and Asymmetric algorithms with an emphasis on
Symmetric Algorithms for security consideration on which one should be used for
Cloud-based applications and services that require data and link encryption.
Solutions for DDoS Attacks on Cloud Environment
Page: 42-55 (14)
Author: Akashdeep Bhardwaj*
DOI: 10.2174/9789815136111123010006
PDF Price: $15
Abstract
The internet has become the key driver for virtually every organization’s
growth, brand awareness, and operational efficiency. Unfortunately, cyber terrorists
and organized criminals know this fact too. Using a Distributed Denial of Service
attack, they can deny corporates and end-users internet access, make the website go
slow, and deny access to corporate networks and data, making them unable to service
legitimate users. It is not just these that are vulnerable; DDoS attacks are diversions.
Due to the increased attack volume, collateral damage is becoming a major cause of
concern – packet loss, delays, and high latency for internet traffic of those whose
network traffic traverses the WAN saturated by a DDOS attack. DDOS attacks disrupt
services and distract security resources, while other attacks, like fraudulent
transactions, are attempted. Adaptive DDOS attacks are prevalent – attackers attack
traffic on the fly to avoid identification and confuse mitigation plans. Reflective and
Amplification attacks are most common – leveraging misconfigured DNS, NTP, and
other network resources by spoofing source IP addresses. The bitter reality is that for
cloud computing to be useful, it has to be exposed to insecure WANs and the public
internet. With Cloud services presence being advertised and the interfaces defined,
unauthorized attacks would always look to target the services.
Three-tier Network Architecture to Mitigate DDoS Attacks on Hybrid Cloud Environments
Page: 56-69 (14)
Author: Akashdeep Bhardwaj*
DOI: 10.2174/9789815136111123010007
PDF Price: $15
Abstract
With the rise of cyber-attacks on cloud systems globally, Cloud Service
Providers, Data carriers, and hosting providers are forced to consider the novel
challenges posed and requirements for attacks and, more specifically, DDoS protection
in large hosting environment setups. This chapter proposes using a multi-tiered
network design based on a Hybrid cloud solution comprising an On-premise solution
and a public cloud infrastructure capable of handling hurricane-sized DDoS storms.
Review of Solutions for Securing End-User Data Over Cloud Applications
Page: 70-83 (14)
Author: Akashdeep Bhardwaj*
DOI: 10.2174/9789815136111123010008
PDF Price: $15
Abstract
With more and more organizations working on the cloud over unsecured
internet, sharing files and emails and saving them on cloud storage is imperative.
Securing the end-user sensitive data in transit has thus started to get maximum priority
to protect it from Cloud company staff, hackers, and data thieves. In this study, an
attempt is made to review the research on end-user data security. There is an urgent
need for solutions for end-users data protection privacy during the times when
migrating from one cloud service provider to another. This chapter reviews the
challenges in Cloud computing services regarding end-user data, analyzes the issues
face, and presents solutions to overcome them. The chapter identifies end-users data
security issues when using cloud computing services. The focus is directed to critical
issues related to unauthorized access to integrity during data in transit. This can be
addressed using Public Key Cryptography or PKI. For Confidentiality and Data
Integrity for end-user data over Cloud. Then for migrating from one cloud service
provider to another, data security and privacy are addressed by Cloud-aware
applications. Lastly, using Multi-Factor Authentication combined with network and
application detection systems, Intrusion Detection Systems, and Network traffic routing
in case of cyber-attacks can help achieve denial of service attack mitigation or prevent
man-in-the-middle and network snooping in Cloud Computing.
DDoS Attacks, New DDoS Taxonomy, And Mitigation Solutions
Page: 84-96 (13)
Author: Akashdeep Bhardwaj*
DOI: 10.2174/9789815136111123010009
PDF Price: $15
Abstract
Cloud computing has started to gain acceptance for adoption and
implementation among organizations, however, this new technology area has already
started to deal with security, performance, and availability challenges. Within Cloud
Security issues being paramount for corporates, and private enterprises, the denial of
service attacks are rated as the highest priority threat to the cloud environments. This
chapter presents a review of the academic literature research work on the DDoS attack
on the Cloud, introduces a new DDoS Classification taxonomy, and proposes
parameters for determining an effective DDoS solution.
Designing A Framework For Cloud Service Agreements For Cloud Environments
Page: 97-113 (17)
Author: Akashdeep Bhardwaj*
DOI: 10.2174/9789815136111123010010
PDF Price: $15
Abstract
Cloud Computing has emerged as the prime IT computing model for ondemand access using a pool of shared resources with the least IT support. Cloud
computing is starting to replace the legacy office IT infrastructure and helpdesk support
system. Corporate and home users alike are hugely turning into cloud service
consumers and moving their data and work to the cloud. Therefore, the Cloud Service
Agreement (CSA) between cloud service consumers and cloud service providers has a
critical significance that can guarantee the highest level of service quality and delivery.
The current CSA parameters and CSA terms tend to fall short of the service delivery
commitments with no common terminology or standard followed industry-wide by the
cloud service providers. Comparing similar service offerings and agreements from
multiple cloud service providers continues to be a complex issue. This chapter provides
a pragmatic approach to Cloud Service Agreements, comparing the current process
with the proposed parameters and the new framework for CSA to determine the role of
various elements and terms in the decision-making process for cloud service
agreements for SaaS, PaaS, IaaS, and STaaS.
Comparing Single-Tier And Three-Tier Infrastructure Designs Against DDoS Attacks
Page: 114-132 (19)
Author: Akashdeep Bhardwaj*
DOI: 10.2174/9789815136111123010011
PDF Price: $15
Abstract
With the rise in cyber-attacks on cloud environments like Brute Force,
Malware, or Distributed Denial of Service attacks, information security officers and
data center administrators have a monumental task. Starting from the need to safeguard
the client data, data center security, and ensuring cloud service availability, the team
needs to ensure the highest priority to service delivery performance and functionality
being offered to the service consumers. Organizations design data center and service
delivery to cater to maximize device provisioning & availability, improve application
performance, ensure better server virtualization and end up securing data centers using
security solutions at the internet edge protection level. These security solutions prove to
be largely inadequate in times of a DDoS cyber-attack. In this chapter, traditional data
center design is compared to the proposed three-tier data center architecture design.
The author performed DDoS attacks on both architectures to determine the resilience to
withstand DDoS attacks by measuring the Real User Monitoring parameters and then
validated the data using the Parametric T-Test.
Security Challenges For Cloud-Based Email Infrastructure
Page: 133-151 (19)
Author: Akashdeep Bhardwaj*
DOI: 10.2174/9789815136111123010012
PDF Price: $15
Abstract
To stay connected and interact with global peers, friends, co-workers, and
corporate employees, use email communication technology to perform business with
customers and communicate with each other globally. Emails are the best and simplest
way of cyber communication. Email is often the first thing we do when entering the
office as well as the last thing we do when going to bed. With Cloud-based services
providing email servers and infrastructure hosted over the Internet, Security assumes a
significantly high level of priority in today’s cyber world. This chapter reviews the
academic literature published on security challenges faced by Email Infrastructure over
Cloud, discusses the limitations of Email protocols, and compares using cloud-based
email infrastructures and on-premises email servers.
Efficient Fault Tolerance in Cloud Environments
Page: 152-166 (15)
Author: Akashdeep Bhardwaj*
DOI: 10.2174/9789815136111123010013
PDF Price: $15
Abstract
With mission-critical web applications and resources being hosted on cloud
environments, and cloud services growing fast, the need for having a greater level of
service assurance regarding fault tolerance for availability and reliability has increased.
The high priority now is ensuring a fault-tolerant environment that can keep the
systems up and running. To minimize the impact of downtime or accessibility failure
due to systems, network devices, or hardware, the expectations are that such failures
must be anticipated and handled proactively, quickly and intelligently. This chapter
discusses the fault tolerance system for cloud computing environments and analyzes
whether this is effective for Cloud environments.
Subject Index
Page: 167-171 (5)
Author: Akashdeep Bhardwaj*
DOI: 10.2174/9789815136111123010014
PDF Price: $15
Introduction
Increasingly global and online social interactions and financial transactions involve digital data, computing devices and the internet. With cloud computing, remote computing, enterprise mobility and e-commerce on the rise, network security has become a priority. Selecting an appropriate algorithm and policy is a challenge for computer security engineers, as new technologies provide malicious users with opportunities to intrude into computer networks. New Age Cyber Threat Mitigation for Cloud Computing Networks provides cloud and network engineers answers to cybersecurity challenges. It highlights new options, methodologies and feasible solutions that can be implemented in cloud architecture and IT Infrastructure, thereby securing end users. Chapters cover many topics related to cyber threats in the modern era. These topics include: · Ransomware and DDoS attacks · Security algorithms · Design and implementation solutions for resilient and fault-tolerant cloud and network services · Security policy · End user data security The book is an essential resource for anyone involved in cloud computing and network security, including learners, professionals and enthusiasts.