Question

1. Describe four cloud-specific security threats.

2. Are there any advantages in not including the MAC in the scope of the packet encryption in SSH?

Answer 1

Cloud-specific security threats

1. Data Breaches :

Data breaching is the process of exposing the confidential or protected information. This can happen by either by stealing the bank account ,credit card details or even by stolen email. In-order to prevent data breaching one must use secure websites, create strong and secure passwords using a combination of upper case ,lower case and special characters, use different passwords for different accounts and also keep the system and applications updated with the latest versions.

2. Data Loss with no backup

Data loss is the process where data is lost accidentally or gets corrupted. In some cases lost data is recoverable but it requires additional cost, time and IT assistance and some data cannot even be recovered hence this makes data loss prevention more important.Data loss can be caused due to human error, soft corruption, virus and malware, hackers or computer theft.

3. DDoS Attack

DDoS attack stands for distributed denial-of-service attack.DDoS attack happens as a result of malicious attempt to disturb the normal traffic of a server.DDoS attacks happen generally by using compromised computer systems as a source of attack.For DDoS attack to happen the attacker needs to control the network of machines. The intermediate machines are loaded with malware which turns each system to a bot which are intermediates in the attack. It can be prevented by having updated firewall , keeping all softwares updated and by preventing downloading form unknown sources.

4. Human Error

Human error can happen by multiple ways like falling for phishing, by wetting an unauthorised person using the official website, by poorly managing accounts of high importance or by the most common one that is poor password. These can pr prevented by ensuring a strong set of organisational rules ensuring rules for the protection the systems and softwares to security threats.

Advantages in not including the MAC in the scope of the packet encryption in SSH

In the key exchange phase of SSH the purpose of authentication is to ensure that both the peers taking part are right. In this process of authentication the server authenticated itself using the public key and where as the client uses it's userid and password. When finally the data is sent authentication ensures that each part of data reaches the destination without nay tampering, this is achieved using MAC. This is often encoded using AES or CBC mode. Both these do not provide prevention from manipulation of data and hence the MAC us required to be sent along. Consider a situation when A sends a message to B without including MAC.A middle man can strategically change the cypher text in the middle which will lead to complete alteration of the the message sent initially. It is impossible for the recipient to understand the alteration in the original message without the  attachment of MAC with AES.

1.

2.

3.

4.

5.