技术控

    今日:26| 主题:49101
收藏本版 (1)
最新软件应用技术尽在掌握

[其他] What to do when hackers break into your cloud

[复制链接]
艰难决定 发表于 2016-10-1 00:45:54
207 6

立即注册CoLaBug.com会员,免费获得投稿人的专业资料,享用更多功能,玩转个人品牌!

您需要 登录 才可以下载或查看,没有帐号?立即注册

x

What to do when hackers break into your cloud-1 (computing,following,including,occurred,beyond)

  There are two major types of public cloud computing attacks: single-tenant and cross-tenant. A cross-tenant attack is the stuff of IT nightmares, but it has not yet occurred. (In a cross-tenant attack, the hackers gain root-level access to the cloud and thus access to most or all of the tenants -- including you.)
  Single-tenant breaches are more likely to occur. In these attacks, the hacker has compromised one or more machine instance, but can't go beyond that. The most likely cause of a single-tenant breach is that user IDs and passwords have been compromised. That's typically due to malware or phishing attacks on client devices. In this case, it's all on you; the cloud provider has done its job, but you haven't done yours.
  When such breaches occur, hopefully you'll figure it out quickly. When you recognize the breach, the best response is to invoke a prebuilt set of processes that can do the following:
  
       
  • Shut down the instances -- computer, storage, or both -- that have been compromised. That prevents any activity, whether good or bad, until the problem has been corrected.   
  • Audit the security system to determine how the attackers gained access and what they did while in the system. Isolate the hackers and remove their access from the system.   
  • Resecure the system and make users change their passwords before they are granted renewed access.  
  Of course, this does not address the core problem -- it only fixes a single intrusion. To address the core vulnerabilities of single-tenant attacks:
  
       
  • Establish proactive monitoring mechanisms to ensure that odd activity is spotted quickly, and the relevant cloud instances are defended. For example, monitor for access from a foreign IP address and for multiple login failures.   
  • Consider using encryption, at least with your data at rest. That way, even if hackers gain access, your data remains protected.   
  • Implement identity and access management.   
  • Consider using multifactor authentication and other types of access mechanisms that provide better protection at the user-access level.   
  • Review the security services that your cloud provider offers, and consider using any that apply. It can be better to use the native security capabilities than to bolt on your own or those of third parties.  
  As more workloads move into the public cloud, we'll see more attacks. That's what happens when any platform, cloud or not, gains popularity. But if you're proactive and invest in modern security mechanisms, you'll discover that the cloud is a more secure place for your applications and data than your datacenter has been.
友荐云推荐




上一篇:Thread-Safe Lock Free Priority Queues in Golang
下一篇:Insanely Easy and Simple React Form Tutorial
酷辣虫提示酷辣虫禁止发表任何与中华人民共和国法律有抵触的内容!所有内容由用户发布,并不代表酷辣虫的观点,酷辣虫无法对用户发布内容真实性提供任何的保证,请自行验证并承担风险与后果。如您有版权、违规等问题,请通过"联系我们"或"违规举报"告知我们处理。

流念你眉间 发表于 2016-10-1 05:54:57
我就是路过,拿积分走人!!
回复 支持 反对

使用道具 举报

陈光龙 发表于 2016-10-1 17:43:01
如果你爱他,请你抓住他,如果你不爱他,请你放手,让他去爱别人
回复 支持 反对

使用道具 举报

飞・_・鱼 发表于 2016-10-1 17:58:26
论坛的帖子越来越有深度了!
回复 支持 反对

使用道具 举报

稍縱即逝锝° 发表于 2016-10-2 08:25:44
感谢楼主的推荐!
回复 支持 反对

使用道具 举报

兰菊华 发表于 2016-10-3 18:12:10
永远有多远?你小子就给我滚多远。
回复 支持 反对

使用道具 举报

l420529469 发表于 2016-10-30 22:00:26
谈恋爱时女朋友跟别人跑了?不要难过太久,偷着乐吧。现在看清楚这段爱情总比结婚以后带绿帽子好吧。
回复 支持 反对

使用道具 举报

*滑动验证:
您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

我要投稿

推荐阅读

扫码访问 @iTTTTT瑞翔 的微博
回页顶回复上一篇下一篇回列表手机版
手机版/CoLaBug.com ( 粤ICP备05003221号 | 文网文[2010]257号 )|网站地图 酷辣虫

© 2001-2016 Comsenz Inc. Design: Dean. DiscuzFans.

返回顶部 返回列表