Cloud computing is not a new term and derives from something knows as grid computing.
Users have the capability to customize and configure services to meet there needs
Broad Network Access
Designed to be accessed from anywhere
Resources assigned from resource pool based on multi-tenant setup
Can be expanded as needed upon users demand.
Usage monitored and reported.
Also know as external cloud is hosted by a third party. They have there own resources that manage and secure the cloud and user can requests resources on demand. The downside of being in public cloud us that your data controlled.
Private cloud is the type of cloud that was build by internal IT or contractors and build for internal use only. This type of deployment offers organization full control over there data.
With hydrid cloud you could potentially enjoy benefits from both private and public cloud. You could store less sensitive applications and data in public cloud while more sensitive data can be stored in private cloud.
This type of cloud deployed when individual parties share common goals , security needs and resources.
This attack geared mostly twards web servers. It works by enticing a victum to submit a request, whoich is malicious in nature. Request is executed by the victum and response will come to them. In case of stored CSRF attack the forget request is stored on the server by finding site that accepts html , img or xss.
Simple CSRF attack steps
The key to make this attack successful is to trick a victim into executing this request when they actually logged in the account
This type of attack attempts to breach the confidentiality of a victim indirectly by exploiting the fact that they are using shared resources in the cloud.
You will need the following in place:
The attacker executes scripts to attack victim and determine if sensitive information can be exploited. Fortunately this sort of attacks rarely successful
Signature Wrapping Attack word by exploiting of technology used in web services. Good example is SOAP. In SOAP requests can be signed using XML signature. An XML signature wrapping attack exploits the fact that the signature element does not convey any information as to where the referenced elements are in the document tree. It works as follows. A malicious user takes a valid request, copy the SOAP body and insert it as part of a header in the request.
The result of this attack is that as attacker could alter a message without invalidating it. This means that system and application would accept the message as correct even though it has been altered.
This is just a basic overview of cloud computing security. At TEKYHOST we specialize in securing cloud based deployments and eliminating possibility of data loss or hacking.