Cloud computing is undoubtedly the important driving force of next generation Internet, the key technologies to promote the online cloud storage and the recent development of online service, so that the software as a service (SaaS) application can be gained through a subscription,
Although cloud computing has become the important drivers of these services, but IT also put forward some new challenges in maintaining network security aspect, the company's IT department can set up the computer, and then through the great firewall, hubs and antivirus software to protect the customer's network, control the whole flow (including inbound and outbound) the days are long gone,
Instead, with the aid of cloud computing, can provide virtual resources through the Internet, including data, applications and infrastructure, so that when the sensitive data transmitted from the client and then transfer back to the cloud server, it is possible to expose sensitive data,
a, modern network vulnerabilities
Cloud computing is a common vulnerability is called "session hijacking," in this type of attack, hackers use effective computer session to access the resources of the cloud provider,
Here, the client authentication for effective session cookie theft and hijacked, a variant of the attack, hackers use "sniffer program" intercepted traffic between the client and the server, the program can be called a "man-in-the-middle attack" get cookies (and any other data),
2, security strategies and solutions
On the market has developed several strategies to ensure the safety of between client and cloud server, they need to in view of the vulnerable to attack specific types of cloud security platform customization,
Referred to as the basis of the architecture of cloud infrastructure as a service (IaaS), "the cloud", for example, in order to protect the IaaS, the need for network segmentation, and surveillance of the network should include the intrusion detection system (IDS), and intrusion prevention system (IPS), in front of the site should also have a virtual Web application firewall, in order to protect the malicious software, cloud on the edge of the network virtual routers and firewall can provide peripheral protection based on virtual network,
Under a Cloud solution is a platform as a service or PaaS, in this architecture, the service provider to the client platform, so that they can build applications, while hosting company (i.e., Cloud providers) can build infrastructure and providing services, can through the IP restrictions and logging to provide the security of Cloud services, in addition, should deploy API gateway and control strategy of Cloud Access security agent (CASB),
Using SaaS, software and data can be managed in the Cloud, and each user can use the Service via a browser, usually by the Cloud Service Provider (CSP) to provide the security of this configuration, the services are usually negotiation into a Service contract, in addition, SaaS will use the same security suite and PaaS,