Host Security Threats in the Public IaaS
- Deployment of malware embedded in software components in the virtual machines.
- Attack on that system which is not properly secured by the host firewalls
- Attacks on accounts that are not properly secured eg. weak passwords, repetitive passwords, etc.
- Stealing keys that will be used to access and manage hosts(SSH private keys).
Infrastructure Security at the Host Level in Cloud Computing
Pre-requisite: Cloud Computing
In this article, we’ll discuss the infrastructure security at the host level in cloud computing followed by the introduction of the topic itself then moving towards the host security at various delivery models such as System as a Service(SaaS), Platform as a Service(Paas) and Infrastructure as a service(Iaas) after which we will end this article by discussing the Virtual server Security.
During the review process of host security and assessing risks, one should always consider the context of cloud service delivery models(IaaS, PaaS, and SaaS) and various deployment models(Public, Private, and Hybrid). As we know there are no new security threats to hosts specific to cloud computing apart from the virtualization security threats like virtual machine escape, system configuration drift, and insider threats.
The elastic nature of cloud computing can bring new operation challenges from a security management perspective. Therefore managing the vulnerabilities and patches is tougher than running a scan, as the rates of changes are much higher than in traditional data centers.