Archive for the Cloud Category

Cloud and End Points and Security

Posted in Cloud, Security, Security Updates on 19 Oct 2011 by Stuart Aston

So…a question that often throws me for a loop is this:

Internet cloud web “If ‘I’ move to the cloud I don’t have to worry about security at my client end point, right?”…

err… no that’s not right.

But, “why”, I hear you ask?

Well of course if you go to a reputable cloud service provider they will apply security updates to the servers that provide you services as commercial providers of services they will keep those servers up to date, and hardened to deal with attack utilise defence in depth, etc…

But the end-point; the thing that accesses the actual data, mail or services; still needs to be kept up to date; as much as it does in a non-cloud scenario, that’s still ‘your’ responsibility as an IT professional  for your environment, you still need to manage it.  Malware will still be able to take data from these devices using un-patched vulnerabilities; using the privileges of the user.

Do we have to do less work keeping things up to date?  Well yes it does, for those servers that you no longer manage and have moved to the cloud they will be updated by the service supplier in a SaaS and PaaS models.  In the IaaS model, the user is still responsible for managing the patching of the guest operating system, whatever it is.

Of course you could always move the management of the endpoint to the cloud using a service like Windows InTune.

In summary; moving to the cloud doesn’t mean you can just “stop” updating your end points, depending on the model of cloud service you adopt you may be able to stop patching some of your servers.

Cloud-Based Crypto-Cracking Tool To Be Unleashed At Black Hat DC – Darkreading

Posted in Cloud, Passwords, Security, Tools on 12 Jan 2011 by Stuart Aston

 

binary ring codeSo why is this news? Well, other than it is the first time that a researcher has made an announcement regarding it?

 

Largely any workload could be put into the cloud. Cloud vendors, ourselves included, have suggested that large mathematical functions that require intensive processing could and should be offloaded to the cloud either in part or in totality, since the launch of cloud based services and cracking passwords is a large maths function.

cloud illustration iconThat  the "cloud could be used for password cracking", should not surprise anyone, it will gain the same economic benefits as any other application when applied to the cloud, this was inevitable. 

In the meantime use a strong password, or two factors of authentication about stuff you care about…

Cloud-Based Crypto-Cracking Tool To Be Unleashed At Black Hat DC – Darkreading

%d bloggers like this: