CLOUD & ETHICAL HACKING INTRODUCTION PDF
ArunIsaac5
14 views
22 slides
Oct 11, 2024
Slide 1 of 22
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
About This Presentation
INTRODUCTION TO CLOUD TECHNOLOGY AND ETHICAL HACKING POWERPOINT SLIDES
Slide Content
Cloud computing &
Ethical Hacking
Ethical Hacking
Index
What is cloud computing?
Cloud computing History? …
Architectural Layers of Cloud Computing
Cloud Computing Infrastructure Models
Advantages of Cloud Computing
Certified Ethical Hacker(CEH)
Types of hackers
Security vulnerability
Types of Security Vulnerabilities
What is cloud computing?
Cloud computing History? …
Architectural Layers of Cloud Computing
Cloud Computing Infrastructure Models
Advantages of Cloud Computing
Certified Ethical Hacker(CEH)
Types of hackers
Security vulnerability
Types of Security Vulnerabilities
What is cloud computing?
DistributedcomputingoninternetOrdeliveryofcomputingservice
overtheinternet.Eg:Yahoo!,GMail,Hotmail
Insteadofrunningane-mailprogramonyourcomputer,
youlogintoaWebe-mailaccountremotely.Thesoftwareandstorage
foryouraccountdoesn'texistonyourcomputer--it'sontheservice's
computercloud
DistributedcomputingoninternetOrdeliveryofcomputingservice
overtheinternet.Eg:Yahoo!,GMail,Hotmail
Insteadofrunningane-mailprogramonyourcomputer,
youlogintoaWebe-mailaccountremotely.Thesoftwareandstorage
foryouraccountdoesn'texistonyourcomputer--it'sontheservice's
computercloud
History? ….
Conceptevolvedin1950(IBM)calledRJE(RemoteJob
EntryProcess).
In2006AmazonprovidedFirstpubliccloud
AWS(AmazonWebService).
Conceptevolvedin1950(IBM)calledRJE(RemoteJob
EntryProcess).
In2006AmazonprovidedFirstpubliccloud
AWS(AmazonWebService).
Architectural Layers of Cloud Computing
Software as a service (SaaS)
Platform as a service (PaaS)
Infrastructure as a service (IaaS)
Software as a service (SaaS)
Platform as a service (PaaS)
Infrastructure as a service (IaaS)
Software as a service (SaaS)
Offers a complete application as a service on demand
A single instance of software runs on cloud and provides service
to multiple end users or organizations
Examples are Google apps, salesforce.com etc.
Offers a complete application as a service on demand
A single instance of software runs on cloud and provides service
to multiple end users or organizations
Examples are Google apps, salesforce.com etc.
Platform as a service (PaaS)
Encapsulates a layer of software and provides it as service which is used to
build higher-level services
Consumers creates the software using tools and libraries from the provider
Consumer controls deployment and configuration settings
Provider provides networks, servers and storage
Example, Google Apps Engine
Encapsulates a layer of software and provides it as service which is used to
build higher-level services
Consumers creates the software using tools and libraries from the provider
Consumer controls deployment and configuration settings
Provider provides networks, servers and storage
Example, Google Apps Engine
Infrastructure as a service (IaaS)
Most basic cloud service model
Provider provides computers (physical or a virtual machine), storage,
firewalls, and networks
Provider provides these facilities on demand
Consumer is responsible for maintaining application software and operating
system
Cloud provider bill the consumer on the basis of amount of resources
allocated and consumed
Most basic cloud service model
Provider provides computers (physical or a virtual machine), storage,
firewalls, and networks
Provider provides these facilities on demand
Consumer is responsible for maintaining application software and operating
system
Cloud provider bill the consumer on the basis of amount of resources
allocated and consumed
Cloud Computing Infrastructure Models
Public Clouds
Private Clouds
Hybrid Clouds
Public Clouds
Private Clouds
Hybrid Clouds
Public cloud
Run by third parties
Resources like applications and storage is available to general
public over internet for free or on a pay-per usage mode
Run by third parties
Resources like applications and storage is available to general
public over internet for free or on a pay-per usage mode
Private cloud
Build for exclusive use of one client
Provides utmost control over data, security and QoS
Provides access to external resources through web services
Build for exclusive use of one client
Provides utmost control over data, security and QoS
Provides access to external resources through web services
Hybrid cloud
Hybrid cloud uses local infrastructure with cloud
computing capacity from public cloud
Hybrid cloud uses local infrastructure with cloud
computing capacity from public cloud
Advantages of Cloud Computing
Cost Savings. Cost saving is one of the biggest Cloud Computing benefits. ...
Strategic edge. Cloud computing offers a competitive edge over your
competitors. ...
High Speed. ...
Back-up and restore data. ...
Automatic Software Integration. ...
Reliability. ...
Mobility. ...
Unlimited storage capacity. ...
Collaboration. ...
Quick Deployment. ...
Cost Savings. Cost saving is one of the biggest Cloud Computing benefits. ...
Strategic edge. Cloud computing offers a competitive edge over your
competitors. ...
High Speed. ...
Back-up and restore data. ...
Automatic Software Integration. ...
Reliability. ...
Mobility. ...
Unlimited storage capacity. ...
Collaboration. ...
Quick Deployment. ...
Certified Ethical Hacker(CEH)
Certified Ethical Hacker(CEH) is a qualification obtained by demonstrating
knowledge of assessing the security of computer systems by looking for
weaknesses and vulnerabilities in target systems, using the same knowledge and
tools as a malicious hacker, but in a lawful and legitimate manner to assess the
security posture of a target system. This knowledge is assessed by answering
multiple choice questions regarding various ethical hacking techniques and tools.
The code for the CEH exam is 312-50. This certification has now been made a
baseline with a progression to the CEH (Practical), launched in March 2018, a
test of penetration testing skills in a lab environment where the candidate must
demonstrate the ability to apply techniques and use penetration testing tools to
compromise various simulated systems within a virtual environment
Certified Ethical Hacker(CEH) is a qualification obtained by demonstrating
knowledge of assessing the security of computer systems by looking for
weaknesses and vulnerabilities in target systems, using the same knowledge and
tools as a malicious hacker, but in a lawful and legitimate manner to assess the
security posture of a target system. This knowledge is assessed by answering
multiple choice questions regarding various ethical hacking techniques and tools.
The code for the CEH exam is 312-50. This certification has now been made a
baseline with a progression to the CEH (Practical), launched in March 2018, a
test of penetration testing skills in a lab environment where the candidate must
demonstrate the ability to apply techniques and use penetration testing tools to
compromise various simulated systems within a virtual environment
TYPES OF HACKERS
Security vulnerability
Asecurityvulnerabilityisdefinedas an unintended characteristic of a
computing component or system configuration that multiplies the risk of an
adverse event or a loss occurring either due to accidental exposure, deliberate
attack, or conflict with new system components.
Asecurityvulnerabilityisdefinedas an unintended characteristic of a
computing component or system configuration that multiplies the risk of an
adverse event or a loss occurring either due to accidental exposure, deliberate
attack, or conflict with new system components.
Types of Security Vulnerabilities
Unpatched Software
Misconfiguration
Weak Credentials
Phishing, Web & Ransomwar
Trust Relationship
Compromised Credentials
Malicious Insider
Missing/Poor Encryption
Zero-days & Unknown Methods
Unpatched Software
Misconfiguration
Weak Credentials
Phishing, Web & Ransomwar
Trust Relationship
Compromised Credentials
Malicious Insider
Missing/Poor Encryption
Zero-days & Unknown Methods
Unpatched Software –Unpatched vulnerabilities allow attackers to run a
malicious code by leveraging a known security bug that has not been patched.
The adversary will try to probe your environment looking for unpatched
systems, and then attack them directly or indirectly. –
Misconfiguration–System misconfigurations (e.g. assets running
unnecessary services, or with vulnerable settings such as unchanged defaults)
can be exploited by attackers to breach your network. The adversary will try to
probe your environment looking for systems that can be compromised due to
some misconfiguration, and then attack them directly or indirectly.
Weak Credentials–An attacker may use dictionary or brute force attacks to
attempt to guess weak passwords, which can then be used to gain access to
systems in your network.
malicious code by leveraging a known security bug that has not been patched.
The adversary will try to probe your environment looking for unpatched
systems, and then attack them directly or indirectly. –
Misconfiguration–System misconfigurations (e.g. assets running
unnecessary services, or with vulnerable settings such as unchanged defaults)
can be exploited by attackers to breach your network. The adversary will try to
probe your environment looking for systems that can be compromised due to
some misconfiguration, and then attack them directly or indirectly.
Weak Credentials–An attacker may use dictionary or brute force attacks to
attempt to guess weak passwords, which can then be used to gain access to
systems in your network.
Phishing, Web & Ransomware–Phishing is used by attackers to get users to
inadvertently execute some malicious code, and thereby compromise a system,
account or session. The adversary will send your users a link or malicious
attachment over email (or other messaging system), often alongside some
text/image that entices them to click.
Trust Relationship–Attackers can exploit trust configurations that have been
set up to permit or simplify access between systems (e.g. mounted drives,
remote services) to propagate across your network. The adversary, after
gaining access to a system, can then proceed to breach other systems that
implicitly trust the originally compromised system.
Compromised Credentials–An attacker can use compromised credentials to
gain unauthorized access to a system in your network. The adversary will try to
somehow intercept and extract passwords from unencrypted or incorrectly
encrypted communication between your systems, or from unsecured handling
by software or users. The adversary may also exploit reuse of passwords across
different systems
inadvertently execute some malicious code, and thereby compromise a system,
account or session. The adversary will send your users a link or malicious
attachment over email (or other messaging system), often alongside some
text/image that entices them to click.
Trust Relationship–Attackers can exploit trust configurations that have been
set up to permit or simplify access between systems (e.g. mounted drives,
remote services) to propagate across your network. The adversary, after
gaining access to a system, can then proceed to breach other systems that
implicitly trust the originally compromised system.
Compromised Credentials–An attacker can use compromised credentials to
gain unauthorized access to a system in your network. The adversary will try to
somehow intercept and extract passwords from unencrypted or incorrectly
encrypted communication between your systems, or from unsecured handling
by software or users. The adversary may also exploit reuse of passwords across
different systems
Malicious Insider –An employee or a vendor who might have access to your
critical systems can decide to exploit their access to steal or destroy
information or impair them. This is particularly important for privileged users
and critical systems.
Missing/Poor Encryption–With attacks on Missing/Poor Encryption, an
attacker can intercept communication between systems in your network and
steal information. The attacker can intercept unencrypted or poorly encrypted
information and can then extract critical information, impersonate either side
and possibly inject false information into the communication between systems.
Zero-days & Unknown Methods–Zero days are specific software
vulnerabilities known to the adversary but for which no fix is available, often
because the bug has not been reported to the vendor of the vulnerable system.
The adversary will try to probe your environment looking for systems that can
be compromised by the zero day exploit they have, and then attack them
directly or indirectly.
critical systems can decide to exploit their access to steal or destroy
information or impair them. This is particularly important for privileged users
and critical systems.
Missing/Poor Encryption–With attacks on Missing/Poor Encryption, an
attacker can intercept communication between systems in your network and
steal information. The attacker can intercept unencrypted or poorly encrypted
information and can then extract critical information, impersonate either side
and possibly inject false information into the communication between systems.
Zero-days & Unknown Methods–Zero days are specific software
vulnerabilities known to the adversary but for which no fix is available, often
because the bug has not been reported to the vendor of the vulnerable system.
The adversary will try to probe your environment looking for systems that can
be compromised by the zero day exploit they have, and then attack them
directly or indirectly.
Categories
GeneralDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 14
- Slides 22
- Age 416 days
Related Slideshows
22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
30 views
26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
32 views
31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
30 views
14
Fertility awareness methods for women in the society
Isaiah47
29 views
35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
26 views
5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
28 views