The Lighter Side Of The Cloud – Smoke
The Lighter Side Of The Cloud – Help Desk
The Lighter Side Of The Cloud – Company Strategy
10 Useful Cloud Security Tools: Part 2

10 Useful Cloud Security Tools: Part 2

10 Useful Cloud Security Tools: Part 2

Cloud services like Amazon Elastic Cloud and IBM SmartCloud are revolutionizing the way IT organizations deal with online infrastructure. There are many benefits to cloud computing, but there are also serious security concerns. Yesterday, I revealed 5 helpful tools for enhancing cloud security.

Here are 5 more tools to round out my top 10 list:

Metasploit

metasploit

Complied in the Ruby programming language and developed by H.D. Moore, Metasploit framework has made significant contributions to the pen testing tools community. It gives you the capability of adding your own modules. By default, Metasploit is embedded in popular pen testing distributions with a streamlined user interface.

It can pen test with just an IP address. Therefore, if you have your data on the cloud then all you need is your actual cloud IP address to test security. Just be sure that the IP you are using actually belong to your assets, because in many cases vendors will change IP addresses. If you are using cloud services from Amazon, then using Metasploit Pro will provide you with additional Amazon Machine Images. You can install the available Metasploit package on Amazon EC2 like other packages and run it normally. You cannot receive updates until you get it registered, though.

Nessus

Nessus is an open source, comprehensive vulnerability scanner developed by Tenable Network Security, and has the designation of being the most popular vulnerability assessment tool. In its most recent update in March, it added cloud management and multi support through the Nessus Perimeter Service.

infographic-host-cloud

This scanner is capable of controlling internal and external scanners through the cloud. According to Ron Gula, CEO of Tenable Network Security, the multi-scanning management capability will allow users to benefit from the robust capabilities of Nessus to manage internal and external scanners from a single point, which will save time and resources.

Nmap

Nmap stands for “Network Mapper”; this tool is the gold standard for network scanning. Originally written by Gordon Lyon (Fyodor Vaskovich), it is a must have in any pen testers arsenal. Use it to scan networks, even if congestion or latency has been occurring on these networks.

Nmap can be effectively used for scanning cloud networks. The only condition is that your cloud network is on an OS supported by Nmap. These include Unix, Linux, Solaris, Windows, Mac, OS X, BSD and some other environments. Also, you would want to scan your original IP instead of that hidden behind NAT or firewalls. Be sure to have permission from the IaaS provider before scanning the networks, because it is prohibited to scan without authenticity, for obvious reasons.

Kismet

Freely distributed as an open source program, Kismet uses 802.11 standard layer 2 tools which can be used for packet sniffing, network detection and also as an intrusion detection system. It supports any wireless card which is capable of raw monitoring.

Kismet is capable of scanning public, private or hybrid cloud servers. Its distinguishing feature is that it leaves no logs of scans done in victim machines. It accomplishes this by working passively and sending no traceable packets to the victim network. Due to stealth functionality, it is the most widely used wireless scanning tool to date. On a cloud server, Kismet can be used for preventing any active wireless sniffing programs like Netstumbler through its IDS capability. Kismet supports channel hopping that aids it in finding as many networks as possible through non sequential functioning.

Wireshark

Wireshark has been around for ages and has proven to be an excellent cloud monitoring tool. Although it can help network administrators in scanning enterprise networks, it cannot be used as a stand-alone tool in large environments like cloud servers. In cloud networks, Wireshark is used for scanning a single entity of the whole infrastructure. It can be aided by other tools, or multiple instances can run to serve the purpose.

Wireshark can apply to the cloud the same way it applies to any home network. It is used for troubleshooting network issues by digging through the weeds of the network. Wireshark can also be applied for analyzing packets between cloud service provider and the end user. But as Wireshark is basically a desktop based network monitoring tool, QA Café has developed “CloudShark” for making captured files accessible on cloud environments.

On Conclusion

Traditional network monitoring tools are now being used as cloud monitoring tools. This is due to the fact that the cloud is also a network with larger boundaries and more complications than standard networks. Today, organizations can buy an online service by instantiating any image service on the cloud. Cloud computing has emerged as a pay-as-you-go service, which organizations can use without having to go deeper into the details how cloud infrastructure works.

As cloud networks are providing more and more to IT services, its security has been a chief concern for most customers. For ensuring security and privacy of your data, there are tools and methodologies through which you can pen test your cloud provider. Using the aforementioned tools will enhance reliability in cloud service.

By Chetan Soni

Follow Me

Chetan Soni

Chetan Soni is the Founder & Admin of Just Do Hackers(JDH), which is rapidly a growing security services & investigation consulting organization focusing on Cyber Crime Investigations, Cyber Law Consulting, Vulnerability Assessment & Penetration Testing, Information Security Training & workshops.

Chetan has conducted more than 100 workshops on topics like “ Botnets, Metasploit Framework, Vulnerability Assessment, Penetration Testing, Cyber Crime Investigation & Forensics, Ethical Hacking ” at various institutions/Colleges/Companies all across the world and is currently a writer for CloudTweaks.com
Follow Me

Latest posts by Chetan Soni (see all)

Sorry, comments are closed for this post.

Backup

Recent

Surprising Facts and Stats About Your Online Security

Surprising Facts and Stats About Your Online Security

Surprising Facts and Stats – Online Security It’s easy to get lulled into a false sense of security when browsing the web. As more and more devices join the internet of things, the risk of becoming a victim of a criminal cyber gang is increasing – we have more unsecured access points and offer would-be…

World Backup Day: Understand The Data You Are Protecting

World Backup Day: Understand The Data You Are Protecting

World Backup Day: Understand The Data You Are Protecting Did you know that 113 phones are lost or stolen every minute? What about the fact that 1 in 10 computers are infected with a virus every month? Thanks to World Backup Day, an independent initiative that was started in 2011, awareness is being raised about…

The E-Learning Market – Cloud Computing Adoption

The E-Learning Market – Cloud Computing Adoption

The E-Learning Market  We’ve talked a fair bit about e-Learning and MOOCs (Massive Open Online Courses) technologies here on CloudTweaks over the past number of years. The industry is expected to continue to grow at a brisk pace as more and more firms and educational institutions start to adopt cloud based services.  Docebo has an excellent…

Popular

Using Big Data To Make Cities Smarter

Using Big Data To Make Cities Smarter

Using Big Data To Make Cities Smarter The city of the future is impeccably documented. Sensors are used to measure air quality, traffic patterns, and crowd movement. Emerging neighborhoods are quickly recognized, public safety threats are found via social networks, and emergencies are dealt with quicklier. Crowdsourcing reduces commuting times, provides people with better transportation…

5 Surprising Ways Cloud Computing Is Changing Education

5 Surprising Ways Cloud Computing Is Changing Education

Cloud Computing Education The benefits of cloud computing are being recognized in businesses and institutions across the board, with almost 90 percent of organizations currently using some kind of cloud-based application. The immediate benefits of cloud computing are obvious: cloud-based applications reduce infrastructure and IT costs, increase accessibility, enable collaboration, and allow organizations more flexibility…

Unusual Clandestine Cloud Data Centre Service Locations

Unusual Clandestine Cloud Data Centre Service Locations

Unusual Clandestine Cloud Data Centre Service Locations Everyone knows what the cloud is, but does everybody know where the cloud is? We try to answer that as we look at some of the most unusual data centre locations in the world. Under the Eyes of a Deity Deep beneath the famous Uspenski Cathedral in the…

Cloud-Based VOIP – 4 Alternatives To Skype

Cloud-Based VOIP – 4 Alternatives To Skype

Cloud-Based VOIP – 4 Alternatives To Skype Skype is the most popular cloud-based VOIP service. Since being bought out by Microsoft for $8.5 billion in 2011 the company has grown to more than 300 million users and now accounts for 34% of all international calls. Some people don’t want to use Skype though. Reports of…

Cloud Infographic – Monetizing Internet Of Things

Cloud Infographic – Monetizing Internet Of Things

Monetizing Internet Of Things There are many interesting ways in which companies are looking to connect devices to the cloud. From the vehicles to kitchen appliances the internet of things is already a $1.9 trillion dollar market based on research estimates from IDC. Included is a fascinating infographic provided by AriaSystems which shows us some of the exciting…

Sponsored Posts

Skin Based Technology – The Intelligent Tattoo

Skin Based Technology – The Intelligent Tattoo

The Intelligent Tattoo I’ve got you under my skin: the rise of the intelligent tattoo As the Internet of Everything expands its reach to embrace many new areas of life, the race continues to develop more robust and accessible tools. Wearables are being whittled down from clunky watches to smart clothes and wrist bands, but…

Cloud Logo Sponsors

hp Logo CityCloud-PoweredByOpenstack-Bluesquare_logo_100x100-01
cisco_logo_100x100 vmware citrix100
Site 24x7


Contributor Spotlight

Established in 2009, CloudTweaks is recognized as one of the leading influencers in cloud computing, big data and internet of things (IoT) information. Our goal is to continue to build our growing information portal, by providing the best in-depth articles, interviews, event listings, whitepapers, infographics and much more.

Branded Content Programs

Advertising