The Lighter Side Of The Cloud – The Crystal Ball
The Lighter Side Of The Cloud – The Top Floor
The Lighter Side Of The Cloud – Status Update
10 Useful Cloud Security Tools: Part 1

10 Useful Cloud Security Tools: Part 1

10 Useful Cloud Security Tools: Part 1

Cloud computing has become a business solution for many organizational problems. But there are security risks involved with using cloud servers: service providers generally only take responsibility of keeping systems up, and they neglect security at many ends. Therefore, it is important that clouds are properly penetration (pen) tested and secured to ensure proper security of user data.

There are many tools available that can be used to automate the process of pen testing. Most of them can be found with pen testing distributions like Backtrack or Blackbox. Here is a list of recommended tools for pen testing cloud security:

Acunetix – Web Vulnerability Scanner

acunetix 

This information gathering tool scans web applications on the cloud and lists possible vulnerabilities that might be present in the given web application. Most of the scanning is focused on finding SQL injection and cross site scripting vulnerabilities. It has both free and paid versions, with paid versions including added functionalities. After scanning, it generates a detailed report describing vulnerabilities along with the suitable action that can be taken to remedy the loophole.

This tool can be used for scanning cloud applications. Beware: there is always a chance of false positives. Any security flaw, if discovered through scanning, should be verified. The latest version of this software, Acunetix WVS version 8, has a report template for checking compliance with ISO 27001, and can also scan for HTTP denial of service attacks.

Aircrack-ng – A Tool for Wi-Fi Pen Testers

This is a comprehensive suite of tools designed specifically for network pen testing and security. This tool is useful for scanning Infrastructure as a Service (IaaS) models. Having no firewall, or a weak firewall, makes it very easy for malicious users to exploit your network on the cloud through virtual machines. This suite consists of many tools with different functionalities, which can be used for monitoring the network for any kind of malicious activity over the cloud.

Its main functions include:

  • Aircrack-ng – Cracks WEP or WPA encryption keys with dictionary attacks
  • Airdecap-ng – Decrypts captured packet files of WEP and WPA keys
  • Airmon-ng – Puts your network interface card, like Alfa card, into monitoring mode
  • Aireplay-ng – This is packet injector tool
  • Airodump-ng – Acts as a packet sniffer on networks
  • Airtun-ng – Can be used for virtual tunnel interfaces
  • Airolib-ng – Acts as a library for storing captured passwords and ESSID
  • Packetforge-ng – Creates forged packets, which are used for packet injection
  • Airbase-ng – Used for attacking clients through various techniques.
  • Airdecloak-ng – Capable of removing WEP clocking.

Several others tools are also available in this suite, including esside-ng, wesside-ng and tkiptun-ng. Aircrack-ng can be used on both command line interfaces and on graphical interfaces. In GUI, it is named Gerix Wi-Fi Cracker, which is a freely available network security tool licensed to GNU.

Cain & Abel

This is a password recovery tool. Cain is used by penetration testers for recovering passwords by sniffing networks, brute forcing and decrypting passwords. This also allows pen testers to intercept VoIP conversations that might be occurring through cloud. This multi functionality tool can decode Wi-Fi network keys, unscramble passwords, discover cached passwords, etc. An expert pen tester can analyze routing protocols as well, thereby detecting any flaws in protocols governing cloud security. The feature that separates Cain from similar tools is that it identifies security flaws in protocol standards rather than exploiting software vulnerabilities. This tool is very helpful for recovering lost passwords.

In the latest version of Cain, the ‘sniffer’ feature allows for analyzing encrypted protocols such as SSH-1 and HTTPS. This tool can be utilized for ARP cache poisoning, enabling sniffing of switched LAN devices, thereby performing Man in the Middle (MITM) attacks. Further functionalities have been added in the latest version, including authentication monitors for routing protocols, brute-force for most of the popular algorithms and cryptanalysis attacks.

Ettercap

Ettercap is a free and open source tool for network security, designed for analyzing computer network protocols and detecting MITM attacks. It is usually accompanied with Cain. This tool can be used for pen testing cloud networks and verifying leakage of information to an unauthorized third party. It has four methods of functionality:

  • IP-based Scanning – Network security is scanned by filtering IP based packets.
  • Mac-based Scanning – Here packets are filtered based on MAC addresses. This is used for sniffing connections through channels.
  • ARP-based functionality – ARP poisoning is used for sniffing into switched LAN through an MITM attack operating between two hosts (full duplex).
  • Public-ARP based functionality – In this functionality mode, ettercap uses one victim host to sniff all other hosts on a switched LAN network (half duplex).

John the Ripper

The name for this tool was inspired by the infamous serial killer Jack the Ripper. This tool was written by Black Hat Pwnie winner Alexander Peslyak. Usually abbreviated to just “John”, this is freeware which has very powerful password cracking capabilities; it is highly popular among information security researchers as a password testing and breaking program tool. This tool has the capability of brute forcing cloud panels. If any security breach is found, then a security patch can be applied to secure enterprise data.

Originally created for UNIX platforms, John now has supported versions for all major operating systems. Numerous password cracking techniques are embedded into this pen testing tool to create a concise package that is capable of identifying hashes through its own cracker algorithm.

Cloud providing vendors need to embed security within their infrastructure. They should not emphasize keeping high uptime at the expense of security.

By Chetan Soni

Follow Me

Chetan Soni

Chetan Soni is the Founder & Admin of Just Do Hackers(JDH), which is rapidly a growing security services & investigation consulting organization focusing on Cyber Crime Investigations, Cyber Law Consulting, Vulnerability Assessment & Penetration Testing, Information Security Training & workshops.

Chetan has conducted more than 100 workshops on topics like “ Botnets, Metasploit Framework, Vulnerability Assessment, Penetration Testing, Cyber Crime Investigation & Forensics, Ethical Hacking ” at various institutions/Colleges/Companies all across the world and is currently a writer for CloudTweaks.com
Follow Me

Latest posts by Chetan Soni (see all)

One Response to 10 Useful Cloud Security Tools: Part 1

Popular Archives

The Industries That The Cloud Will Change The Most

The Industries That The Cloud Will Change The Most

The Industries That The Cloud Will Change The Most Cloud computing is rapidly revolutionizing the way we do business. Instead of being a blurry buzzword, it has become a facet of everyday life. Most people may not quite understand how the cloud works, but electricity is quite difficult to fathom as well. Anyway, regardless of…

Cloud Infographic: Cloud Public, Private & Hybrid Differences

Cloud Infographic: Cloud Public, Private & Hybrid Differences

Cloud Public, Private & Hybrid Differences Many people have heard of cloud computing. There is however a tremendous number of people who still cannot differentiate between Public, Private & Hybrid cloud offerings.  Here is an excellent infographic provided by the group at iWeb which goes into greater detail on this subject. Infographic source: iWeb About…

Cloud Infographic – The Future Of Big Data

Cloud Infographic – The Future Of Big Data

The Future Of Big Data Big Data is BIG business and will continue to be one of the more predominant areas of focus in the coming years from small startups to large scale corporations. We’ve already covered on CloudTweaks how Big Data can be utilized in a number of interesting ways from preventing world hunger to helping teams win…

Five Reasons SMBs Fear The Cloud

Five Reasons SMBs Fear The Cloud

Five Reasons SMBs Fear the Cloud Fear of the cloud has been around since the Cloud began. SMBs were traditionally afraid of security issues, while large companies fretted about increasing the complexity of their IT infrastructure. What many budding start-up companies don’t realise is Cloud Computing helps place them on a level playing field with…

Cloud Computing – A Requirement For Greater Innovation

Cloud Computing – A Requirement For Greater Innovation

Cloud computing – Greater Innovation! Sao Paulo, Brazil has had trouble with both energy and water supplies as of late. Despite it is the rainy period. Unfortunately Sao Paulo is very dependent on its rain as a majority of its power is generated from large dams. No water, no energy. Difficult situation for a city…

Recent

Cloud Security Hottest Issue At RSA

Cloud Security Hottest Issue At RSA

Cloud Security Hottest Issue The integral integration of cyber security and cloud technology seemed to be the hottest issue at the busy RSA 2015 Conference in San Francisco. Interested parties packed security and cloud service booths for the duration of the conference. Several prominent publications covered the increased importance of securing their private information that’s…

Imperfect Security: The RSA Conference And The Illusion Of Safety

Imperfect Security: The RSA Conference And The Illusion Of Safety

The RSA Conference And The Illusion Of Safety This year’s 2015 RSA Conference is taking place from April 20th to 24th, in San Francisco, California. Here, security leaders from across the vast expanse of tech, politics, and more will gather to discuss the past, present, and future of security. From application security to technology infrastructure,…

The Lighter Side Of The Cloud – Day 5

The Lighter Side Of The Cloud – Day 5

By David Fletcher Are you looking to supercharge your Newsletter, Powerpoint presentation, Social media campaign or Website? Our universally recognized tech related comics can help you. Contact us for information on our commercial licensing rates. About Latest Posts Follow MeChetan SoniChetan Soni is the Founder & Admin of Just Do Hackers(JDH), which is rapidly a…

Contact Us

Sending

Technology Sponsors

hp Logo CityCloud-PoweredByOpenstack-Bluesquare_logo_100x100-01
cisco_logo_100x100 vmware citrix100
Site 24x7 200px-KPMG

Established in 2009, CloudTweaks is recognized as one of the leading influencers in cloud computing, big data and internet of things (IoT) information. Our goal is to continue to build our growing information portal, by providing the best in-depth articles, interviews, event listings, whitepapers, infographics and much more.

CloudTweaks Comic Library

Advertising