Cloud Security Tools: Part 1
Cloud computing has become a business solution for many organizational problems. But there are security risks involved with using cloud servers: service providers generally only take responsibility of keeping systems up, and they neglect security at many ends. Therefore, it is important that clouds are properly penetration (pen) tested and secured to ensure proper security of user data.
There are many tools available that can be used to automate the process of pen testing. Most of them can be found with pen testing distributions like Backtrack or Blackbox. Here is a list of recommended tools for pen testing cloud security:
This information gathering tool scans web applications on the cloud and lists possible vulnerabilities that might be present in the given web application. Most of the scanning is focused on finding SQL injection and cross site scripting vulnerabilities. It has both free and paid versions, with paid versions including added functionalities. After scanning, it generates a detailed report describing vulnerabilities along with the suitable action that can be taken to remedy the loophole.
This tool can be used for scanning cloud applications. Beware: there is always a chance of false positives. Any security flaw, if discovered through scanning, should be verified. The latest version of this software, Acunetix WVS version 8, has a report template for checking compliance with ISO 27001, and can also scan for HTTP denial of service attacks.
Aircrack-ng – A Tool for Wi-Fi Pen Testers
This is a comprehensive suite of tools designed specifically for network pen testing and security. This tool is useful for scanning Infrastructure as a Service (IaaS) models. Having no firewall, or a weak firewall, makes it very easy for malicious users to exploit your network on the cloud through virtual machines. This suite consists of many tools with different functionalities, which can be used for monitoring the network for any kind of malicious activity over the cloud.
Its main functions include:
- Aircrack-ng – Cracks WEP or WPA encryption keys with dictionary attacks
- Airdecap-ng – Decrypts captured packet files of WEP and WPA keys
- Airmon-ng – Puts your network interface card, like Alfa card, into monitoring mode
- Aireplay-ng – This is packet injector tool
- Airodump-ng – Acts as a packet sniffer on networks
- Airtun-ng – Can be used for virtual tunnel interfaces
- Airolib-ng – Acts as a library for storing captured passwords and ESSID
- Packetforge-ng – Creates forged packets, which are used for packet injection
- Airbase-ng – Used for attacking clients through various techniques.
- Airdecloak-ng – Capable of removing WEP clocking.
Several others tools are also available in this suite, including esside-ng, wesside-ng and tkiptun-ng. Aircrack-ng can be used on both command line interfaces and on graphical interfaces. In GUI, it is named Gerix Wi-Fi Cracker, which is a freely available network security tool licensed to GNU.
Cain & Abel
This is a password recovery tool. Cain is used by penetration testers for recovering passwords by sniffing networks, brute forcing and decrypting passwords. This also allows pen testers to intercept VoIP conversations that might be occurring through cloud. This multi functionality tool can decode Wi-Fi network keys, unscramble passwords, discover cached passwords, etc. An expert pen tester can analyze routing protocols as well, thereby detecting any flaws in protocols governing cloud security. The feature that separates Cain from similar tools is that it identifies security flaws in protocol standards rather than exploiting software vulnerabilities. This tool is very helpful for recovering lost passwords.
In the latest version of Cain, the ‘sniffer’ feature allows for analyzing encrypted protocols such as SSH-1 and HTTPS. This tool can be utilized for ARP cache poisoning, enabling sniffing of switched LAN devices, thereby performing Man in the Middle (MITM) attacks. Further functionalities have been added in the latest version, including authentication monitors for routing protocols, brute-force for most of the popular algorithms and cryptanalysis attacks.
Ettercap is a free and open source tool for network security, designed for analyzing computer network protocols and detecting MITM attacks. It is usually accompanied with Cain. This tool can be used for pen testing cloud networks and verifying leakage of information to an unauthorized third party. It has four methods of functionality:
- IP-based Scanning – Network security is scanned by filtering IP based packets.
- Mac-based Scanning – Here packets are filtered based on MAC addresses. This is used for sniffing connections through channels.
- ARP-based functionality – ARP poisoning is used for sniffing into switched LAN through an MITM attack operating between two hosts (full duplex).
- Public-ARP based functionality – In this functionality mode, ettercap uses one victim host to sniff all other hosts on a switched LAN network (half duplex).
John the Ripper
The name for this tool was inspired by the infamous serial killer Jack the Ripper. This tool was written by Black Hat Pwnie winner Alexander Peslyak. Usually abbreviated to just “John”, this is freeware which has very powerful password cracking capabilities; it is highly popular among information security researchers as a password testing and breaking program tool. This tool has the capability of brute forcing cloud panels. If any security breach is found, then a security patch can be applied to secure enterprise data.
Originally created for UNIX platforms, John now has supported versions for all major operating systems. Numerous password cracking techniques are embedded into this pen testing tool to create a concise package that is capable of identifying hashes through its own cracker algorithm.
Cloud providing vendors need to embed security within their infrastructure. They should not emphasize keeping high uptime at the expense of security.
By Chetan Soni