Cloud Security Tools
Cloud providing vendors need to embed cloud security tools within their infrastructure. They should not emphasize keeping high uptime at the expense of security.
Cloud computing has become a business solution for many organizational problems. But there are security risks involved with using cloud servers: Service Providers generally only take responsibility of keeping systems up, and they neglect security at many ends. Therefore, it is important that clouds are properly penetration (pen) tested and secured to ensure proper security of user data.
Cloud services like Amazon Elastic Cloud and IBM SmartCloud are revolutionizing the way IT organizations deal with online infrastructure. There are many benefits to cloud computing, but there are also serious security concerns.
Pen testing cloud security tools:
This information gathering tool scans web applications on the cloud and lists possible vulnerabilities that might be present in the given web application. Most of the scanning is focused on finding SQL injection and cross site scripting Vulnerabilities. It has both free and paid versions, with paid versions including added functionalities. After scanning, it generates a detailed report describing vulnerabilities along with the suitable action that can be taken to remedy the loophole.
This tool can be used for scanning cloud applications. Beware: there is always a chance of false positives. Any security flaw, if discovered through scanning, should be verified. The latest version of this software, Acunetix WVS version 8, has a report template for checking compliance with ISO 27001, and can also scan for HTTP denial of service attacks.
Aircrack-ng – A Tool for Wi-Fi Pen Testers
This is a comprehensive suite of tools designed specifically for network pen testing and security. This tool is useful for scanning Infrastructure as a Service (IaaS) models. Having no firewall, or a weak firewall, makes it very easy for malicious users to exploit your network on the cloud through virtual machines. This suite consists of many tools with different functionalities, which can be used for monitoring the network for any kind of malicious activity over the cloud.
Its main functions include:
- Aircrack-ng – Cracks WEP or WPA encryption keys with dictionary attacks
- Airdecap-ng – Decrypts captured packet files of WEP and WPA keys
- Airmon-ng – Puts your network interface card, like Alfa card, into monitoring mode
- Aireplay-ng – This is packet injector tool
- Airodump-ng – Acts as a packet sniffer on networks
- Airtun-ng – Can be used for virtual tunnel interfaces
- Airolib-ng – Acts as a library for storing captured passwords and ESSID
- Packetforge-ng – Creates forged packets, which are used for packet injection
- Airbase-ng – Used for attacking clients through various techniques.
- Airdecloak-ng – Capable of removing WEP clocking.
Several others tools are also available in this suite, including esside-ng, wesside-ng and tkiptun-ng. Aircrack-ng can be used on both command line interfaces and on graphical interfaces. In GUI, it is named Gerix Wi-Fi Cracker, which is a freely available network security tool licensed to GNU.
Cain & Abel
This is a password recovery tool. Cain is used by penetration testers for recovering passwords by sniffing networks, brute forcing and decrypting passwords. This also allows pen testers to intercept VoIP conversations that might be occurring through cloud. This multi functionality tool can decode Wi-Fi network keys, unscramble passwords, discover cached passwords, etc. An expert pen tester can analyze routing protocols as well, thereby detecting any flaws in protocols governing cloud security. The feature that separates Cain from similar tools is that it identifies security flaws in protocol standards rather than exploiting software vulnerabilities. This tool is very helpful for recovering lost passwords.
In the latest version of Cain, the ‘sniffer’ feature allows for analyzing encrypted protocols such as SSH-1 and HTTPS. This tool can be utilized for ARP cache poisoning, enabling sniffing of switched LAN devices, thereby performing Man in the Middle (MITM) attacks. Further functionalities have been added in the latest version, including authentication monitors for routing protocols, brute-force for most of the popular algorithms and cryptanalysis attacks.
Ettercap is a free and open source tool for network security, designed for analyzing computer network protocols and detecting MITM attacks. It is usually accompanied with Cain. This tool can be used for pen testing cloud networks and verifying leakage of information to an unauthorized third party. It has four methods of functionality:
- IP-based Scanning – Network security is scanned by filtering IP based packets.
- Mac-based Scanning – Here packets are filtered based on MAC addresses. This is used for sniffing connections through channels.
- ARP-based functionality – ARP poisoning is used for sniffing into switched LAN through an MITM attack operating between two hosts (full duplex).
- Public-ARP based functionality – In this functionality mode, ettercap uses one victim host to sniff all other hosts on a switched LAN network (half duplex).
John the Ripper
The name for this tool was inspired by the infamous serial killer Jack the Ripper. This tool was written by Black Hat Pwnie winner Alexander Peslyak. Usually abbreviated to just “John”, this is freeware which has very powerful password cracking capabilities; it is highly popular among information security researchers as a password testing and breaking program tool. This tool has the capability of brute forcing cloud panels. If any security breach is found, then a security patch can be applied to secure enterprise data.
Originally created for UNIX platforms, John now has supported versions for all major operating systems. Numerous password cracking techniques are embedded into this pen testing tool to create a concise package that is capable of identifying hashes through its own cracker algorithm.
Complied in the Ruby programming language and developed by H.D. Moore, Metasploit framework has made significant contributions to the pen testing tools community. It gives you the capability of adding your own modules. By default, Metasploit is embedded in popular pen testing distributions with a streamlined user interface.
It can pen test with just an IP address. Therefore, if you have your data on the cloud then all you need is your actual cloud IP address to test security. Just be sure that the IP you are using actually belong to your assets, because in many cases vendors will change IP addresses. If you are using cloud services from Amazon, then using Metasploit Pro will provide you with additional Amazon Machine Images. You can install the available Metasploit package on Amazon EC2 like other packages and run it normally. You cannot receive updates until you get it registered, though.
Nessus is an open source, comprehensive vulnerability scanner developed by Tenable Network Security, and has the designation of being the most popular vulnerability assessment tool. In its most recent update in March, it added cloud management and multi support through the Nessus Perimeter Service.
This scanner is capable of controlling internal and external scanners through the cloud. According to Ron Gula, CEO of Tenable Network Security, the multi-scanning management capability will allow users to benefit from the robust capabilities of Nessus to manage internal and external scanners from a single point, which will save time and resources.
Nmap stands for “Network Mapper”; this tool is the gold standard for network scanning. Originally written by Gordon Lyon (Fyodor Vaskovich), it is a must have in any pen testers arsenal. Use it to scan networks, even if congestion or latency has been occurring on these networks.
Nmap can be effectively used for scanning cloud networks. The only condition is that your cloud network is on an OS supported by Nmap. These include Unix, Linux, Solaris, Windows, Mac, OS X, BSD and some other environments. Also, you would want to scan your original IP instead of that hidden behind NAT or firewalls. Be sure to have permission from the IaaS provider before scanning the networks, because it is prohibited to scan without authenticity, for obvious reasons.
Freely distributed as an open source program, Kismet uses 802.11 standard layer 2 tools which can be used for packet sniffing, network detection and also as an intrusion detection system. It supports any wireless card which is capable of raw monitoring.
Kismet is capable of scanning public, private or hybrid cloud servers. Its distinguishing feature is that it leaves no logs of scans done in victim machines. It accomplishes this by working passively and sending no traceable packets to the victim network. Due to stealth functionality, it is the most widely used wireless scanning tool to date. On a cloud server, Kismet can be used for preventing any active wireless sniffing programs like Netstumbler through its IDS capability. Kismet supports channel hopping that aids it in finding as many networks as possible through non sequential functioning.
Wireshark has been around for ages and has proven to be an excellent cloud monitoring tool. Although it can help network administrators in scanning enterprise networks, it cannot be used as a stand-alone tool in large environments like cloud servers. In cloud networks, Wireshark is used for scanning a single entity of the whole infrastructure. It can be aided by other tools, or multiple instances can run to serve the purpose.
Wireshark can apply to the cloud the same way it applies to any home network. It is used for troubleshooting network issues by digging through the weeds of the network. Wireshark can also be applied for analyzing packets between cloud service provider and the end user. But as Wireshark is basically a desktop based network monitoring tool, QA Café has developed “CloudShark” for making captured files accessible on cloud environments.
Leading cloud vulnerability scanners online
We have a compiled a modest list of some of the leading cloud vulnerability scanners online. These sites will provide you with security breakdown of some of the areas that can be addressed to improve your sites security.
Sucuri provides a cloud platform for complete web security and monitoring. The users can scan their website for any type of malware, any type of hack and receive the results of monitoring in the form of alerts. The signatures of malware are identified by the lightweight website scanners of Sucuri for immediate action. Sucuri promises complete removal of malware, protection against repeated hacks, 24/7 tech support, and a money-back guarantee of 30 days. It is compatible with all types of platforms like WordPress, Magento, PHP, Droopal, and Joomla.
Intruder.io aims to prevent data breaches by finding vulnerabilities in cyber security. It offers on-the-fly integration for major cloud providers like Amazon Web Services (AWS), Google Cloud Platform (GCP), and Microsoft Azure. Intruder.io differs from its competitors by providing efficient monitoring of internal environments as well as edge networks.
SSL Labs is a tool provided by Qualys that provides the services of testing websites configuration & certificates, testing browser’s implementation of Secure Sockets Layer (SSL), analyzing how other websites on the internet are performing, and documentation for anyone who wants to learn the correct deployment of SSL/TLS.
MetaDefender Cloud works on the philosophy of trusting no file. This philosophy enabled them to come up with a state-of-the-art cloud platform called OPSWAT for the detection and prevention of threats. Rest API enables easy integration of this platform in any application. Using technologies like Multiscanning and Deep CDR, it provides protection against ransomware attacks along with data breaches to organizations.
UpGuard is a platform for system administrators to manage any attacks and analyze the risks. The security engine of UpGuard constantly monitors companies worldwide. It also provides a free security assessment of any website. Data conscious companies like TDK, NYSE rely on UpGuard for prevention against data breaches, monitoring of vendors while simultaneously scaling up.
Mozilla Observatory is a powerful tool for website owners, developers, and system administrators to test their website’s security vulnerabilities. From e-commerce websites to blog websites, the Observatory provides the latest fixes to boost one’s security. The Observatory ranks different websites according to a scoring-based system in which various metrics related to web security are tested.
Traditional network monitoring tools are now being used as cloud performance monitoring tools. This is due to the fact that the cloud is also a network with larger boundaries and more complications than standard networks. Today, organizations can buy an online service by instantiating any image service on the cloud. Cloud computing has emerged as a pay-as-you-go service, which organizations can use without having to go deeper into the details how cloud infrastructure works.
As cloud networks are providing more and more to IT services, its security has been a chief concern for most customers. For ensuring security and privacy of your data, there are cloud security tools and methodologies through which you can pen test your cloud provider. Using the aforementioned tools will enhance reliability in cloud service.
By Chetan Soni