Shaping Software

Enduring Ideas in the Realm of Software

Cloud Security Frame

by

CloudSecurityFrame

Here is a draft of our Cloud Security Frame as part of our early exploration work for our patterns & practices Cloud Security Project.  It’s a lens for looking at Cloud Security.  The frame is simply a collection of Hot Spots.  Each Hot Spot represents an actionable category for information.  Using Hot Spots, you can quickly find pain and opportunities, or key decision points.  It helps us organize principles, patterns, and practices by relevancy.  For example, in this case, we use the Cloud Security Frame to organize threats, attacks, vulnerabilities and countermeasures.

Hot Spots

This is our current set of Hot Spots for our Cloud Security Frame:.

  • Auditing and Logging
  • Authentication
  • Authorization
  • Communication
  • Configuration Management
  • Cryptography
  • Exception Management
  • Sensitive Data
  • Session Management
  • Validation

Cloud Security Frame
Here is our draft of the Cloud Security Frame with a description of each Hot Spot category:

Hot Spot Description
Auditing and Logging Auditing and logging refers to how security-related events are recorded, monitored, and audited. Examples include: Who did what and when?
Authentication Authentication is the process of proving identity, typically through credentials, such as a user name and password.
Authorization Authorization is how your application provides access controls for roles, resources and operations.
Communication Communication encompasses how data is transmitted over the wire. Transport security versus message encryption is covered here.
Configuration Management Configuration management refers to how your application handles configuration and administration of your applications from a security perspective. Examples include: Who does your application run as? Which databases does it connect to? How is your application administered? How are these settings secured?
Cryptography Cryptography refers to how your application enforces confidentiality and integrity. Examples include: How are you keeping secrets (confidentiality)? How are you tamper-proofing your data or libraries (integrity)? How are you providing seeds for random values that must be cryptographically strong?
Exception Management Exception management refers to how you handle applications errors and exceptions. Examples include: When your application fails, what does your application do? How much information do you reveal? Do you return friendly error information to end users? Do you pass valuable exception information back to the caller? Does your application fail gracefully?
Sensitive Data Sensitive data refers to how your application handles any data that must be protected either in memory, over the network, or in persistent stores. Examples include: How does your application handle sensitive data?
Session Management A session refers to a series of related interactions between a user and your application. Examples include: How does your application handle and protect user sessions?
Validation Validation refers to how your application filters, scrubs, or rejects input before additional processing, or how it sanitizes output. It’s about constraining input through entry points and encoding output through exit points. Message validation refers to how you verify the message payload against schema, as well as message size, content and character sets. Examples include: How do you know that the input your application receives is valid and safe? Do you trust data from sources such as databases and file shares?

Threats, Attacks, Vulnerabilities and Countermeasures
Here is our working draft of our threats, attacks, vulnerabilities and countermeasures organized by our Cloud Security Frame:

Hot Spot Threats, Attacks, Vulnerabilities and Countermeasures
Auditing and Logging Vulnerabilities

  • Failing to audit failed logons.
  • Failing to secure audit files.
  • Failing to audit across application tiers.

Threats / Attacks

  • User denies performing an operation.
  • Attacker exploits an application without trace .
  • Attacker covers his tracks.

Countermeasures

  • Identify malicious behavior.
  • Know your baseline (know what good traffic looks like.)
  • Use application instrumentation to expose behavior that can be monitored.
Authentication Vulnerabilities

  • Using weak passwords.
  • Storing clear text credentials in configuration files.
  • Passing clear text credentials over the network.
  • Permitting over-privileged accounts.
  • Permitting prolonged session lifetime.
  • Mixing personalization with authentication.

Threats / Attacks

  • Network eavesdropping.
  • Brute force attacks.
  • Dictionary attacks.
  • Cookie replay attacks.
  • Credential theft.

Countermeasures

  • Use strong password policies.
  • Do not store credentials.
  • Use authentication mechanisms that do not require clear text credentials. to be passed over the network.
  • Encrypt communication channels to secure authentication tokens.
  • Use HTTPS only with forms authentication cookies.
  • Separate anonymous from authenticated pages.
Authorization Vulnerabilities

  • Relying on a single gatekeeper.
  • Failing to lock down system resources against application identities.
  • Failing to limit database access to specified stored procedures.
  • Using inadequate separation of privileges.

Threats / Attacks

  • Elevation of privilege.
  • Disclosure of confidential data.
  • Data tampering.
  • Luring attacks.

Countermeasures

  • Use least privilege accounts.
  • Consider granularity of access.
  • Enforce separation of privileges.
  • Use multiple gatekeepers.
  • Secure system resources against system identities.
Configuration Management Vulnerabilities

  • Using insecure administration interfaces.
  • Using insecure configuration stores.
  • Storing clear text configuration data.
  • Having too many administrators.
  • Using over-privileged process accounts and service accounts.

Threats / Attacks

  • Unauthorized access to administration interfaces.
  • Unauthorized access to configuration stores.
  • Retrieval of clear text configuration secrets.
  • Lack of individual accountability.

Countermeasures

  • Use least privileged service accounts.
  • Do not store credentials in clear text.
  • Use strong authentication and authorization on administrative interfaces.
  • Avoid storing sensitive information in the Web space.
  • Use only local administration.
Cryptography Vulnerabilities

  • Using custom cryptography.
  • Using the wrong algorithm or a key size that is too small.
  • Failing to secure encryption keys.
  • Using the same key for a prolonged period of time.
  • Distributing keys in an insecure manner.

Threats / Attacks

  • Loss of decryption keys.
  • Encryption cracking.

Countermeasures

  • Do not develop and use proprietary algorithms (XOR is not encryption. Use platform-provided cryptography.)
  • Use the RNGCryptoServiceProvider method to generate random numbers.
  • Avoid key management. Use the Windows Data Protection API (DPAPI) where appropriate.
  • Periodically change your keys.
Exception Management Vulnerabilities

  • Failing to use structured exception handling.
  • Revealing too much information to the client.

Threats / Attacks

  • Revealing sensitive system or application details.
  • Denial of service attacks.

Countermeasures

  • Use structured exception handling (by using try/catch blocks.)
  • Catch and wrap exceptions only if the operation adds value/information.
  • Do not reveal sensitive system or application information.
  • Do not log private data such as passwords.
Sensitive Data Vulnerabilities

  • Storing secrets when you do not need to.
  • Storing secrets in code.
  • Storing secrets in clear text.
  • Passing sensitive data in clear text over networks.

Threats or Attacks

  • Accessing sensitive data in storage.
  • Accessing sensitive data in memory (including process dumps.)
  • Network eavesdropping.
  • Information disclosure.

Countermeasures

  • Do not store secrets in software.
  • Encrypt sensitive data over the network.
  • Secure the channel.
Session Management Vulnerabilities

  • Passing session identifiers over unencrypted channels.
  • Permitting prolonged session lifetime.
  • Having insecure session state stores.
  • Placing session identifiers in query strings.

Threats or Attacks

  • Session hijacking.
  • Session replay.
  • Man-in-the-middle attacks.

Countermeasures

  • Partition site by anonymous, identified, and authenticated users.
  • Reduce session timeouts.
  • Avoid storing sensitive data in session stores.
  • Secure the channel to the session store.
  • Authenticate and authorize access to the session store.
Validation Vulnerabilities

  • Using non-validated input in the Hypertext Markup Language (HTML) output stream
  • Using non-validated input used to generate SQL queries
  • Relying on client-side validation
  • Using input file names, URLs, or user names for security decisions
  • Using application-only filters for malicious input
  • Looking for known bad patterns of input
  • Trusting data read from databases, file shares, and other network resources
  • Failing to validate input from all sources including cookies, query string parameters, HTTP headers, databases, and network resources

Threats / Attacks

  • Buffer overflows
  • Cross-site scripting
  • Canonicalization attacks
  • Query string manipulation
  • Form field manipulation
  • Cookie manipulation
  • HTTP header manipulation

Countermeasures

  • Validate input: length, range, format, and type
  • Constrain, reject, and sanitize input
  • Encode output
Category: ,

About JD

Reader Interactions

Trackbacks