Higher Nationals in Computing Unit 16 Cloud Computing ASSIGNMENT 2 Assessor name Ho Hai Van Learner’s name Tran Minh Tan ID GCS200647 Class GCS1004A Subject code 1644 Assignment due Assignment submitt[.]
Higher Nationals in Computing Unit 16: Cloud Computing ASSIGNMENT Assessor name: Ho Hai Van Learner’s name: Tran Minh Tan ID: GCS200647 Class: GCS1004A Subject code: 1644 Assignment due: Assignment submitted: ASSIGNMENT FRONT SHEET Qualification BTEC Level HND Diploma in Computing Unit number and title Unit 16: Cloud Computing Submission date Date Received 1st submission Re-submission Date Date Received 2nd submission Student Name Tran Minh Tan Student ID GCS200647 Class GCS1004A Assessor name Ho Hai Van Student declaration I certify that the assignment submission is entirely my own work and I fully understand the consequences of plagiarism I understand that making a false declaration is a form of malpractice Student’s signature Grading grid P5 P6 P7 P8 M3 M4 D2 D3 Summative Feedback: Grade: Resubmission Feedback: Assessor Signature: Date: Internal Verifier’s Comments: Signature & Date: ASSIGNMENT BRIEF Qualification BTEC Level HND Diploma in Computing Unit number Unit 16: Cloud Computing Assignment title Cloud’s implementation and security threats Academic Year 2022 – 2023 Unit Tutor Ho Hai Van Issue date Submission date IV name and date Submission Format: Format: A report (in PDF format) You must use font Calibri size 12, set number of the pages and use multiple line spacing at 1.3 Margins must be: left: 1.25 cm; right: cm; top: cm and bottom: cm The reference follows Harvard referencing system Submission Students are compulsory to submit the assignment in due date and in a way requested by the Tutors The form of submission will be a soft copy posted on http://cms.greenwich.edu.vn/ Note: The Assignment must be your own work, and not copied by or from another student or from books etc If you use ideas, quotes or data (such as diagrams) from books, journals or other sources, you must reference your sources, using the Harvard style Make sure that you know how to reference properly, and that understand the guidelines on plagiarism If you not, you definitely get failed Unit Learning Outcomes: LO3 Develop Cloud Computing solutions using service provider’s frameworks and open source tools LO4 Analyze the technical challenges for cloud applications and assess their risks Assignment Brief and Guidance: Task Base on the scenario and architecture design in the first assignment provide the implementation Because of the time constraint of the assignment, the implementation just provides some demo functions of the scenario The implementation includes two parts: A step-by-step instruction o which shows which functions are implemented o How to config, deploy and test the services (Web application, Database Server, Source code management, server logs ) using service provider’s frameworks and open-source tools o Images for the built functions A brief discussion about difficulties which one can face during the development process(optional) The source code for the built application Task The table of contents in your security manual (which should be 500–700 words) should be as follows: Analysis of the most common problems and security issues of a cloud computing platform Discussion on how to overcome these issues Summary Learning Outcomes and Assessment Criteria Pass Merit Distinction LO3 Develop Cloud Computing solutions using service provider’s frameworks and open-source tools P5 Configure a Cloud Computing M3 Discuss the issues and platform with a cloud service constraints one can face during the provider’s framework development process D2 Critically discuss how one can overcome these issues and constraints P6 Implement a cloud platform using open-source tools LO4 Analyse the technical challenges for cloud applications and assess their risks P7 Analyse the most common M4 Discuss how to overcome D3 Critically discuss how an problems which arise in a Cloud these security issues when organisation should protect their Computing platform and discuss building a secure cloud platform data when they migrate to a appropriate solutions to these problems P8 Assess the most common security issues in cloud environments cloud solution Table of Contents P5 Configure a Cloud Computing platform with a cloud service provider’s framework Node.js Git/GitHub: 10 MongoDB compass/atlas:…………………………………………………………………………………12 Render 17 P6 Implement a cloud platform using open-source tools 19 Functions 19 Local test 20 Deploy to GitHub: 20 migrate from GitHub to Render 21 P7 Analyze the most common problems which arise in a Cloud Computing platform and discuss appropriate solutions to these problems 24 Cloud issues 24 Problems solutions 26 P8 Assess the most common security issues in cloud environments 27 Cloud security problem 27 Countermeasures for Security Risks 30 P5 Configure a Cloud Computing platform with a cloud service provider’s framework I am going to write a web demo with Node.js then publish it on GitHub and use Render.com to connect tomy GitHub and deploy it on cloud and to all step above I need to setup few things Node.js: First, I need to install Node.js on my computer I will show it step by step below: Step 1: I access to the link https://nodejs.org/en/download/ to download the Node installer, here I chose thewindow installer after that I run the installer and click next till the setup wizard complete It ran successfully on port 3000 Deploy to GitHub: I am going to publish my project folder to GitHub by using VS code Commit successfully Migrate from GitHub to Render: To migrate I connect the repository that contains my project which I published Before deploy we need to set up few thins such as Name, region, build command, start command,… After done set up now we just click create web service The Creating may take few minutes and if it deploys success it will look like the figure below: Now I can access to my demo web with the link https://asm2-hg1t.onrender.com and functions that I wrotein the web still work I wrote thinh in text filed name and wow In text filed quote Then I click submit The data that I input was created and read successfully so the web demo that I wrote are successfullydeployed on cloud P7 Analyze the most common problems which arise in a Cloud Computing platform and discuss appropriate solutions these problems 1.Cloud issues: Data Security Considerations: Processing data into useful information is arguably at the core of all computing As a result, there are a number of challenges to take into account while safeguarding said data when the processing and storage ofsuch data is outsourced to infrastructure owned and maintained by a third party Since several parties, someof whom may be hostile, must share the infrastructure in the public cloud, these problems are even more serious Data Security Properties: Privacy: In terms of network security in general and cloud computing specifically, privacy is one of the more crucial challenges to address Privacy guarantees that unauthorized users won't learn a CSC's identity or personal information The CSC places a high priority on this attribute, particularlywhen working with sensitive data Confidentiality: Since this attribute guarantees that the data belonging to a CSC is not disclosed to any unauthorized parties, it relates to data privacy The CSP is primarily in charge of protecting the CSC's data in public clouds Due to multi tenancy, which allows several users to use the same hardware that a CSC uses to store its data, this is very challenging While some providers use resource management and job scheduling, the majority use virtualization to make the most of their technology These two techniques enable cross-VM side channel attacks to get data from a target VMon the same machine while giving attackers complete access to the host Integrity: You get out what you put in when it comes to data integrity, which is the assurance that information saved in the cloud is not changed in any way by unauthorized parties when it is retrieved CSPs must make sure that neither data in storage nor data in transit is accessible to otherparties in order to guarantee this Data should only be able to be changed by authorized CSCs Availability: This characteristic guarantees that the CSC has access to their data and is not mistakenlyor maliciously denied access by any organization Attacks like denial-of-service are frequently used to prevent data from being available Data Stages: Each separate stage of the data flow across a cloud necessitates the maintenance of one or more ofthe preceding qualities The following are these stages: Data-in-transit: This is the time when data is being transported to the CSC's computing platform or tothe cloud infrastructure Data is most likely to be intercepted in this situation, breaking confidentiality Here, encryption is typically used combined with various techniques to prevent this, including Data-at-rest: Data has been kept in the cloud infrastructure at this point The CSC's loss of data control is the biggest problem at this level Hence, the CSP is responsible for fighting against assaultsat this point At this point, they must make sure that the four data security attributes listed are maintained Data-in-use: At this point, data is transformed into information The problems in this case can becaused by data corruption during processing The integrity of data entering a process must be guaranteed using one of the applicable methods we shall cover later to prevent this Along with these three steps, the data that is omitted during data transfer or removal must also be considered because it may result in serious security problems with public cloud services because a CSC might end up having access to portions of data that were improperly deleted from a previous CSC We can now see that data security is by far the biggest and most complicated area to be protected against incloud computing after examining the many risks that need to be avoided Thus, we will concentrate a little more on the procedures used in industry to maintain data security and provide a summary of the simpler approaches employed in the other risk areas 2.Problems solutions: Methods to ensure Data security: The various properties of data are secured using a variety of techniques Here, we'll take a quick look at authentication and encryption schemes and compare them: Authentication in the Cloud: Identity and access management (IAM), a type of access control, is extremely important because cloud computing is linked to the storage of users' sensitive data with both a CPC and a CSP The CSP may CPC authentication in-house or with the help of outside professionals The identity-based hierarchical model for cloud computing (IBHMCC) and the SSH Authentication Protocol are two examples of authentication techniques (SAP) This is mostly used to safeguard the confidentiality and privacy of data IAM manages the three main security concerns of authentication, automated provisioning, and authorization services to guarantee regulatory compliance OpenID, OAuth, SAML, and XACML are further underlying technologiesused for authentication, authorization, and access control services Moreover, real-time communication about authorized users and other security issues between a cloud service provider and the client is made possible by the trusted computing group's (TCG's) IF-MAP standard Encryption techniques in the cloud: Cryptographic encryption algorithms are without a doubt the greatest choices for protecting data while it is atrest and while it is in transit Homomorphic encryption is one such method used in transit Processing on an encryption domain is required in this As opposed to homomorphic encryption, which requires data to be decoded to be accessible, other techniques like searchable encryption are also used Examples of common encryption schemes are: Caesar Cipher: This traditional substitution cipher was invented Using a simple example, the letter "ZULU"would be changed to the letter "CXOX," which is three strides ahead of it in the alphabet Because there areonly 25 key possibilities, this encryption is readily brute forced Nowadays, it is not utilized in important applications The Vigenère Cipher and the Playfair Cipher, both mentioned in, are other comparable archaicclassical ciphers Instead of employing a key as is for encryption and decryption, the S-DES - Simplified Data Encryption Standard - key generation procedure generates sub keys after processing the original 10-bit input At boththe transmitting and receiving ends, the two sub keys are produced S-DES provides some structure and formation to encryption techniques with step-by-step instructions for both encryption and decryption By including initial permutation and expansion permutations, the security is significantly increased when compared to the classical techniques As computational power has now reached the point where it can break it, it is not quite as extensively employed today A cryptographic algorithm called RSA uses a public encryption key that is different from a secret decryption key The acronym RSA stands for the algorithm's designers, Ron Rivest, Adi Shamir, and Leonard Adleman Finding an integer's factors is difficult, which is the foundation of this approach It is one of the encryption methods that is utilized today more frequently A widely used protocol for controlling the security of a message transmission over the Internet is Secure Socket Layer (SSL), which employs a public and private key encryption mechanism P8 Assess the most common security issues in cloud environments 1.Cloud security problem: Security threat and vulnerabilities: As previously said, we will focus our security assessment only on the public cloud, which is the most widelyused type of cloud Prior to examining and categorizing the threats particular to CSPs and CSCs, we first discuss the fundamental security issues for this deployment paradigm Basic Security Risk Considerations: When it comes to security, there are a number of places that need to be protected because they couldbe to the use of the cloud Every spot is a potential attack route or point of failure Considering danger, five Important such areas include: Organizational Security Risks: Organizational risks are those that could have an impact on how an organization is structured or howa corporation operates as a whole [Dahbur11] Since any Service Level Agreements (SLA) they had may have changed if a CSP goes out of business or is acquired by another organization, this could have a negative impact on their CSPs They would then need to switch to another CSP that more closely complies with their needs In addition, the business may be threatened by malevolent insiderswho could harm the company by leveraging the information that their CSCs give Physical Security Risks: To stop unwanted on-site access to CSC data, the CSP must secure the cloud data center's physical location Theft of data physically cannot be prevented, not even by firewalls and encryption The CSP should build and manage the necessary infrastructure controls, such as staff training, physical site security, and network firewalls, given that they oversee the physical infrastructure It is also crucial to remember that the CSP is accountable for complying with local privacy laws in addition to storing and processing data in particular jurisdictions Technological Security Risks: These hazards include issues related to the CSP's hardware, technologies, and services These hazards are present in the public cloud due to its multi-tenancy capabilities and include resourcesharing isolation issues as well as portability risks when switching CSPs It is advised that CSP perform routine infrastructure maintenance and audits Compliance and Audit Risks: These dangers are connected to the legislation Risks associated with incomplete jurisdictional information, shifts in jurisdiction, erroneous contract provisions, and ongoing legal battles come to mind For instance, based on their location, some CSPs may be required by law to provide sensitive information upon request from the government Data Security Risks: There are numerous hazards to data security that we must consider Data availability, data confidentiality, and data integrity are the three essential characteristics that we need to guarantee Since this is the region that is most vulnerable to breach and is where the majority of cloud securityefforts are concentrated, we will go into more detail on it in the following part The two diagrams below show how these risk categories have been further divided between CSPs and CSCs: The five key security concerns for a cloud service provider are shown in the figure above The bullet points next to each category help a CSP identify subcategories that can provide a security risk Let's contrast this with the security issues the average CSC faces, which are shown in the figure below Similar risk categories and subcategories that CSCs must deal with are shown in Figure Consequently, we can see that CSPs alone are responsible for assuming organizational risks This is so because the CSP always provides the infrastructure for cloud computing services We can also observe that, when it comes to compliance and audit, CSPs and CSCs must adhere to the same standards, whereas, when it comes to data security, technological security, and physical security, a CSC may have different worries than a CSP This is primarily due to the various degrees of influencethey have over each region Now let's take a closer look at the data security concerns that need to be considered We will examine the considerations that must be made for data in the following subsection afterproviding an overview of the fundamental security issues featured in this paragraph Countermeasures for Security Risks: We listed a few potential targets for security exploits above In this part, we provide a brief review of the numerous methods employed by business to address a few specific problems in these problem areas Organizational Security Risks: Malicious Insiders - By implementing stringent legal requirements in contracts when employing individuals, the chance of having malicious personnel on a CSP's team can be reduced This can be avoided in part by having the CSP thoroughly evaluated by a third party and by having a strong protocol in place for notifying users of security breaches Physical Security Risks: Physical Breach - Having strong physical security deterrents in place, such as armed guards, keycard access, and biometric scans to restrict access to sensitive regions in the data center, can reduce the danger of attackers getting physical access to machines utilized in the delivery of cloud services Technological Security Risks: A hierarchy of DHT-based overlay networks, with specified responsibilities to be done by each layer, might be the framework used by virtualized defense and reputation-based trust management - CSP In the lowest layer, reputation aggregation and probing colluders are dealt with The top layer defends against many assaults In this context, reputation aggregation refers to using several sources to confirm specific links, andprobing colluders means determining whether sources are connected to known bad actors Secure virtualization - CSP can make use of an Advanced Cloud Protection system (ACPS) to guarantee thesecurity of distributed computing middleware and guest virtual machines Logging and routinely reviewing executable system files can also be used to track the behavior of cloud components A separate domain for consumers and providers, each with a unique trust agent, should be the foundation ofany interoperability and security trust paradigm A trust agent is a third party that works independently to gather security data for endpoint verification For service providers and clients, several trust techniques should exist Compliance and Audit Risks: Since this field mostly involves legal matters, both CSPs and CSCs must be aware of their legal and regulatory obligations and make sure that any contracts they enter into so The CSP should also make surethat its data security and privacy are not jeopardized by its discovery capabilities After looking at various approaches for preventing security breakdowns in the other four areas, we will lookat some of the main methods for ensuring data security in the following subsection Reference: Wustl.edu (2014) A Survey of Cloud Computing Security: Issues, Challenges and Solutions.[online] Available at: https://www.cse.wustl.edu/~jain/cse570-15/ftp/cld_sec/ [Accessed 30 June 2023]