Posts Tagged Cloud computing
Password Cracking Arrives to the Cloud
Posted by Mourad Ben Lakhoua in News, Password Security on November 4, 2009
David Campbell a security consultant made a study regarding password safety. the research has been based on the cost evaluation of cracking password with a paid service by Amazon EC2 web service.
The security expert found that for cracking 12 character password that is based on lowercase letters “a” and “z”, hackers would need to pay about 1,5 million dollars. While for 11 character the password costs 60 thousands dollars, and for 10 he can get the password for just 2300 dollars.
Mixing the password with numbers and letters will enhance the protection measures but not as needed. For example the coast to crack 10 combined characters alphanumeric is less than 60 thousand dollars while 11 characters hacker should spend 2.1 million. Adding special characters (!@#$%) will make the price jump for more than 106 thousands for 8 character.
Cloud Computing has significantly reduced the coasts for purchasing and maintaining expensive equipment but its time to invest a part of the IT budget on solid encryption solution like two factor authentication or password managing solution, to eliminate different threats for password guessing and man in the middle attack.
make sure you subscribe to my RSS feed!
New initiative for open cloud computing management standards
Posted by Mourad Ben Lakhoua in cloud computing management standards on April 29, 2009
The Distributed Management Task Force (DMTF) has launched the “Open Cloud Standards Incubator“. The goal of the initiative is to develop specifications that define how companies transfer applications and data between cloud environments – whether the clouds are located at one of the company’s data centres or not.
In cloud computing, the main focus for system performance, for the provision of applications and for data storage is not on clients, but on servers, which are organised in grids and large, distributed server farms. Therefore, cloud computing is one of the basic components and extensions of the “Software as a Service” (SaaS) application model, where applications are not installed on the user’s local machine, but rather delivered as on request services via server farms.
A central aspect of the cloud resource management approach, which is to be developed by the Open Cloud Standards Incubator, is the Open Virtualization Format (OVF). OVF describes an open, secure, portable and extensible format for packaging and distributing software to be run in virtual machines. As some of the group members anticipate that OVF will become one of the main components for cloud interoperability, they see much potential in standardising OVF protocol and API extensions, security aspects and corporate-independent regulations.
DMTF members include companies like AMD, Cisco, Citrix, EMC, HP, IBM, Intel, Microsoft, Novell, Red Hat, Savvis, Sun Microsystems and VMware, who are all involved in the incubator initiative. Other efforts to standardise cloud computing are, for example, the Open Cloud Consortium and the Open Cloud Manifesto.
[Source: h-online]
make sure you subscribe to my RSS feed!
RSA Conference 2009 Webcasts
Posted by Mourad Ben Lakhoua in Webcasts on April 26, 2009
The RSA Conference team has made the Keynote Videos available from the RSA Conference 2009 in San Francisco the Largest gathering for security professional in the world.
Very interesting innovation technologies has been discussed (cloud computing, cyber security, crypto systems…) also you can find the spectacular opening ceremony .
So to who was not able to attend you didn’t miss much.Share and Enjoy!
make sure you subscribe to my RSS feed!
Cloud computing a 'security nightmare,' says Cisco CEO
Posted by Mourad Ben Lakhoua in Cloud Computing Security on April 23, 2009
If anyone has the right to be excited about cloud computing, it’s John Chambers. But on Wednesday Cisco Systems’ Chairman and CEO conceded that the computing industry’s move to sell pay-as-you-go computing cycles available as a service on the Internet was also “a security nightmare.”
Speaking during a keynote address at the annual security confab, Chambers said that cloud computing was inevitable, but that it would shake up the way that networks are secured. “You’ll have no idea what’s in the corporate data center,” he said. “That is exciting to me as a network player. Boy am I going to sell a lot of stuff to tie that together.”
However, he added, “It is a security nightmare and it can’t be handled in traditional ways.”
Cloud computing is a hot topic here at the RSA security conference in San Francisco this week. Big computing companies like Cisco and IBM are eager to talk about it, but security experts see a lot of work ahead.
“I think it’s really going to be a focal point of a lot of our work in the cyber security area,” said Ronald Rivest a MIT computer science professor and noted cryptographer, speaking during a conference panel Tuesday. “Cloud computing sounds so sweet and wonderful and safe… we should just be aware of the terminology, if we go around for a week calling it swamp computing I think you might have the right mindset.”
[Source: Computer world]
Jericho Forum Issues Best Practices For Secure Cloud Computing
Posted by Mourad Ben Lakhoua in Best Practices on April 19, 2009
An industry group has come up with a model for evaluating and determining if and where cloud-based computing makes sense for an organization.
The Jericho Forum today released its so-called Cloud Cube Model white paper (PDF), which provides best practices and criteria for going to the cloud, as well as choosing the appropriate service providers.
“The Jericho Forum cloud cube computing model is designed to be an essential first tool to help business evaluate the risk and opportunity associated with moving into the cloud,” says Adrian Seccombe, CISO and senior enterprise information architect for Eli Lilly and a member of the Jericho Forum board.
The forum says not every IT function should be relegated to the cloud, and defines the different types of these online services. Security “is often significantly better than that of the customer’s own IT systems” with some cloud providers, according to the white paper, but with a caveat: “While this may well be true, it is critical that cloud customers select the right cloud formations for their needs to ensure they remain secure, [are] able to collaborate safely with their selected parties as their evolving business needs require, and [are] compliant to applicable regulatory requirements — including on the use and location of their data.”
[Source: Dark Reading]
Computing in the Cloud Models- Right Now
Posted by Mourad Ben Lakhoua in Cloud Computing Security on February 1, 2009
In the last months there has been a rapid increase in investment in the Cloud Computing and related areas. This growth is due to the demand for virtual “cloud” resources, the Idea of Cloud Computing is near another approach called utility computing, where computing resources are treated as a service and takes into account the amount consumption like the usual public services (electricity or water).
Cloud Computing provides a numerous benefits from cutting coast, saving time ,held to high standards, must offer a proof of security certifications, and are subject to examinations by auditors, Making them under much higher analysis than typical in-house security teams.
So by looking to all these points it is clear that the Solution is in the Clouds.
US researchers develop cloud computing virus protection
Posted by Mourad Ben Lakhoua in Cloud Computing Security on January 17, 2009
Most PC owners nowadays know that it is not a good idea to connect a Windows computer to the Internet before you have installed current anti-virus software. But not even the best anti-virus program can catch every virus, and complete scans of an entire system take a lot of processor power and can bring already-sluggish computers to a halt.
Now, researchers at the University of Michigan say they have found a better way of protecting computers from contaminants. They have moved protection software from your local PC into the “data cloud” of the Internet, where the power of numerous servers can be clustered. This approach allows far more viruses to be detected than with stand-alone protection programs. In addition, overall performance was improved. Called Cloud AV, on average, the distributed software developed by the researchers trapped a total of 98 per cent of all the contaminants sent through the test, whereas desktop software only caught 83 per cent.
“We were worried because the detection rates of most popular anti-virus software frankly cover too small a range”, explains Farnam Jahanian, computer science professor at the University of Michigan. His idea was simple: if you could use anti-virus programs from different providers at the same time on a single PC, you would have greater security. The problem was that few PCs are powerful enough to do that. “But if we put the anti-virus function into the network, we can have multiple programs running at the same time.”
The article is available here
12 Hot IT Management Trends for 2009
Posted by Mourad Ben Lakhoua in News on January 14, 2009
In 2009, expect a strong focus on IT management initiatives that deliver measurable cost savings in a tight economy; the continued deployment of technologies that enable IT to be managed as a business; and new management challenges introduced by the growth of emerging technologies.
“While there are obvious concerns surrounding the global economy, we expect that IT management initiatives will continue to gain corporate support and have a positive impact on the business performance of the enterprise,? said Dan Twing, COO at Enterprise Management Associates. “Emerging technologies like virtualization and cloud computing will certainly mature during the coming year, but don’t count out the importance and business value of tried-and-true IT stalwarts like the service desk, IT security and IT governance.”
The article is available here
SUBSCRIBE
Latest Comments