Professional Documents
Culture Documents
Unit 16.assignment 2 Frontsheet (2018-2019)
Unit 16.assignment 2 Frontsheet (2018-2019)
Assessor name:
ID: GCS17556
Class:
Subject code:
Student declaration
I certify that the assignment submission is entirely my own work and I fully understand the consequences of plagiarism. I
understand that making a false declaration is a form of malpractice.
Student’s signature
Grading grid
P5 P6 P7 P8 M3 M4 D2 D3
❒ Summative Feedback: ❒ Resubmission Feedback:
Submission
Issue date
date
Submission Format:
LO3 Develop Cloud Computing solutions using service provider’s frameworks and open source
tools.
LO4 Analyse the technical challenges for cloud applications and assess their risks
Task 1
Base on the scenario and architecture design in the first assignment provide the implementation.
Because of the time constraint of the assignment, the implementation just provides some demo
functions of the scenario. The implementation includes two parts:
Task 2
The table of contents in your security manual (which should be 500–700 words) should be as
follows:
P7 Analyse the most common M4 Discuss how to overcome D3 Critically discuss how an
problems which arise in a these security issues when organisation should protect
Cloud Computing platform and building a secure cloud their data when they migrate
discuss appropriate solutions platform. to a cloud solution.
to these problems.
P8 Assess the most common
security issues in cloud
environments.
Contents
P5 Configure a Cloud Computing platform with a cloud service provider’s framework.......................................................... 9
Risk management
Risk management is a systematic and systematic approach to risk in order to identify, control, prevent and minimize
losses, caused by risk factors.
Building a systematic approach to the management of security risks is necessary to identify the organization's needs for
security and create an effective security management system. The method of managing the security risks must be
suitable to the environment of the organization and in particular, the organization's general orientation on risk
management. Efforts to ensure information security must address risks in an effective and timely manner at the right place
and time. The management of security risks can be applied to the continuous deployment and operation of the security
management system and is an indispensable activity.
Managing security risks is an ongoing process. This process needs to establish the internal and external context of the
organization, assess and handle risks according to the plan in order to implement recommendations and make decisions.
Risk management analyzes the possible cases and possible consequences, before deciding on solutions to minimize
risks to an acceptable level.
This procedure is guided in ISO / IEC 27005, the 2011 version has been proposed as the national standard of Vietnam
(TCVN).
In the context of the cloud, risk management needs to consider the most important characteristics related to security.
- Confidentiality, the following risks are present: sneaking on communications lines, suppliers accessing sensitive data,
leaking data leaked by service providers; internal data leak.
- Integrity and possible risks include: manipulating data being transmitted, manipulating data at the service provider's side,
modifying random data while transmitting, modifying random data at on the service provider side, modify data at the
internal system.
- Availability (availability) is the following risks of concern: service disruption, unintentional downtime, availability attack,
loss of data access, loss of data on the supplier side Service level, lack of availability in the internal system.
- Regarding performance, the following issues should be considered: network performance, limited scalability, intentional
underperformance, and internal system performance issues.
- Regarding accountability, it is necessary to pay attention to the following possibilities: identity theft, incomplete user
separation, incomplete operation logging, unauthorized access, no logging of the system. internal system.
- Regarding maintenance issues that need attention: limited ability to customize, inappropriate business processes,
incompatibility with new technologies, restrictions on data manipulation, proprietary technology, maintenance Incomplete,
updating in no time.
The above risks have dependent issues in the internal system, but most of them refer to the public transmission line and
especially on the service provider's side. Depending on the type of service provided, that risk is more or less.
Comment
Within the internal system, the entity can perform risk assessment and control. However, service providers often
underestimate, or do not mention the risks of using this service. Therefore, the evaluation of third parties should be
considered because they have the conditions, capabilities and an objective view in the evaluation. In addition, when
choosing to use cloud services, it is important to pay attention to the certificates issued to service providers.
Cloud computing services are provided on the basis of a Service Level Agreement (SLA), which is an important legal
basis in future disputes and disagreements. Conventional contracts cover service quality, availability, reliability and safety.
The above contents are intended to assist organizations and businesses to evaluate and consider when planning to
outsource IT services and especially cloud computing services.
Caesar cipher
In cryptography, the Caesar (Caesar) code, also known as the shift cipher, is one of the simplest and most well known.
The Caesar cipher is a monophonic alternative coding system, working on the 26-character English alphabet. It is a form
of substitution cipher, in which each character in the text is replaced by a character that is separated by a paragraph in the
alphabet to form the cipher.
Data encryption standard (DES) has been found vulnerable against very powerful attacks and therefore, the popularity
of DES has been found slightly on decline.
DES is a block cipher, and encrypts data in blocks of size of 64 bit each, means 64 bits of plain text goes as the input to
DES, which produces 64 bits of cipher text. The same algorithm and key are used for encryption and decryption, with
minor differences. The key length is 56 bits. The basic idea is show in figure.
RSA cryptosystem
The RSA algorithm is a public cryptographic algorithm developed by Ron Rivest, Adi Shamir and Leonard Adleman that
can be used in encryption and digital signature technology.
RSA
The RSA algorithm has two keys: the public key (or the public key) and the secret key (or private key). Each key is a fixed
number used in encryption and decryption. The public key is publicly available and is used for encryption. Information
encrypted with a public key can only be decoded by the corresponding secret key. In other words, everyone can encrypt
but only someone who knows the private key (secret) can decode.
RSA is one of the widely used asymmetric coding systems. It was named after the three MIT scientists designed it: Ron
Rivest, Adi Shamir, and Leonard Adleman. The key idea to ensure the safety of RSA is based on the difficulty of factor
analysis of two large prime numbers. (a x b = c, find the opposite of a, b from c is factor analysis).
The RSA encryption system consists of 4 steps: key generation, key distribution, encryption and decryption. To ensure
confidentiality, different systems need to create different public, and private keys. After the handshake and public key
process is sent to the client, the new information is officially encrypted when the server and the client communicate with
each other.
Safety of RSA
The security of RSA is mainly based on the random number generator generating two prime numbers p and q initially.
Recalculating p and q from n is almost impossible with the two 2048 bit primes as mentioned above. But calculating d
slowly p and q is very easy. Therefore, if either party guesses or finds a hole in that random number generator, then RSA
is considered to be neutralized. It was recently suggested that the US Department of Homeland Security (NSA) installed a
back door on the Dual Elliptic Curve random number generator to help the NSA crack the RSA 10,000 times faster. And it
is interesting that this random number generator is installed by the RSA company (founded by 3 co-authors of RSA
system) in many different applications.
SSL stands for Secure Sockets Layer, a standard technology that allows establishing secure encrypted connections
between a web server (host) and a web browser (client). This connection ensures that data transmitted between the host
and the client is maintained in a private, reliable manner. SSL is now used by millions of websites to protect their online
transactions with customers. If you've ever visited a website using https: // in the address bar, you've created a secure
connection via SSL. If you have an online store or website, SSL will help build trust with customers and keep the
information exchanged between you and your customers confidential.
SSL is like a "backbone" in ensuring safety on the Internet. It helps protect sensitive information when it is transmitted via
computer networks around the world. SSL is necessary to protect your site, even without sensitive information like credit
cards. It provides strict privacy, security and integrity for both site data and visitor's personal information
In general, the disadvantages of SSL compared to advantages, the importance of SSL is insignificant. Using appropriate
SSL will help protect customers, websites, data, create and maintain customer trust as well as sell more goods.
Reference