论坛公告:应用容器安全指南(SP800-190)中文版   美国政府宣布禁用卡巴斯基软件   《中华人民共和国网络安全法》讨论帖   新手报到专用帖   【论坛公告】关于本站广告贴泛滥问题的整理通知   

当前时区为 UTC + 8 小时


发表新帖 回复这个主题  [ 6 篇帖子 ] 
作者 内容
 文章标题 : 【开源翻译项目】向公共云迁移对架构的影响
帖子发表于 : 2012-02-04 09:23 
离线
站长

关注按钮

注册: 2003-11-11 19:30
最近: 2018-01-08 16:04
拥有: 10,248.00 安全币

奖励: 878575 安全币
在线: 107583 点
帖子: 3276
以下是开源翻译项目《公共云计算安全与隐私指南(SP800-144)》(http://bbs.cisps.org/viewtopic.php?f=128&t=29613)第四章第四节的原文及译文对照。请大家审阅译文并提出修改意见,我会给与提出修改意见者安全币奖励。

4.4 Architecture

4.4 架构

The architecture of the software and hardware used to deliver cloud services can vary significantly among public cloud providers for any specific service model. The physical location of the infrastructure is determined by the cloud provider as is the design and implementation of the reliability, resource pooling, scalability, and other logic needed in the support framework. Applications are built on the programming interfaces of Internet-accessible services, which typically involve multiple cloud components communicating with each other over application programming interfaces. Virtual machines typically serve as the abstract unit of deployment for IaaS clouds and are loosely coupled with the cloud storage architecture. Cloud providers may also use other computing abstractions in lieu of virtual machine technology to provision services for other service models.

无论属于什么服务模式,不同的公共云提供商都会采用不同的软硬件架构实现云服务。云提供商决定基础架构的地理位置以及支持此架构可靠性、资源池分配、可伸缩性等逻辑功能所需的设计和实现。应用建立在互联网可访问的程序接口之上,并且通常包含多个通过应用程序接口相互通讯的云模块。虚拟机通常做为IaaS云部署的抽象单元与云存储架构松散地耦合在一起。云提供商也可能会使用其它计算抽象技术代替虚拟机技术为其它服务模式提供服务。

To complement the server side of the equation, cloud-based applications require a client side to initiate and obtain services. While Web browsers often serve as clients, other possibilities exist. In addition, an adequate and secure network communications infrastructure must be in place. Many of the simplified interfaces and service abstractions on the client, server, and network belie the inherent underlying complexity that affects security and privacy. Therefore, it is important to understand the technologies the cloud provider uses to provision services and the implications the technical controls involved have on security and privacy of the system throughout its lifecycle. With such information, the underlying system architecture of a cloud can be decomposed and mapped to a framework of security and privacy controls that can be used to assess and manage risk.

与服务器端相对应,基于云的应用需要客户端发起并获得服务。Web浏览器是常见的客户端,不过也存在其它方式。另外,恰当和安全的网络通信基础架构也必须建立起来。客户端、服务器和网络方面众多简单易用的接口和服务抽象技术掩盖了内部底层技术机制的复杂性,而复杂性会影响安全和隐私。所以,了解云提供商用以提供服务的技术,以及技术控制在系统整个生命周期对安全和隐私的影响是非常重要的。了解了这些信息,就可以将云底层系统架构进行分解,并映射到用于评估和管理风险的安全和隐私控制框架中。

Attack Surface. The hypervisor or virtual machine monitor is an additional layer of software between an operating system and hardware platform that is used to operate multi-tenant virtual machines and is common to IaaS clouds. Besides virtualized resources, the hypervisor normally supports other application programming interfaces to conduct administrative operations, such as launching, migrating, and terminating virtual machine instances. Compared with a traditional, non-virtualized implementation, the addition of a hypervisor causes an increase in the attack surface. That is, there are additional methods (e.g., application programming interfaces), channels (e.g., sockets), and data items (e.g., input strings) an attacker can use to cause damage to the system.

攻击面
虚拟机管理器或监控器是在操作系统和硬件平台之间增加的一个软件层,用于运行多租户虚拟机,在IaaS云中很常见。除了虚拟化资源之外,管理器通常还支持其它应用程序接口以便实现管理操作,如发起、迁移和终结虚拟机实例。与传统的、非虚拟化实现相比,增加管理器会导致攻击面的增加。也就是攻击者可以使用更多的方法(如应用程序接口)、信道(如套接字)和数据项(如输入字符串)对系统造成损害。

The complexity in virtual machine environments can also be more challenging than in their traditional counterparts, giving rise to conditions that undermine security [Gar05]. For example, paging, checkpointing, and migration of virtual machines can leak sensitive data to persistent storage, subverting protection mechanisms in the hosted operating system intended to prevent such occurrences. Moreover, the hypervisor itself can potentially be compromised. A compromise of the hypervisor could result in the compromise of all systems that it hosts [Sca11]. For instance, a vulnerability that allowed specially crafted File Transfer Protocol (FTP) requests to corrupt a heap buffer in the hypervisor, which in turn could induce the execution of arbitrary code at the host, was discovered in the Network Address Translation (NAT) routine of a widely used virtualization software product [Sec05, She05].

虚拟机环境的复杂性也可能比传统环境的复杂性更难应对,更可能造成不利于安全的条件。例如,虚拟机的页管理、检查点管理和迁移可能会将敏感信息泄漏到持久存储器,从而破坏了宿从操作系统的保护机制,这一机制的目的就是防止这种情况的发生。另外,管理器本身也可能遭到破解。管理器的破解会造成其管理的所有系统的破解。例如,通过恶意构造的文件传输协议(FTP)请求可以利用某管理器的漏洞破坏其堆缓存区,最终可以导致在主机上执行任意代码,这一漏洞是在一款广泛使用的虚拟化软件产品的网络地址翻译(NAT)模块中发现的。

Virtual servers and applications, much like their non-virtual counterparts, need to be secured, both physically and logically. Following organizational policies and procedures, the operating system and applications should be hardened when producing virtual machine images for deployment. Care must also be taken to provision security for the virtualized environments in which the images run [You07]. For example, virtual firewalls can be used to isolate groups of virtual machines from other hosted groups, such as production systems from development systems or development systems from other cloud-resident systems. Carefully managing virtual machine images is also important to avoid accidentally deploying images under development or containing vulnerabilities.

虚拟服务器和应用与非虚拟的一样都需要物理和逻辑上的保护。在部署生产系统用虚拟机镜像时应按照组织的政策和规程对操纵台和应用程序进行加固。必须特别注意为镜像运行的虚拟环境提供安全保护。例如,可以使用虚拟防火墙将不同分组的虚拟机主机隔离开,比如将生产系统与开发系统相隔离,或者将开发系统与驻留其它云平台的系统相隔离。关注对虚拟机镜像的管理也很重要,这样可以避免意外地部署正处于开发中后包含漏洞的镜像。

Virtual Network Protection. Most virtualization platforms have the ability to create software-based switches and network configurations as part of the virtual environment to allow virtual machines on the same host to communicate more directly and efficiently. For example, for virtual machines requiring no external network access, the virtual networking architectures of most virtualization software products support same-host networking, in which a private subnet is created for intra-host communications. Traffic over virtual networks may not be visible to security protection devices on the physical network, such as network-based intrusion detection and prevention systems [Sca11, Vie09]. To avoid a loss of visibility and protection against intra-host attacks, duplication of the physical network protection capabilities may be required on the virtual network [Ref10, Vmw10]. While some hypervisors allow network monitoring, their capabilities are generally not as robust as those in tools used to monitor physical networks. Organizations should consider the risk and performance tradeoffs between having traffic hidden within the hypervisor versus exposing that traffic to the physical network for monitoring [Sca11].

虚拟网络保护
大多数虚拟平台可以创建基于软件的交换和网络机制做为虚拟环境的组成部分,使运行其上的虚拟机能够更直接和有效地通讯。例如对于没有外部网络连接的虚拟机,大多数虚拟化软件产品的虚拟网络架构都支持同主机网络,在其中建立私有网段供内部多个宿从主机之间的通讯。物理网络上的安全保护设备,如基于网络的入侵检测和防御系统可能无法检测到虚拟网络中的数据流。为了避免这种检测盲区以及防范宿从主机之间的攻击,可以要求在虚拟网络中建立类似物理网络的保护机制。虽然有些管理器可以进行网络监控,但这一机制往往没有监控物理网络的工具那么有效。组织应考虑在隐藏管理器内部数据流和网络数据流监视之间找到风险和性能的平衡点。

A side effect of virtualized environments is the potential loss of separation of duties between existing administration roles in an organization. For example, in traditional computing environments, computer administrators typically do not configure network security components, such as intrusion detection and prevention systems and firewalls. Network security administrators, on the other hand, can configure such devices, but typically do not have administrative rights on hosts to grant system access. In virtual environments, the distinct roles of computer and network security administrators can collapse into a single role of a virtual infrastructure administrator. Other distinct roles, such as that of storage administrators, can be similarly affected. Management and operational controls may be needed to compensate a lack of technical controls in virtual environments for maintaining separation of duty.

虚拟环境的另一个副作用是容易破坏组织中原有的职务分离机制。例如在传统的计算环境中,计算机管理员通常不能配置网络安全部件,如入侵检测和防御系统和防火墙。反之,网络安全管理员可以配置此类设备,但通常没有访问系统的管理员权限。在虚拟环境中,计算机和网络安全管理员这两个不同的角色可能重叠于虚拟架构管理员这一个角色。其它应独立的角色如存储管理员也可能受到同样的影响。为了保持职务分离的机制,在缺乏技术控制的虚拟环境中可能需要管理和规程性控制来加以补偿。

Virtual Machine Images. IaaS cloud providers and manufacturers of virtual machine products maintain repositories of virtual machine images. A virtual machine image entails the software stack, including installed and configured applications, used to boot the virtual machine into an initial state or the state of some previous checkpoint. Sharing virtual machine images is a common practice in some cloud computing environments as a quick way to get started. Virtual machine images created by the organization must be carefully managed and controlled to avoid problems. For instance, images need to be kept up-to-date with the latest security patches. Caution must be taken to avoid using images that have not been vetted or releasing images in a haphazard fashion.

虚拟机镜像

虚拟机镜像库由IaaS云提供商和虚拟机产品厂商维护。虚拟机镜像包含一系列软件,包括安装和配置好的应用程序,这样启动虚拟机就可进入初始状态或某个检查点位置的状态。共享虚拟机镜像是一些云计算环境常见的做法,这样可以更快速地实现应用。必须对组织创建的虚拟机镜像进行严格管理和控制以免发生问题。如镜像需要安装最新的安全补丁。应采取谨慎措施以防使用未得到安全确认的镜像,或以危险方式发布镜像。

The provider of an image faces risks, since an image can contain proprietary code and data and embody vulnerabilities. An attacker may attempt to examine images to determine whether they leak information or provide an avenue for attack [Wei09]. This is especially true of development images that are accidentally released. The reverse may also occur—an attacker may attempt to supply a virtual machine image containing malware to consumers of a cloud computing system [Jen09, Wei09].13 For example, researchers demonstrated that by manipulating the registration process to gain a first-page listing, they could readily entice cloud consumers to run virtual machine images they contributed to the image repository of a popular cloud provider [Mee09, Sla09]. The risks for consumers running tainted images include theft and corruption of data. Organizations should consider implementing a formal image management process to govern the creation, storage, and use of virtual machine images [Sca11].

因为镜像中可能包含私有代码和数据或隐藏缺陷,所以镜像的提供者也面临风险。攻击者可能会去检查镜像以确定其是否会泄漏一些信息,或提供攻击的途径。如果开发过程中的镜像意外发布出去更可能会产生这类风险。反之也会有风险,如攻击者可能提供包含恶意代码的虚拟机镜像给云计算系统的消费者。例如,研究者曾演示通过操纵注册过程获得首页列表展示的机会,以引诱云消费者运行他们发布到某知名云提供商镜像库中的镜像。运行遭污染镜像的风险包括盗窃和破坏数据。组织应考虑采用规范的镜像管理流程来监管虚拟机镜像的创建、存储和使用。

Client-Side Protection. A successful defense against attacks requires securing both the client and server side of cloud computing. With emphasis typically placed on the latter, the former can be easily overlooked. Services from different cloud providers, as well as cloud-based applications developed by the organization, can impose more exacting demands on the client, which may have implications for security and privacy that need to be taken into consideration. Web browsers, a key element for many cloud computing services, and the various plug-ins and extensions available for them are notorious for their security problems [Jen09, Ker10, Pro07, Pro09]. Moreover, many browser add-ons do not provide automatic updates, increasing the persistence of any existing vulnerabilities.

客户端保护
要成功地防范对云计算的攻击不仅要保护服务器,也需要保护客户端。不过人们经常强调服务器端的保护,却容易忽视对客户端的保护。由不同云提供商提供的服务以及组织自己开发的基于云的应用会对客户端提出不同的具体要求,这些要求会对需要考虑的安全和隐私问题产生重要的影响。做为许多云计算服务重要一环的Web浏览器、各种插件及其扩展功能经常容易出现安全问题。另外,很多浏览器的扩展功能不提供自动更新,会时已知的漏洞持续存在和积累。

Maintaining physical and logical security over clients can be troublesome, especially with embedded mobile devices such as smart phones. Their size and portability can result in the loss of physical control. Built-in security mechanisms often go unused or can be overcome or circumvented without difficulty by a knowledgeable party to gain control over the device [Jan08]. Smart phones are also treated more as fixed appliances with a limited set of functions, than as general-purpose systems. Moreover, cloud applications are often delivered to them through custom-built native applications (i.e., apps) rather than a Web browser. No single operating system dominates smart phones, and security patches and updates for system components are not as frequent as for desktop computers, making vulnerabilities more persistent and widening the window of opportunity for exploitation. As a safeguard, organizations can prohibit or strictly limit access to PII and other sensitive data from portable and mobile devices and reduce risk [Mcc10].

维护客户端的物理和逻辑安全是非常不容易的,尤其是对于智能电话这类嵌入式移动设备更是如此。这些设备的体积和便携性很容易导致失去对其的物理控制。内置的安全机制得不到使用,或被懂行的人轻易绕过或破解以控制该设备。智能电话也经常被看做功能有限的普通电器而不是通用系统。另外,云应用经常以内置的客户化应用的方式(即下载的应用)提供给客户,而不是由客户通过浏览器访问。在智能电话领域没有一个相对统一的操作系统,系统部件的安全补丁和升级也没有桌面计算机那么频繁,造成漏洞更持久,遭到攻击的几率更高。做为一种防范措施,组织可以禁止或严格限制从便携式和移动设备访问PII和其它敏感数据以降低风险。

The growing availability and use of social media, personal Webmail, and other publicly available sites also have associated risks that are a concern, since they increasingly serve as avenues for social engineering attacks that can negatively impact the security of the browser, its underlying platform, and cloud services accessed. For example, spyware was reportedly installed in a hospital system via an employee’s personal Webmail account and sent the attacker more than 1,000 screen captures, containing financial and other confidential information, before being discovered [Mcm09b]. Having a backdoor Trojan, keystroke logger, or other type of malware present on a client, runs counter to protecting the security and privacy of public cloud services, as well as other Internet-facing public services being accessed [Fre08, MRG10].

越来越多的社交媒体、Web邮箱和其它公共网站及其广泛使用也是需要考虑的风险因素,因为它们为人际工程攻击提供了更多的手段,所以对浏览器及其运行平台和所访问的云服务造成了不利的安全影响。例如,有报告称间谍软件通过员工的Web邮箱账户被安装到医院的系统中,截至被发现时已将包含财务等保密信息的1000多份截屏画面传给攻击者。客户端如果存在木马后门、击键记录器或其它类型的恶意代码,对于公共云服务及其它互联网访问的公共服务的安全和隐私保护都是极为不利的。

As part of the overall security architecture for cloud computing, organizations need to review existing measures and employ additional ones, if necessary, to secure the client side. Banks are beginning to take the lead in deploying hardened browser environments that encrypt network exchanges and protect against keystroke logging [Dun10a, Dun10b]. Security awareness training also is an important measure for an organization to apply, since the proper behavior of individuals is an essential safeguard against many types of attacks.

组织需要将保护客户端做为云计算安全架构的一部分,对已有措施进行检查,并根据需要增加新的措施。银行正在率先部署加固的浏览器环境来加密网络交易和防护击键记录攻击。因为人员的恰当行为是防范各种攻击的重要措施,所以安全意识培训也是组织应该采取的重要手段。


--------本帖迄今已累计获得13安全币用户奖励--------


回到顶部
 奖励本帖 用户资料  
 
 文章标题 : Re: 【开源翻译项目】向公共云迁移对架构的影响
帖子发表于 : 2012-02-05 09:16 
离线
站长

关注按钮

注册: 2003-11-11 19:30
最近: 2018-01-08 16:04
拥有: 10,248.00 安全币

奖励: 878575 安全币
在线: 107583 点
帖子: 3276
4.4 Architecture

4.4 架构

The architecture of the software and hardware used to deliver cloud services can vary significantly among public cloud providers for any specific service model. The physical location of the infrastructure is determined by the cloud provider as is the design and implementation of the reliability, resource pooling, scalability, and other logic needed in the support framework. Applications are built on the programming interfaces of Internet-accessible services, which typically involve multiple cloud components communicating with each other over application programming interfaces. Virtual machines typically serve as the abstract unit of deployment for IaaS clouds and are loosely coupled with the cloud storage architecture. Cloud providers may also use other computing abstractions in lieu of virtual machine technology to provision services for other service models.

无论属于什么服务模式,不同的公共云提供商都会采用不同的软硬件架构实现云服务。云提供商决定基础架构的地理位置以及支持此架构可靠性、资源池分配、可伸缩性等逻辑功能所需的设计和实现。应用建立在互联网可访问的程序接口之上,并且通常包含多个通过应用程序接口相互通讯的云模块。虚拟机通常做为IaaS云部署的抽象单元与云存储架构松散地耦合在一起。云提供商也可能会使用其它计算抽象技术代替虚拟机技术为其它服务模式提供服务。

To complement the server side of the equation, cloud-based applications require a client side to initiate and obtain services. While Web browsers often serve as clients, other possibilities exist. In addition, an adequate and secure network communications infrastructure must be in place. Many of the simplified interfaces and service abstractions on the client, server, and network belie the inherent underlying complexity that affects security and privacy. Therefore, it is important to understand the technologies the cloud provider uses to provision services and the implications the technical controls involved have on security and privacy of the system throughout its lifecycle. With such information, the underlying system architecture of a cloud can be decomposed and mapped to a framework of security and privacy controls that can be used to assess and manage risk.

与服务器端相对应,基于云的应用需要客户端发起并获得服务。Web浏览器是常见的客户端,不过也存在其它方式。另外,恰当和安全的网络通信基础架构也必须建立起来。客户端、服务器和网络方面众多简单易用的接口和服务抽象技术掩盖了内部底层技术机制的复杂性,而复杂性会影响安全和隐私。所以,了解云提供商用以提供服务的技术,以及技术控制在系统整个生命周期对安全和隐私的影响是非常重要的。了解了这些信息,就可以将云底层系统架构进行分解,并映射到用于评估和管理风险的安全和隐私控制框架中。


--------本帖迄今已累计获得20安全币用户奖励--------


回到顶部
 奖励本帖 用户资料  
 
 文章标题 : Re: 【开源翻译项目】向公共云迁移对架构的影响
帖子发表于 : 2012-02-05 13:11 
离线
站长

关注按钮

注册: 2003-11-11 19:30
最近: 2018-01-08 16:04
拥有: 10,248.00 安全币

奖励: 878575 安全币
在线: 107583 点
帖子: 3276
Attack Surface. The hypervisor or virtual machine monitor is an additional layer of software between an operating system and hardware platform that is used to operate multi-tenant virtual machines and is common to IaaS clouds. Besides virtualized resources, the hypervisor normally supports other application programming interfaces to conduct administrative operations, such as launching, migrating, and terminating virtual machine instances. Compared with a traditional, non-virtualized implementation, the addition of a hypervisor causes an increase in the attack surface. That is, there are additional methods (e.g., application programming interfaces), channels (e.g., sockets), and data items (e.g., input strings) an attacker can use to cause damage to the system.

攻击面
虚拟机管理器或监控器是在操作系统和硬件平台之间增加的一个软件层,用于运行多租户虚拟机,在IaaS云中很常见。除了虚拟化资源之外,管理器通常还支持其它应用程序接口以便实现管理操作,如发起、迁移和终结虚拟机实例。与传统的、非虚拟化实现相比,增加管理器会导致攻击面的增加。也就是攻击者可以使用更多的方法(如应用程序接口)、信道(如套接字)和数据项(如输入字符串)对系统造成损害。

The complexity in virtual machine environments can also be more challenging than in their traditional counterparts, giving rise to conditions that undermine security [Gar05]. For example, paging, checkpointing, and migration of virtual machines can leak sensitive data to persistent storage, subverting protection mechanisms in the hosted operating system intended to prevent such occurrences. Moreover, the hypervisor itself can potentially be compromised. A compromise of the hypervisor could result in the compromise of all systems that it hosts [Sca11]. For instance, a vulnerability that allowed specially crafted File Transfer Protocol (FTP) requests to corrupt a heap buffer in the hypervisor, which in turn could induce the execution of arbitrary code at the host, was discovered in the Network Address Translation (NAT) routine of a widely used virtualization software product [Sec05, She05].

虚拟机环境的复杂性也可能比传统环境的复杂性更难应对,更可能造成不利于安全的条件。例如,虚拟机的页管理、检查点管理和迁移可能会将敏感信息泄漏到持久存储器,从而破坏了宿从操作系统的保护机制,这一机制的目的就是防止这种情况的发生。另外,管理器本身也可能遭到破解。管理器的破解会造成其管理的所有系统的破解。例如,通过恶意构造的文件传输协议(FTP)请求可以利用某管理器的漏洞破坏其堆缓存区,最终可以导致在主机上执行任意代码,这一漏洞是在一款广泛使用的虚拟化软件产品的网络地址翻译(NAT)模块中发现的。

Virtual servers and applications, much like their non-virtual counterparts, need to be secured, both physically and logically. Following organizational policies and procedures, the operating system and applications should be hardened when producing virtual machine images for deployment. Care must also be taken to provision security for the virtualized environments in which the images run [You07]. For example, virtual firewalls can be used to isolate groups of virtual machines from other hosted groups, such as production systems from development systems or development systems from other cloud-resident systems. Carefully managing virtual machine images is also important to avoid accidentally deploying images under development or containing vulnerabilities.

虚拟服务器和应用与非虚拟的一样都需要物理和逻辑上的保护。在部署生产系统用虚拟机镜像时应按照组织的政策和规程对操纵台和应用程序进行加固。必须特别注意为镜像运行的虚拟环境提供安全保护。例如,可以使用虚拟防火墙将不同分组的虚拟机主机隔离开,比如将生产系统与开发系统相隔离,或者将开发系统与驻留其它云平台的系统相隔离。关注对虚拟机镜像的管理也很重要,这样可以避免意外地部署正处于开发中后包含漏洞的镜像。


--------本帖迄今已累计获得11安全币用户奖励--------


回到顶部
 奖励本帖 用户资料  
 
 文章标题 : Re: 【开源翻译项目】向公共云迁移对架构的影响
帖子发表于 : 2012-02-06 16:09 
离线
站长

关注按钮

注册: 2003-11-11 19:30
最近: 2018-01-08 16:04
拥有: 10,248.00 安全币

奖励: 878575 安全币
在线: 107583 点
帖子: 3276
Virtual Network Protection. Most virtualization platforms have the ability to create software-based switches and network configurations as part of the virtual environment to allow virtual machines on the same host to communicate more directly and efficiently. For example, for virtual machines requiring no external network access, the virtual networking architectures of most virtualization software products support same-host networking, in which a private subnet is created for intra-host communications. Traffic over virtual networks may not be visible to security protection devices on the physical network, such as network-based intrusion detection and prevention systems [Sca11, Vie09]. To avoid a loss of visibility and protection against intra-host attacks, duplication of the physical network protection capabilities may be required on the virtual network [Ref10, Vmw10]. While some hypervisors allow network monitoring, their capabilities are generally not as robust as those in tools used to monitor physical networks. Organizations should consider the risk and performance tradeoffs between having traffic hidden within the hypervisor versus exposing that traffic to the physical network for monitoring [Sca11].

虚拟网络保护
大多数虚拟平台可以创建基于软件的交换和网络机制做为虚拟环境的组成部分,使运行其上的虚拟机能够更直接和有效地通讯。例如对于没有外部网络连接的虚拟机,大多数虚拟化软件产品的虚拟网络架构都支持同主机网络,在其中建立私有网段供内部多个宿从主机之间的通讯。物理网络上的安全保护设备,如基于网络的入侵检测和防御系统可能无法检测到虚拟网络中的数据流。为了避免这种检测盲区以及防范宿从主机之间的攻击,可以要求在虚拟网络中建立类似物理网络的保护机制。虽然有些管理器可以进行网络监控,但这一机制往往没有监控物理网络的工具那么有效。组织应考虑在隐藏管理器内部数据流和网络数据流监视之间找到风险和性能的平衡点。

A side effect of virtualized environments is the potential loss of separation of duties between existing administration roles in an organization. For example, in traditional computing environments, computer administrators typically do not configure network security components, such as intrusion detection and prevention systems and firewalls. Network security administrators, on the other hand, can configure such devices, but typically do not have administrative rights on hosts to grant system access. In virtual environments, the distinct roles of computer and network security administrators can collapse into a single role of a virtual infrastructure administrator. Other distinct roles, such as that of storage administrators, can be similarly affected. Management and operational controls may be needed to compensate a lack of technical controls in virtual environments for maintaining separation of duty.

虚拟环境的另一个副作用是容易破坏组织中原有的职务分离机制。例如在传统的计算环境中,计算机管理员通常不能配置网络安全部件,如入侵检测和防御系统和防火墙。反之,网络安全管理员可以配置此类设备,但通常没有访问系统的管理员权限。在虚拟环境中,计算机和网络安全管理员这两个不同的角色可能重叠于虚拟架构管理员这一个角色。其它应独立的角色如存储管理员也可能受到同样的影响。为了保持职务分离的机制,在缺乏技术控制的虚拟环境中可能需要管理和规程性控制来加以补偿。


--------本帖迄今已累计获得11安全币用户奖励--------


回到顶部
 奖励本帖 用户资料  
 
 文章标题 : Re: 【开源翻译项目】向公共云迁移对架构的影响
帖子发表于 : 2012-02-06 21:02 
离线
站长

关注按钮

注册: 2003-11-11 19:30
最近: 2018-01-08 16:04
拥有: 10,248.00 安全币

奖励: 878575 安全币
在线: 107583 点
帖子: 3276
Virtual Machine Images. IaaS cloud providers and manufacturers of virtual machine products maintain repositories of virtual machine images. A virtual machine image entails the software stack, including installed and configured applications, used to boot the virtual machine into an initial state or the state of some previous checkpoint. Sharing virtual machine images is a common practice in some cloud computing environments as a quick way to get started. Virtual machine images created by the organization must be carefully managed and controlled to avoid problems. For instance, images need to be kept up-to-date with the latest security patches. Caution must be taken to avoid using images that have not been vetted or releasing images in a haphazard fashion.

虚拟机镜像

虚拟机镜像库由IaaS云提供商和虚拟机产品厂商维护。虚拟机镜像包含一系列软件,包括安装和配置好的应用程序,这样启动虚拟机就可进入初始状态或某个检查点位置的状态。共享虚拟机镜像是一些云计算环境常见的做法,这样可以更快速地实现应用。必须对组织创建的虚拟机镜像进行严格管理和控制以免发生问题。如镜像需要安装最新的安全补丁。应采取谨慎措施以防使用未得到安全确认的镜像,或以危险方式发布镜像。

The provider of an image faces risks, since an image can contain proprietary code and data and embody vulnerabilities. An attacker may attempt to examine images to determine whether they leak information or provide an avenue for attack [Wei09]. This is especially true of development images that are accidentally released. The reverse may also occur—an attacker may attempt to supply a virtual machine image containing malware to consumers of a cloud computing system [Jen09, Wei09].13 For example, researchers demonstrated that by manipulating the registration process to gain a first-page listing, they could readily entice cloud consumers to run virtual machine images they contributed to the image repository of a popular cloud provider [Mee09, Sla09]. The risks for consumers running tainted images include theft and corruption of data. Organizations should consider implementing a formal image management process to govern the creation, storage, and use of virtual machine images [Sca11].

因为镜像中可能包含私有代码和数据或隐藏缺陷,所以镜像的提供者也面临风险。攻击者可能会去检查镜像以确定其是否会泄漏一些信息,或提供攻击的途径。如果开发过程中的镜像意外发布出去更可能会产生这类风险。反之也会有风险,如攻击者可能提供包含恶意代码的虚拟机镜像给云计算系统的消费者。例如,研究者曾演示通过操纵注册过程获得首页列表展示的机会,以引诱云消费者运行他们发布到某知名云提供商镜像库中的镜像。运行遭污染镜像的风险包括盗窃和破坏数据。组织应考虑采用规范的镜像管理流程来监管虚拟机镜像的创建、存储和使用。


--------本帖迄今已累计获得11安全币用户奖励--------


回到顶部
 奖励本帖 用户资料  
 
 文章标题 : Re: 【开源翻译项目】向公共云迁移对架构的影响
帖子发表于 : 2012-02-07 08:20 
离线
站长

关注按钮

注册: 2003-11-11 19:30
最近: 2018-01-08 16:04
拥有: 10,248.00 安全币

奖励: 878575 安全币
在线: 107583 点
帖子: 3276
Client-Side Protection. A successful defense against attacks requires securing both the client and server side of cloud computing. With emphasis typically placed on the latter, the former can be easily overlooked. Services from different cloud providers, as well as cloud-based applications developed by the organization, can impose more exacting demands on the client, which may have implications for security and privacy that need to be taken into consideration. Web browsers, a key element for many cloud computing services, and the various plug-ins and extensions available for them are notorious for their security problems [Jen09, Ker10, Pro07, Pro09]. Moreover, many browser add-ons do not provide automatic updates, increasing the persistence of any existing vulnerabilities.

客户端保护
要成功地防范对云计算的攻击不仅要保护服务器,也需要保护客户端。不过人们经常强调服务器端的保护,却容易忽视对客户端的保护。由不同云提供商提供的服务以及组织自己开发的基于云的应用会对客户端提出不同的具体要求,这些要求会对需要考虑的安全和隐私问题产生重要的影响。做为许多云计算服务重要一环的Web浏览器、各种插件及其扩展功能经常容易出现安全问题。另外,很多浏览器的扩展功能不提供自动更新,会时已知的漏洞持续存在和积累。

Maintaining physical and logical security over clients can be troublesome, especially with embedded mobile devices such as smart phones. Their size and portability can result in the loss of physical control. Built-in security mechanisms often go unused or can be overcome or circumvented without difficulty by a knowledgeable party to gain control over the device [Jan08]. Smart phones are also treated more as fixed appliances with a limited set of functions, than as general-purpose systems. Moreover, cloud applications are often delivered to them through custom-built native applications (i.e., apps) rather than a Web browser. No single operating system dominates smart phones, and security patches and updates for system components are not as frequent as for desktop computers, making vulnerabilities more persistent and widening the window of opportunity for exploitation. As a safeguard, organizations can prohibit or strictly limit access to PII and other sensitive data from portable and mobile devices and reduce risk [Mcc10].

维护客户端的物理和逻辑安全是非常不容易的,尤其是对于智能电话这类嵌入式移动设备更是如此。这些设备的体积和便携性很容易导致失去对其的物理控制。内置的安全机制得不到使用,或被懂行的人轻易绕过或破解以控制该设备。智能电话也经常被看做功能有限的普通电器而不是通用系统。另外,云应用经常以内置的客户化应用的方式(即下载的应用)提供给客户,而不是由客户通过浏览器访问。在智能电话领域没有一个相对统一的操作系统,系统部件的安全补丁和升级也没有桌面计算机那么频繁,造成漏洞更持久,遭到攻击的几率更高。做为一种防范措施,组织可以禁止或严格限制从便携式和移动设备访问PII和其它敏感数据以降低风险。

The growing availability and use of social media, personal Webmail, and other publicly available sites also have associated risks that are a concern, since they increasingly serve as avenues for social engineering attacks that can negatively impact the security of the browser, its underlying platform, and cloud services accessed. For example, spyware was reportedly installed in a hospital system via an employee’s personal Webmail account and sent the attacker more than 1,000 screen captures, containing financial and other confidential information, before being discovered [Mcm09b]. Having a backdoor Trojan, keystroke logger, or other type of malware present on a client, runs counter to protecting the security and privacy of public cloud services, as well as other Internet-facing public services being accessed [Fre08, MRG10].

越来越多的社交媒体、Web邮箱和其它公共网站及其广泛使用也是需要考虑的风险因素,因为它们为人际工程攻击提供了更多的手段,所以对浏览器及其运行平台和所访问的云服务造成了不利的安全影响。例如,有报告称间谍软件通过员工的Web邮箱账户被安装到医院的系统中,截至被发现时已将包含财务等保密信息的1000多份截屏画面传给攻击者。客户端如果存在木马后门、击键记录器或其它类型的恶意代码,对于公共云服务及其它互联网访问的公共服务的安全和隐私保护都是极为不利的。

As part of the overall security architecture for cloud computing, organizations need to review existing measures and employ additional ones, if necessary, to secure the client side. Banks are beginning to take the lead in deploying hardened browser environments that encrypt network exchanges and protect against keystroke logging [Dun10a, Dun10b]. Security awareness training also is an important measure for an organization to apply, since the proper behavior of individuals is an essential safeguard against many types of attacks.

组织需要将保护客户端做为云计算安全架构的一部分,对已有措施进行检查,并根据需要增加新的措施。银行正在率先部署加固的浏览器环境来加密网络交易和防护击键记录攻击。因为人员的恰当行为是防范各种攻击的重要措施,所以安全意识培训也是组织应该采取的重要手段。


--------本帖迄今已累计获得11安全币用户奖励--------


回到顶部
 奖励本帖 用户资料  
 
显示帖子 :  排序  
发表新帖 回复这个主题  [ 6 篇帖子 ] 

当前时区为 UTC + 8 小时


在线用户

正在浏览此版面的用户:没有注册用户 和 1 位游客


不能 在这个版面发表主题
不能 在这个版面回复主题
不能 在这个版面编辑帖子
不能 在这个版面删除帖子
不能 在这个版面提交附件

前往 :  
cron
华安信达(CISPS.org) ©2003 - 2012