Time
5 hours 49 minutes
Difficulty
Intermediate
CEU/CPE
6

Video Transcription

00:00
Hello, everybody, and welcome to the I T Security episode number 27 i A t Cloud directs. My name is Alejandro Gonna, and I'll be instructive for today's session
00:13
blurting objectives for decisions to understanding the able to identify the main eye Antique Club dreads
00:22
many drinks to cloud base. Infrastructures are the same to those you know, non cloud systems,
00:32
because at the end
00:34
they have to sing occur systems, the same ports the same service is. The problem is that they will affect a greater amount of customers because at the end you're in the cloud. So there's some some
00:51
threats that we have to pay close attention. ZX It weren't if we're planning to move to the cloud for service is, for example, cloud system administrators and users trying to compromise administrator password. If you have your servers under data center,
01:10
the problem would get to you. Only you, I mean, and that's a huge problems. Well,
01:15
but your system will be compromised, and none of that system the problem is in the glove. There are other
01:23
customers are other service's were lying that same build a machine or that same sort of physical surface, so That's where the problem starts. Because at the end, for example, if Hacker successfully introduces ah, a client side payload or exploit like the cross I scripted,
01:42
it will affect not only to your system, which will be already compromised, that the air
01:49
injecting any kind of off script in your base is something bad. For example, it can mutate to a cross eyes from quits forgery, which is a service I attacked.
02:00
But in this case at precise Krypton will affect millions of customers that the air any any, any customers around the world trying to access that, um,
02:10
page Web page will will get that malicious payload or that malicious exploit executed in in their computers or, in this case, in their i a. T the bus.
02:22
A little end points. You know, vulnerability is a beautiful sham. Vulnerabilities will apply the same us the physical service. For example, the Porter system reports the service is running the brutal machines off the same building abilities as a spy,
02:39
a physical server. The problem here is that there's something called hacker hyper Visor, which is controlling how these machines there's Burt lotions and interact with each other, and with the host passion. You mean the physical motion. So, Bowman, abilities in the hyper visor can lead to,
02:59
you know, hackers jumping between the bm toast
03:01
in the same environment on those beings Might not, you know, or will not be for the same business as I told you before. Maybe another bet I t vendor actually providing this service is for not something not quite dangerous. Oh, are you know,
03:21
for example, a pita? They provide services for smart watchers, but you're actually provided service is for peace makers. So something in groups, the watches are, you know, a ransomware attacks the watches. That's a big deal. You know, that's a problem.
03:37
But it's not the same if something, you know, that same hunker jumps between the systems
03:42
and attacks your your biz makers and introduces around somewhere as well. That's a huge concern. We're dealing with lives
03:51
of people right there. So that's something you should see. Really. Consider
03:55
the networks, you know, uh, DDOS attack or defense attacks for cloud providers, heart will have a huge impact on several I ity and businesses.
04:05
It is not the same, you know, to have a DDOS for your webpage. hosted in your own data center than a video s for the servants in the cloud. Providing service is for temple again, peacemakers or any other medical. But that's a huge concerning in peace makers cannot stop working
04:26
on we use that example is at the end. That's one of the easiest thing peuple Osanai ot
04:31
But that's, you know, the harm that you can cause it's something doesn't work properly. That's, ah, you know, really, really high
04:42
on we have at the end the physical, biological truck, drugs
04:46
of the other coyote devices connected to the cloud. You know, in this case, physical because the data leaves the Internets and med works, you know, sniffing traffic or, ah,
05:00
you know,
05:00
uh, getting into the communication This is always that concerned. Remember that we discussed that I A team, for starters will face a huge challenge to decentralize the servers.
05:15
Well, uh, if this will happen, and when this will happen is that the end will have
05:20
they will be receiving i t data from everywhere in the world. Tampering are injecting malicious pales in the I o t communication protocol traffic between devices get weights and a cloud You know cloud good words itself is a big concern to my A team for structures located in the cloud.
05:42
Also, I have t devices importance proof. It is a big deal. Imagine someone is poor fingers. Mara. Watch and forth the server to do stuff like up in your doors, for example, remembered video with the With the guys actually getting the signal from the key
06:00
inside the house in order to start the car and leave.
06:03
Well, that's a big concern to, um,
06:06
you know, this is a soft example. We're not dealing with safety, but can you imagine what will happen? Someone can spoof medical devices making the server thing that the patient no learning. For example, none no longer needs the oxygen or no long, and it needs to use the Peacemaker. That's a huge deal. So
06:27
be careful with that
06:29
in, um,
06:30
finally, the well known device Steve.
06:33
Um, if someone steals your smart advice, they might be able to make, you know, for chase or other action that will fit your safety and privacy.
06:45
What the Hydra Visor and why it is important when dealing with diet. The Cloud service is
06:50
well, it is important is the hyper visor is that the pieces that were in charge of bailing communicate our, you know, dealing with the communication between older PM's or the PM's inside the server and the communication between the B M t today physical server.
07:11
So if hiker compromised the hyper visor,
07:13
you might be able to jump between B b m submerged emotions, and that means jump between maybe your little machine and the machine from the other vendor.
07:24
So that's a big, big problem.
07:27
Why he's cross. I spooked inclined side based
07:29
works at the end. Every malicious payload inject in their in their server, for example, we have
07:39
let me just give you real quick example right here. We have a server here. This is an http server, and you're right here with your computer. So ah ah, hacker, which is located right here. Just, you know, for some reason, it's smart with us.
07:56
Uh, in Jack's a malicious pale here. Like, for example, give me the cook, all the cookies, you know, it post on a script.
08:07
You know, it puts something malicious here and closes the script.
08:13
And it's a simple is that,
08:16
uh so this is grip you know, if maybe you're trying to purchase something over here
08:22
and going to the server and the server. Okay, here's your stuff.
08:26
The problem happens when you actually do the same and go to the server right here. Still with the same command seed, same browser.
08:35
But the server will actually return this script right here.
08:41
And this script will be executed in your computer right here. And maybe it's still in credentials. Scribbles for still credentials, stealing cookies, actually downloading a malicious payload. For example, A pdf saying you have to open this in order to complete your purchase, that something malicious and
09:00
he can affect you really, really bad.
09:03
Okay, When dealing with piety, Cloud y spoofing represents a big concern because imagine someone pretending to be your old using your peacemaker and tell your server Okay, I'm no longer need the service. Or or maybe you have announcer German machine with you.
09:22
Ah, and you know, again, hacker spoofing that that device it telling the server I don't know. I no longer need the service, so that's a big deal. When dealing with Iet's see security and Safety
09:37
In today's brute lecture, we discussed I a T club treads and concerns
09:45
again the cloud security alliances had go to For also, that's that that reference will always appears. I will highly recommend you to read it
09:56
in the next video. We'll examine I A T Cloud Service is providers. Well, that's it for today, folks, I hope in your video and 30 soon.

Up Next

IoT Security

This IoT Security training is designed to help IT professionals strengthen their knowledge about the Internet of Things (IoT) and the security platforms related to it. You’ll also be able to identify the security, privacy and safety concerns related to the implementation of an IoT infrastructure.

Instructed By

Instructor Profile Image
Alejandro Guinea
CERT Regional Director
Instructor