Cloud-10 Infrastructure Security

R9:Infrastructure Security
Security Risks


 * 1) Default configurations of systems and network devices
 * 2) All services, even active, unused ones, may contain security related bugs that potentially can be exploited.
 * 3) Compromised services may be used as "hop-off" points to other services, unless they are contained. For example, a compromised web service may lead to a compromised backend database, if the database can be reached directly from the web tier.
 * 4) Active network protocols, and open ports, may be exploited even if they are not used in the solution architecture
 * 5) Administrative access may be abused, either deliberately by the administrators, or through compromised administrative accounts. Furthermore administrative access can cause disruption through accidents
 * 6) All code (application, OS, network) will contain security related bugs, and configurations may contain configuration mistakes, that can be exploited.

Countermeasures


 * 1) Hardening of operating systems, applications and configurations
 * 2) Tiering of the solution architecture
 * 3) Containment
 * 4) Role-based administrative access, restricted administrative privileges
 * 5) Regular vulnerability assessments