Introduction
Cloud-based systems are referred to as systems on which applications can be manipulated, configured and accessed online (Mahalkari, Tailor & Shukla, 2016). Cloud computing users can gain access to several database resources through the internet regardless of where they are located, and for as long as they need without getting worried about the maintenance or management of actual resources.
Cloud-based systems share similar security and privacy concerns as the conventional computing models, that is, those relying on non-cloud services ((Mahalkari et al., 2016). Moreover, the security concerns are magnified through third party control over an organization’s data and applications. In cloud computing, there are various levels on which a security measure has to be adopted to cover any security issues. Defense-in-depth is an excellent technique of safeguarding cloud-based systems as it comprises of multiple security defense, as a result, it is also referred to as a layered approach to security (Amoroso, 2012).
It operates on the principle that a defense component can be compromised at any time. Different security products from various vendors can be deployed to protect potentially vulnerable sources in the network. Cloud-based systems allow any user to access their data; hence, they are highly susceptible to attackers. This paper seeks to examine the benefits of defense in depth to the cloud-based system in the three different events and levels of malicious attack.
Benefits of Defense in Depth Related To Cloud-Based Systems In The Event Of a Malicious Attack
Defense in depth has an advantage over other security measures as it is a conglomeration of the various defense strategies that an organization might find suitable. The defense in depth is of benefit to a cloud-based system in the event of a malicious attack as it helps to stop breaches, minimize the impact of a breach by slowing down attackers, hence give an additional time to detect and respond to the attack (Mahalkari et al., 2016). However, it is essential to note that the efficiency of the layered approach to security is dependent on the single-layered security mechanisms deployed. Many potential black-hats are utilizing a wide variety of attack methods, and regardless, there lacks a single method that can effectively protect a cloud-based system from such attacks.
The script kiddie
This is a black-hat whose primary objective is to gain root into an organizational network in the easiest way possible (McGuiness, 2019). Such attackers are not looking for specific data or targeting a particular organization.
They carry out the attack through concentrating on a limited number of exploits, and then search in the entire internet for that exploit, and find a vulnerable entity. Despite their lack of technical knowledge, script kiddies are dangerous as capitalize in the technical disabilities of others and do not care about whomever they attack. A defense in depth comprising of a firewall to manage ingoing and outgoing traffic in a network and a network-based intrusion detection system (IDS) to recognize abnormal behavior indicative of an attack or recognize attack signatures, anti-virus software and educating employees on various phishing scams, is considered as the most effective (McGuiness, 2019).
The skilled attacker
Although the number of attacks carried out by skilled attackers is less than that facilitated by script kiddies, they are often successful (McGuiness, 2019). The skilled attacker researches the organization before-hand, to determine the various entry points into the network. Once identified, they will then determine the most suitable position and utilize organizational information to develop more successful social engineering attacks. Therefore, this suggests the need for a defense in depth strategy that entails a more comprehensive and impervious set of single-layered security measures. On top of the measures implemented in the script kiddie attack, other measures include placing more emphasis on employee education, physical security, good strategies for user authentication, specifically via the use of one-time passwords (McGuiness, 2019).
The inside attacker
Modern cyber threats can emanate from inside the network. Black-hats can utilize all kinds of techniques to bypass an organization’s robust perimeter defense; however, malicious or careless insiders can amplify cybersecurity issues. Defense in depth cybersecurity strategies is essential for countering insider threats. The additional security measures that can be used to discourage inside attackers comprise employee screening, the creation and implementation of security policies and procedures, rotation of assignments and segregation of duties (McGuiness, 2019). Security policies and procedures outline to network users the guidelines for using the network and the potential repercussions.
Employee screening ranges from the provision of security clearance to checking reference; however, it is dependent on the degree of risk presented to the company if the employee became deviant. On the other hand, the separation of duties entails employees being assigned distinct tasks and responsibilities. This minimizes the risk for an internal breach of the network as it is easier to locate the source of the attack.
Conclusion
Network security measures go beyond having single-layered security systems, as there is no single measure that can effectively protect a cloud-based system from all kinds of malicious attacks. The script kiddie, the skilled attacker and the inside attacker all have their unique methods of gaining access into a network, hence require distinct security strategies. Although the dfense in depth strategy is more effective than the single-layered security mechanisms, its main disadvantage is that it requires a higher overall cost of deployment.
References
Amoroso, E. G. (2012). Depth. In Cyber attacks: Protecting national infrastructure (Chapter 6). Elsevier.
Mahalkari, A., Tailor, A., & Shukla, A. (2016). Cloud computing security, Defense in depth detailed survey. International Journal of Computer Science and Information Technologies, 7(3), 1145-1151.
McGuiness, T. (2019). Defense in depth. Web.