The Effect of Firewall Testing Types on Cloud Security Policies

The Effect of Firewall Testing Types on Cloud Security Policies

Annie Shebanow (Colorado Technical University, USA), Richard Perez (Colorado Technical University, USA) and Caroline Howard (Colorado Technical University, USA)
DOI: 10.4018/jsita.2012070105
OnDemand PDF Download:
$37.50

Abstract

An important aspect of security requirements is a firm understanding of the threats to systems so that specific defense mechanisms can be implemented. Globally scattered network systems and on-demand access to systems such as cloud computing require a high level of security, because the software and hardware of networks are integrated in vulnerable shared or outsourced environments. Hackers are relentless in finding new techniques to gain access to sensitive data. Securing infrastructures is a challenging task, but when researchers identify and investigate potential threats and create solutions, vulnerabilities may be reduced. The purpose of this paper is to explore how use, misuse, positive and negative, obstacle, and abuse testing cases of firewalls have broadened the security policies that mitigate or prevent threats in a cloud environment.
Article Preview

Introduction

Cloud computing is emerging as a viable solution for companies competing in a rapidly changing global business environment, because survival depends on the implementation of scalable, flexible, and cost-effective strategies and technology. The rising demand for multimedia information, video streaming and compression, media synchronization mechanisms, and graphical rendering has vastly increased the need for computational resources (Wu, Hou, Zhu, Zhang, & Peha, 2003). With its capability of solving large-scale problems, hosting client applications and data storage, and billing by consumption, cloud computing has transformed information-technology infrastructures. As Srinivasan and Getov describe this evolution, “Cloud computing represents a fundamental shift in the delivery of information technology services that has permanently changed the computing landscape” (2011). The notion of cloud computing is not new. The initial concept can be traced back to Licklider, one of the pioneers of ARPANET, who helped to make the intergalactic computer network a reality while working at the Advanced Research Project Agency. In 1960, Licklider saw the need for sharing information, computing resources, and collaboration through the use of computers anywhere and access data anywhere. When Parkhill presented the challenge of a computer utility in 1966, his idea was to provide a wide range of computing-related services as public utilities, just like electricity, gas, telephone, and water. Utility computing has been the subject of discussion for nearly 50 years. Although cloud technology has been available through the Internet for some time, public cloud services are a more recent phenomenon.

Through virtualization, cloud computing offers infinite on-demand resources (Armbrust et al., 2009) and almost instant accessibility with minimum startup time (Ramakrishnan, Jackson, Canon, Cholia, & Shalf, 2010). Cloud computing service providers can offer resources as a utility, employing the standard “pay-as-you-use” model. The positive economic impact of using cloud computing is extremely attractive to businesses, but cloud’s security challenges are enough of a barrier preventing some companies from buying into the service. Cloud computing requires a high level of security, as software and hardware are integrated in vulnerable shared or outsourced environments. In fact, many studies, such as those of Wang (2010), Jensen et al. (2009), and Owens (2010), indicate that security remains the most challenging issue of cloud computing.

Security should protect storage, core services, and any components used to form an infrastructure. Certain cloud computing environments, such as virtual private clouds with dedicated resources and isolated, virtual, private networks, offer a measure of security of their own. Securing cloud environments requires a firm grasp of potential risks and protective measures. Some security testing is applied in testing of the firewalls, which are a combination of hardware and software that form the primary barriers between internal and external networks. The main purpose of a firewall is to secure a private network when connected to a public network by filtering incoming packets. Firewalls authenticate access, record and report events, and prevent undesirable traffic from flowing through the system. The four basic categories of a firewall—packet filters, circuit-level gateways, application-level gateways (proxies), and stateful multilayer inspection—are vital in screening network traffic. Each packet is compared to a set of rules and then action is taken. In a circuit-level gateway, each connection setup is examined to verify the legitimate Transmission Control Protocol (TCP) handshaking has occurred in a packet-filtering firewall. Existence of proxies allows packets to access services; this is application-level gateway. The last category of firewalls combines aspects of the other three. To effectively protect networks from security compromises, a firewall ideally should run on a dedicated system that does not include any user-accessible programs. Since no specific rules exist that can be applied to firewall design, the skills that firewall architects hold are of vital importance in configuring the design and implementation: Incorrect configuration can cause damage to the network, and deployment errors make firewalls vulnerable.

Complete Article List

Search this Journal:
Reset
Open Access Articles: Forthcoming
Volume 8: 4 Issues (2017): Forthcoming, Available for Pre-Order
Volume 7: 4 Issues (2016)
Volume 6: 4 Issues (2015)
Volume 5: 4 Issues (2014)
Volume 4: 4 Issues (2013)
Volume 3: 4 Issues (2012)
Volume 2: 4 Issues (2011)
Volume 1: 4 Issues (2010)
View Complete Journal Contents Listing