Cloud Penetration Testing: Methodology By Bhavin Shah
Cloud Penetration Testing: Methodology
By Bhavin Shah
2
Testing the
Cloud
Question
Research
Threat Statemen
tExperimen
t and Model
CollectResults
ProposeSolutio
n
3
STEP 1
Ask QuestionsKey Questions:
1) What are the various techniques used to authenticate users to the cloud?
Why is cloud authentication the paramount component of cloud security?
2) How secure is authentication in the cloud?
Are there security issues in elements other than the cloud system (ex. physical security, databases, etc.) ?
4
Establish a research environmentOpenStack, open-source cloud software
Research authentication measures for the specified environmentKeystone, OpenStack’s authentication serviceHorizon Dashboard, OpenStack’s graphical
interface for administrators to manage cloud resources
STEP 2
Research
5
STEP 3
Threat StatementAn attacker can obtain credentials of the cloud administrator through hacking and/or social engineering and use them to authenticate to a cloud and temporarily or permanently damage normal operations.
6
STEP 4
Normal Operations
7
STEP 5
Vulnerability Testing
8
STEP 6
ResultsOverview:
Information in the captured session cookie revealed user credentials.
Why?
The credentials were insecure because by default, Horizon uses HTTP for web communications instead of the more secure HTTPS.
9
STEP 7
Devising a SolutionProblem Source: Use of HTTPSolution: Enable HTTPS for communicationsAvoiding similar problems in future:
Follow security guidelinesProperly configure new softwareRegularly check existing software for
vulnerabilities and apply patches
10
Extra ContentHorizonLoggingNova VersionSSHImage ProvisionDevstack Directory
11
Shown here is the window used to login to the Horizon Dashboard.
12
The screenshot above shows the process used to enable logging in OpenStack.
13
Shown above is a command used to get the version number of OpenStack’s compute service, Nova.
14
This is an error encountered while using SSH to connect to an OpenStack instance. It is occurring because the key pair file used for security is not being accessed privately by the user who generated it.
15
Above is an image of the OpenStack Dashboard. It currently shows several images that can be launched as instances in the cloud.
16
Below is a screenshot from Ubuntu showing the main devstack directory.