Ankush PresenT

8/2/2019 Ankush PresenT

1/37

Evaluation of Cloud Securityunder Firewalls

- Ankush Vee

Graduate Project Spring 2012Committee Members

Dr. Mario Garcia

Dr. Long Zhuang Li

Dr. David Thomas


2/37

Outline

Aims and Objectives Cloud Security Issues

Existing models

Proposed model

Simulations

Results

Conclusion and Future work

Demo References

2


3/37

Aim

To evaluate the cloud performance under the secure firewall

implementation and block the unwanted web traffic using the

OPNET IT guru simulation.

3


4/37

Objective

To review the cloud security issues and the current securitymodels

To propose a new security model for cloud data and

information security

To design the simulation using OPNET It guru and create threescenarios

To measure the performance of the cloud under these three

scenarios using some performance metrics

To compare the scenario results and corresponding graphs andto evaluate the performance of cloud

4


5/37

Cloud Security Issues

Privacy issues

Availability and backup

Access issues

Trust

Illegal secondary usage

Data proliferation issues

5


6/37

Existing models

Cloud cube model Organization boundaries

Open/propriety

Parameterized/De-parameterized

Insourced/Outsourced nature of cloud

Data security model

User authentication

Data encryption process Fast recovery data

6


7/37

Proposed model

Here, three scenarios are created:

- No Firewall scenario

- Firewall scenario

- Firewall scenario: Blocking Web access

7


8/37

Proposed model (contd..)

No firewall scenario: The objective of this scenario is to impose no firewall conditions across

the network.

To set up this network, the following objects are needed: The application configuration object is used to define the applications

The profile configuration object is used to define the application

profiles

Ip32_cloud object is used to act as the internet cloud

8


9/37


10/37


Figure 1. No firewall scenario

10


11/37


Firewall scenario

The scenario is duplicated and required firewall scenario is created

Here, a firewall router is created.

Constant packet latency of .05 seconds are imposed for packet filtering

11


12/37


Firewall scenario: Block Web access

This scenario is created by duplicating second scenario, where the aim

is to block unauthorized web access.

12


13/37

Simulation procedure

OPNET IT guru as simulation tool

Provides rich user interface

This has an object palette

Compare scenarios

Three levels of performance metrics

13


14/37

Simulation procedure (contd..)

Simulation of No firewall scenario Application Configuration settings:

Rename a row as Database and choose

the heavy load database against the

Database application

Rename another row as web and

choose heavy browsing against HTTP

application

14

Figure 2. Application configuration settings


15/37


Profile configuration settings

15

Figure 3. Database profile configuration Figure 4. Web profile configuration


16/37


Cloud configuration:

The packet latency is set to 0.05 seconds it indicates that, the maximum

packet delay across the cloud due to the web and database applications

is 50ms

Each and every packet is processed across the cloud with this limiteddelay

16Figure 5. IP32 Cloud configuration


17/37


West router and East router Configuration:

Ethernet4_slip8_gtwy object is dragged from the object palette and

renamed as Router_West

They are connected to the IP32 cloud using the PPP_DS1 links

17

Figure 6. West and East router configuration


18/37


Home office configuration:

Number of workstations are set to

150

Database profile is added thenumber of users are set to 50

Another profile is set to web profile

and the number of users are set to

100

18

Figure 7. Home office configuration


19/37


Server Configuration:

Two PPS servers are dragged from the object palette and they are set as

database server and web server.

Right click on the database server and choose edit attributes

Edit the application supported profiles and set Database application assupported

19Figure 8. Database server configuration


20/37


Performance metrics:

OPNET IT guru provides three levels of performance evaluation like at

the global level, node level and link level

20Figure 9. Three levels of performance metrics


21/37


21

Figure 10. Global statics Figure 11. Node Statics Figure 12. Link Statics


22/37


Simulation of firewall scenario

From the option model choose, ethernet2_slip8_firewall such that now

the router acts as a firewall

Proxy server information option is expanded and the row 1 option isedited such that the latency is set a constant value of 0.05

22

Figure 13. Procedure to duplicate scenario


23/37


23

Figure 14. Firewall configuration Figure 15. Firewall scenario setup


24/37


24

Simulation of Firewall blocking scenario:

Expand the Proxy server information and choose the row 4 i.e. HTTP

Set the proxy server deployed option to No

Figure 16. Blocking web traffic


25/37


25

Running the simulation:

Figure 17. Manage scenarios

Figure 18. Simulating scenarios for One hour


26/37

Results

Results for Database application Database query response time:

This indicates overall performance

of the database application

When the unwanted web traffic is

blocked, the overall performance of

the database application is enhanced

and also the security across the

cloud is enhanced.

26

Figure 19. DB query response time


27/37

Results (contd..)

Server DB query load:

The overall load on the database

server is estimated

When there is firewall over the

network the overall load on the

database server is increased as due to

the additional security firewall

policies.

27

Figure 20. DB server query load


28/37

Results (contd..)

Database Server point to point utilization:

This indicates the application

performance against the key security

issues.

The point to point utilization of the

database server is increased when

there is firewall across the cloud.

28

Figure 21. DBserver point to point utilization


29/37

Results (contd..)

Results for web application Page response time for no firewalls scenario:

The average response time is constant

across the simulation and the maximum

time consumed in this context is one

minute

The flow of the web application is

constant across the cloud without any

limitations

29

Figure 22. HTTP response time


30/37

Results (contd..)

Page response time across firewalls

scenarios:

The average maximum page

response time across the webapplication is 6 seconds

From the overall analysis it can be

understood that blocking the web

traffic will increase the pageresponse time.

30

Figure 23. HTTP response time


31/37

Results (contd..)

Cloud performance

Point to point cloud utilization across west

router:

This indicates overall point to pointcloud utilization across the west router

The overall utilization of the cloud can

be optimized when the web traffic is

blocked using the firewalls.

31

Figure 24. Cloud utilization across west

router


32/37

Conclusion

Providing security to the database resources and web resources

is a tedious task

A new security model is proposed and the proposed design is

explained, OPNET IT guru is used for simulation

From the overall analysis of the results the proposed firewall

model is well used for enhancing the database application

32


33/37

Future work

More number of applications can be used to evaluate the

performance of the security model proposed

Combined clouds and hybrid clouds can be used in future to

evaluate the security requirements

33


34/37

Demo

34

Figure 25. OPNET home screen


35/37

References

Galen Gruman . (2009). What cloud computing really means.

Journal of cloud computing. 21 (1), p10-14.

Dave Asprey. (2010). Building a truly secure Cloud with Dell

and Trend Micro. Journal of Computer Applications. 2 (1), p9-

15.

Richard Chow. (2009). Controlling Data in the Cloud:

Outsourcing Computation without Outsourcing Control.

International Journal of Network Security & Its Applications

(IJNSA. 20 (1), p7-12.

Jon Brodkin. (2008). Gartner: Seven cloud-computing security

risks. Cloud Security Journal . 3 (1), p4-7.

35


36/37

References (contd..)

Alan Boehme. (2010). Top Threats to Cloud Computing V1.0.

Cloud Security Alliance. . 10 (2), p19-23.

CHEN Quan. (2009). Cloud computing and its key techniques.

Journal of Computer Applications. 20 (1), p10-12.

Kevin Hamlen. (2010). Security Issues for cloud computing.

International Journal of Information Security and Privacy. 4

(2), p12-15.

ELIZABETH WHITE. (2009). Safeguarding Management and

Security in the Cloud. Cloud Security Journal . 3 (1), p8-12.

36


37/37

References (contd..)

Aderemi A. Atayero. (2011). Security Issues in Cloud

Computing: The Potentials of Homomorphic Encryption.

Journal of Emerging Trends in Computing and Information

Sciences. 2 (10), p12-16.

David Binning. (2011). Top five cloud computing security

issues. International Journal of Software engineering. 4 (2),

p20-24.

Terri Quinn-Andry. (2010). Pervasive Security Answers Cloud

Computing Worries. Cisco cloud articles. 2 (1), p10-13.

37

Documents

Ankush PresenT