Risk
7/20/2010
07:41 PM
Keith Ferrell
Keith Ferrell
Slideshows
Connect Directly
RSS
E-Mail
50%
50%
Repost This

Slideshow: Cloud Security Pros And Cons

Securing your business in the cloud can offer substantial savings and resources balanced by large and unexpected risks. In this review of cloud security silver linings and storms warnings, we look at some of the brightest and darkest security clouds.
Previous
13 of 13
Next


Every one of the cloud caveats we've explored is countered, if not offset, by a cloud benefit. Perhaps the biggest benefit of all is the sheer momentum cloud computing now carries. Even stodgy, staid industries and businesses are looking to the cloud now. While conservative financial industries and businesses embrace of the cloud doesn't indicate that all security issues have been resolved, their presence does say that the cloud may be no more risky than ground-based computing and connection. That sounds like faint praise, and it may be. But the risks we live with on the ground are risks we also learn to manage and correct on the ground. The same is true in the cloud. Make sure your security protections and procedures are completely up-to-date. Limit access only to those who require access. Be sure you have non-cloud-based iterations of vital data stored in the cloud. Taking care with these and related issues will help see to it that your cloud-based experiences provide you with silver linings, rather than storms.

Previous
13 of 13
Next
Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-3946
Published: 2014-04-24
Cisco IOS before 15.3(2)S allows remote attackers to bypass interface ACL restrictions in opportunistic circumstances by sending IPv6 packets in an unspecified scenario in which expected packet drops do not occur for "a small percentage" of the packets, aka Bug ID CSCty73682.

CVE-2012-5723
Published: 2014-04-24
Cisco ASR 1000 devices with software before 3.8S, when BDI routing is enabled, allow remote attackers to cause a denial of service (device reload) via crafted (1) broadcast or (2) multicast ICMP packets with fragmentation, aka Bug ID CSCub55948.

CVE-2013-6738
Published: 2014-04-24
Cross-site scripting (XSS) vulnerability in IBM SmartCloud Analytics Log Analysis 1.1 and 1.2 before 1.2.0.0-CSI-SCALA-IF0003 allows remote attackers to inject arbitrary web script or HTML via an invalid query parameter in a response from an OAuth authorization endpoint.

CVE-2014-0188
Published: 2014-04-24
The openshift-origin-broker in Red Hat OpenShift Enterprise 2.0.5, 1.2.7, and earlier does not properly handle authentication requests from the remote-user auth plugin, which allows remote attackers to bypass authentication and impersonate arbitrary users via the X-Remote-User header in a request to...

CVE-2014-2391
Published: 2014-04-24
The password recovery service in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 makes an improper decision about the sensitivity of a string representing a previously used but currently invalid password, which allows remote attackers to obtain potent...

Best of the Web