International Journal of Distributed and Cloud Computing

Open Access Open Access  Restricted Access Subscription Access
Open Access Open Access Open Access  Restricted Access Restricted Access Subscription Access

Identifying and Remediating Rogue Services within a Cloud Based Virtual Machine


Affiliations
1 St. Cloud State University, United States
     

   Subscribe/Renew Journal


While the benefits of Cloud computing are well known, often the security risks involved are new and substantial. The hosts of choice in the cloud, the virtual machine (VM), are created in large numbers. This means that it becomes very difficult to keep track of each service running within the cloud. Fortunately, commands exist within the LINUX operating system that can be used to evaluate the purpose of transport layer ports related to the services running on a given host (VM). The example utilized in this paper is a complex remote procedure call (RPC) service, which generates multiple dynamically defined ports that will be evaluated using LINUX commands. Besides the expected legitimate ports there were also suspected rogue ports. These ports were created as a function of the RPC software, but were not traceable to a process id or the originating executable. The fact that these ports forked from a kernel level process made it difficult to trace their origins. Fortunately, because these ports were generated dynamically and their purpose was not known to the system administrator the firewall block definition was not updated and traffic to that port remained blocked. Simply stated by default the firewall was in place to automatically block unknown traffic whether legitimate or not. In this case the default definition served well. To remediate this problem more care needs to be used when defining/evaluating policy. Additionally, it is suggested that the port evaluation procedure be recorded and automated through the use of LINUX scripts.

Keywords

Cloud Computing, Virtual Machines, Remote Procedural Call (RPC), Port Evaluation.
Subscription Login to verify subscription
User
Notifications
Font Size


Abstract Views: 169

PDF Views: 1




  • Identifying and Remediating Rogue Services within a Cloud Based Virtual Machine

Abstract Views: 169  |  PDF Views: 1

Authors

Dennis C. Guster
St. Cloud State University, United States
Mark B. Schmidt
St. Cloud State University, United States
Karthik Paidi
St. Cloud State University, United States

Abstract


While the benefits of Cloud computing are well known, often the security risks involved are new and substantial. The hosts of choice in the cloud, the virtual machine (VM), are created in large numbers. This means that it becomes very difficult to keep track of each service running within the cloud. Fortunately, commands exist within the LINUX operating system that can be used to evaluate the purpose of transport layer ports related to the services running on a given host (VM). The example utilized in this paper is a complex remote procedure call (RPC) service, which generates multiple dynamically defined ports that will be evaluated using LINUX commands. Besides the expected legitimate ports there were also suspected rogue ports. These ports were created as a function of the RPC software, but were not traceable to a process id or the originating executable. The fact that these ports forked from a kernel level process made it difficult to trace their origins. Fortunately, because these ports were generated dynamically and their purpose was not known to the system administrator the firewall block definition was not updated and traffic to that port remained blocked. Simply stated by default the firewall was in place to automatically block unknown traffic whether legitimate or not. In this case the default definition served well. To remediate this problem more care needs to be used when defining/evaluating policy. Additionally, it is suggested that the port evaluation procedure be recorded and automated through the use of LINUX scripts.

Keywords


Cloud Computing, Virtual Machines, Remote Procedural Call (RPC), Port Evaluation.