Security and Encryption
Cybersecurity attacks
Most cybersecurity breaches involve a human element meaning they exploit users' vulnerabilities to understand proper security measures. Attacks exploiting users are commonly known as social engineering.
Some of the most common attacks are as follows:
Phishing involves sending a fraudulent message to a user via email or text that tries to trick the user to provide sensitive information or clicking a link that installs malicious software on their device. Messages normally pretend they come from trusted sources. One of the most successful ways of hacking systems.re or redirect you to fake sites that steal your information.
Whaling is like phishing but attacks big corporations and high level executives.
Wipers installed via malware designed to destroy data on systems.
Pharming and Typosquatting involves using malicious sites to scam users into entering information. Pharming disguises pages as a trusted site while typosquatting takes advantage of misspelled or typos to get people to fake pages.
SQL Injection Attacks hackers exploit web pages that contain forms and insert malware on hosts.
Denial of Service (DoS) is where sites are flooded with web traffic and systems crash.
Brute Force Attacks use software to try to guess credentials and break into systems.
Man In The Middle Attacks involve hackers listening to connections and intercepting credentials. An unsecured WiFi signal is a way they can do this.
Insider Threats can be accidental where malware is inadvertently downloaded or on purpose where employees abuse their access.
Zero Day Attacks leverages bugs found in systems like operating systems and attacks them before fixes can be put in place.
For social engineering attacks hackers use tactics like authority that impersonates someone important, urgency call to action, curiosity, fear and helpfulness.
Hackers are often motivated by ROI (Return on Investment). Breaking into a hardened cloud environment like the ones you've worked with in Google Cloud requires massive resources. In contrast, attacking the human is:
Expensive: Requires custom malware or expensive "Zero-Day" exploits
Cheap: Requires a basic email script and a convincing story.
Difficult: Modern systems like Cloud Run have automated defenses.
Easy: Humans are tired, distracted, or helpful by nature.
Traceable: Leaves technical logs in the system.
Invisible: Often goes unnoticed until the damage is done.
SolarWinds Attack: Targeted major companies and government agencies.
Marriott Hotel Data Breach: Millions of customers' personal information compromised.
Equifax Data Breach: Data of 145 million Americans stolen.
Yahoo Data Breaches: Millions of account details leaked.
Target Data Breach: Credit card information of millions exposed.
Defenses
Two factor Authentication ensures that if passwords are stolen a second line of defence is added.
Each account should have unique passwords.
Software patches should be implemented immediately to protect against Zero-Day attacks.
Never share personal information online.
Use 2 factor authentication
Don't use same password everywhere
Update the software on your computer
Be careful with how much info you post online
Be careful when sharing personal info
Google Cloud’s Encryption
Public-key cryptography or Asymmetric Encryption uses a pair of keys (public/private) to secure data.
The Public Key is visible to everyone in order for messages to be dropped off and encrypted.
The Private Key is only used by and given to the person who needs to decrypt or read the message.
Because you need the private key to unlock the message if it is intercepted it can not be read.
Authentication (Digital Signatures) validates the sender and that the message has not been tampered with.
Symmetric Encryption is where a single, shared secret key encrypts and decrypts data.a.
Plaintext refers to readable data that everyone can see.
When you encrypt data you apply an algorithm (AES-256) to make the data unreadable.
Google encrypts data when stored and in transit to protect it from invalid access.
Decryption is done by using the same key that encrypts the data to turn it back into plaintext.
Standards
Google uses the AES (Advanced Encryption Standard) for symmetric encryption.
AES-128 uses a 128-bit key to encrypt and decrypt data. It is used because it is faster but it is not as strong as AES-256.
AES-256: Uses a 256-bit key and is extremely strong and virtually impossible to crack.
Strategy of Encryption
Google encrypts data when it is stored as well as data when it is in transit.
When data is stored it goes through a process of chunking and wrapping. Files are broken into small pieces then encrypted using unique Data Encryption Keys (DEK).
DEK’s are encrypted by Key Encryption Keys (KEK) managed by the Google Key Management Service(KMS).
Data is also encrypted when it moves from the data center to the user.
DEK Encrypts data chunks, KEK Encrypts or Wraps the DEKs that are managed by the KMS
KMS Master Key provides protection for all KEK’s and Root KMS protects the Master Key.
To summarize:
Data is chunked and encrypted with DEKs.
DEKs are encrypted with KEKs.
KEKs are stored in KMS.
KMS is run on multiple machines in data centers globally. ○ KMS keys are wrapped with the KMS master key, which is stored in Root KMS.
Root KMS is much smaller than KMS and runs only on dedicated machines in each data center. ○ Root KMS keys are wrapped with the root KMS master key, which is stored in the root KMS master key distributor.
The root KMS master key distributor is a peer-to-peer infrastructure running concurrently in RAM globally on dedicated machines; each gets its key material from other running instances. ○ If all instances of the distributor were to go down (total shutdown), a master key is stored in (different) secure hardware in (physical) safes in limited Google locations. ○ The root KMS master key distributor is currently being phased in, to replace a system that operated in a similar manner but was not peer to peer.
No comments:
Post a Comment