Similar to services such as Amazon Web Services (AWS) EC2 and Azure VM, the service enables users to create, manage, secure, and monitor a variety of general-purpose virtual systems. A few months ago, Mitiga began research on Google Cloud Platform’s (GCP) Compute virtual machine (VM) service.
In order to protect customers from the growing threat of cloud-savvy attackers, Mitiga works to identify new techniques an adversary might use as part of sophisticated cloud compromises. We at Mitiga believe that this a potentially dangerous functionality and misconfiguration is likely common enough to warrant concern however, with proper access control to the GCP environment there is no exploitable flaw. They agreed with us that some documentation supporting these features could be clarified, but both Mitiga and Google agreed that the finding wasn’t a vulnerability. We discussed this with the relevant team at GCP through Google’s VRP program. In this section, we describe some odd and potentially dangerous behavior within Google Cloud. Strange behavior in Google Cloud’s control plane Could an adversary build malware that could still communicate with that machine over the network? The answer is less clear than you’d imagine. For example, imagine a system that is completely “firewalled off”-a firewall prevents any inbound or outbound connections from the machine. The biggest risk in cloud development is not recognizing the differences between cloud and traditional definitions of common architecture terms.
Despite the many benefits, cloud-based solutions can bring hidden dangers.
The advent of managed services has enabled solutions architecture to become an assortment of building blocks-configuration is simple, scaling is precise, and development unfolds at an unprecedented pace. There’s a good reason many developers are excited about the cloud.
0 kommentar(er)
