Business enterprises are competing to get their applications up and running faster with improved manageability and less maintenance by reassigning the ability to IT specialists to adjust resources in order to meet business fluctuating needs. This can be achieved through utilizing the Cloud Computing Model which is distinguished by `pay as you go' model. The model offers solutions of storage, convenient and on-demand access to a shared pool of configurable computing resources. As with any novel technology, Cloud Computing is subject to security threats and vulnerabilities including network threats, information threats and underlying infrastructure threats. In this paper, we present a framework by which penetration testing is conducted to highlight possible vulnerabilities within our private Cloud Computing infrastructure, simulate attacks to exploit discovered vulnerabilities such as Denial of Service (DoS) and Man-in-the-Cloud attacks, apply countermeasures to prevent such attacks, and then to exemplify a recommended best practice protection mechanism which will contribute to the Cloud Computing security.
[1]
Abdelkader H. Ouda,et al.
A cloud-based secure authentication (CSA) protocol suite for defense against Denial of Service (DoS) attacks
,
2015,
J. Inf. Secur. Appl..
[2]
A. B. M. Shawkat Ali,et al.
A survey on gaps, threat remediation challenges and some thoughts for proactive attack detection in cloud computing
,
2012,
Future Gener. Comput. Syst..
[3]
Ryan Shea,et al.
Performance of Virtual Machines Under Networked Denial of Service Attacks: Experiments and Analysis
,
2013,
IEEE Systems Journal.
[4]
Athanasios V. Vasilakos,et al.
Security in cloud computing: Opportunities and challenges
,
2015,
Inf. Sci..
[5]
Wanlei Zhou,et al.
Cloud security defence to protect cloud computing against HTTP-DoS and XML-DoS attacks
,
2011,
J. Netw. Comput. Appl..