The Role and Security of Firewalls in IaaS Cloud Computing

Cloud computing is playing an ever larger role in the IT infrastructure. The migration into the cloud means that we must rethink and adapt our security measures. Ultimately, both the cloud provider and the customer have to accept responsibilities to ensure security best practices are followed. Firewalls are one of the most critical security features. Most IaaS providers make firewalls available to their customers. In most cases, the customer assumes a best-case working scenario which is often not assured. In this paper, we studied the filtering behavior of firewalls provided by five different cloud providers. We found that three providers have firewalls available within their infrastructure. Based on our findings, we developed an open-ended firewall monitoring tool which can be used by cloud customers to understand the firewall's filtering behavior. This information can then be efficiently used for risk management and further security considerations. Measuring today's firewalls has shown that they perform well for the basics, although may not be fully featured considering fragmentation or stateful behavior.

[1]  Song Guo,et al.  A general cloud firewall framework with dynamic resource allocation , 2013, 2013 IEEE International Conference on Communications (ICC).

[2]  Avishai Wool,et al.  A quantitative study of firewall configuration errors , 2004, Computer.

[3]  Abhinav Mishra,et al.  Cloud computing security considerations , 2011, 2011 IEEE International Conference on Signal Processing, Communications and Computing (ICSPCC).

[4]  Mohamed G. Gouda,et al.  Firewall design: consistency, completeness, and compactness , 2004, 24th International Conference on Distributed Computing Systems, 2004. Proceedings..

[5]  Ahmad-Reza Sadeghi,et al.  AmazonIA: when elasticity snaps back , 2011, CCS '11.

[6]  Rajkumar Buyya,et al.  Market-Oriented Cloud Computing: Vision, Hype, and Reality for Delivering IT Services as Computing Utilities , 2008, 2008 10th IEEE International Conference on High Performance Computing and Communications.

[7]  Kevin R. B. Butler,et al.  Detecting co-residency with active traffic analysis techniques , 2012, CCSW '12.

[8]  Ned Freed,et al.  Behavior of and Requirements for Internet Firewalls , 2000, RFC.

[9]  David Newman,et al.  Benchmarking Terminology for Firewall Performance , 1999, RFC.

[10]  Ronald L. Rivest,et al.  How to tell if your cloud files are vulnerable to drive crashes , 2011, CCS '11.

[11]  P. Mell,et al.  The NIST Definition of Cloud Computing , 2011 .

[12]  Edgar R. Weippl,et al.  Dark Clouds on the Horizon: Using Cloud Storage as Attack Vector and Online Slack Space , 2011, USENIX Security Symposium.

[13]  Hovav Shacham,et al.  Do you know where your cloud files are? , 2011, CCSW '11.

[14]  Mohamed G. Gouda,et al.  Diverse Firewall Design , 2008, IEEE Trans. Parallel Distributed Syst..

[15]  Subhajyoti Bandyopadhyay,et al.  Cloud computing - The business perspective , 2011, Decis. Support Syst..

[16]  Avishai Wool,et al.  Trends in Firewall Configuration Errors: Measuring the Holes in Swiss Cheese , 2010, IEEE Internet Computing.

[17]  Mohamed G. Gouda,et al.  A model of stateful firewalls and its properties , 2005, 2005 International Conference on Dependable Systems and Networks (DSN'05).

[18]  Kevin Curran,et al.  Cloud Computing Security , 2011, Int. J. Ambient Comput. Intell..

[19]  Kevin R. B. Butler,et al.  On detecting co-resident cloud instances using network flow watermarking techniques , 2014, International Journal of Information Security.

[20]  Edgar R. Weippl,et al.  Cloudoscopy: services discovery and topology mapping , 2013, CCSW.

[21]  Benjamin Farley,et al.  Resource-freeing attacks: improve your cloud performance (at your neighbor's expense) , 2012, CCS.

[22]  Randy H. Katz,et al.  Above the Clouds: A Berkeley View of Cloud Computing , 2009 .

[23]  S.M. Bellovin,et al.  Network firewalls , 1994, IEEE Communications Magazine.

[24]  S. Forrest,et al.  A History and Survey of Network Firewalls , 2014 .

[25]  Randy H. Katz,et al.  A view of cloud computing , 2010, CACM.