Cloud Configuration Architecture. Things to consider

Being in a position of cloud solution architect, It’s vital to propose a solution that’s nominal in all ways . From cost to flexiblity. From secure to always operational. let’s discuss those in this write-up.

With the boost cloud computing has seen in recent years, a cloud war was imminent, especially one anchored around the cloud architecture. In the current struggle,many giants  have cemented their positions at the top, and some others have been taking measures to prepare for the race. However, a lot of these organisations fail to build a good cloud architecture. This is because they often do not emphasise on best practices that must be followed.

Cloud players

  • Amazon AWS
  • Microsoft Azure
  • Google cloud
  • Alibaba cloud
  • Oracle cloud
  • IBM cloud

Building a cloud-ready application architecture requires one to pay attention to many things. Among these are traditional concepts like stable design, testing, and correcting a previously committed mistake, and more. Some of the other vital aspects that one should consider are mentioned below:


Design Components Assuming Failure

This pessimistic approach to designing a cloud architecture often works best. Assuming that things will fail, will drive one to look at design needs, as well as implement and deploy for automated recovery from failure.

This entails designing architecture with the mindset that its hardware might fail, preparing for outages or any other disaster, that may force one to think of every possible recovery strategy during design time, which will only help the system.

This pessimistic approach should not just be applied for the hardware, but also to the software side. One needs to ask questions related to what could happen to the application dependent services if the interface changes. Or what could happen if cache keys grow beyond the memory limit of the instance.

This approach helps one design operation-friendly applications and have a better cloud architecture in it.

Loosely Coupled Components For Better Scalability

Building components that do not have tight dependencies on each other will result in the overall operation running as it should be in case a component fails, does not respond or responds slowly.

This means that when one of the loosely built components fail, the other components of the system are built so that they continue the work as if the failure never happened. This is something which can be called as a black box, where each component interacts asynchronously with others. This also allows for more scalability.

Decoupling components, building asynchronous systems and scaling are three of the most important aspects when it comes to cloud architecture.

Giving Emphasis To Security Within The Application

Security is often mid-level on the priority scale for many when thinking about designing a cloud architecture. However, it must be built into the application and must always be prioritised. One needs to pick a security approach and technology before building the application. These must be chosen according to the type of application one is running, and these should be able to address any compliance or other data-level security issues.

Generally, cloud-based applications must leverage identity and access management (IAM). Mature IAM capabilities can reduce a business’s security costs and gives it the option of being more agile at configuring security for cloud-based applications.

Freedom To Migrate

There is no correct size when it comes to choosing a cloud. The cloud strategy that one wants must give them the freedom to migrate to other clouds or run services balanced between two clouds. Planning a strategy by taking a multi-cloud approach will give one flexibility, along with the balance between the best price and performance.

One of the things to keep in mind when it comes to choosing a strategy or having a good cloud architecture is to design a tailored environment, where one can extract the maximum potential from the cloud. This includes the ability of hybridisation, freedom to use applications and multi-cloud approach, which result in tailored and cost-effective solutions.

Optimising Cost

With the rising adoption of the cloud market and the fierce competition, businesses are always searching for the best option where they can optimise their spend and increase performance. With cost optimization strategy, one can reduce costs to a minimum and use savings to improve some of the business strategies or any other place they see fit.

Some of the points to be kept in mind:

  • One needs to remove the operational burden of management and maintenance of infrastructure by taking the help of services provided by a cloud-managing service provider. Doing so will result in efficient architecture and lowering the cost at the same time.
  • Consider shifting from CapEx to Opex. One should keep in mind that they do not need to invest heavily on the hardware they do not need. One’s CapEx shift to Opex could mean better scalability, redundancy, and reliability.
  • Price To Performance Ratio – This ratio gives the ability of a cloud architecture design to deliver lower cost and higher performance. A high price to performance ratio is always desirable.
  • Allocate expense to the functionality of the cloud and resources one requires while dropping or replacing the services.

It’s recommended to configure cloud at nominal level , with proper security inplace

Using Azure Apps ,Attackers sneak in to office 365.

Microsoft Azure capabilities might presumably additionally just be weaponized to interrupt into Microsoft 365 accounts, document researchers who are investigating new attack vectors as companies transition to cloud environments.

The Varonis learn team encountered this vector whereas exploring diversified programs to exploit Azure, explains safety researcher Eric Saraga. Whereas they chanced on just a few campaigns supposed to make utilize of Azure capabilities to compromise accounts, they chanced on little coverage of the dangers. They determined to salvage a proof-of-conception apps to demonstrate how this attack might presumably work. Or no longer it’s price noting they didn’t behold a flaw within Azure, but in its put ingredient programs its contemporary aspects might presumably additionally just be maliciously outdated.

“We determined to originate the proof of conception after seeing doable hazard — no longer from any particular traits,” he says. “Nevertheless, if any one is the utilize of what we described right here to beginning assaults, it’ll most with out a doubt be an [advanced persistent threat] neighborhood or an awfully refined attacker.” As the cloud advances, Saraga anticipates we’ll beginning seeing campaigns designed to make utilize of less complicated versions of this attack.

Microsoft constructed the Azure App Carrier so as that builders might presumably additionally salvage personalized cloud capabilities to call and delight in Azure APIs and resources. Or no longer it’s supposed to simplify the approach of building capabilities that mix with diversified parts of Microsoft 365.

Earlier than an app can originate this, however, it must first quiz an worker for access to the resources it wants. An attacker who designs a malicious app and deploys it by assignment of phishing campaign might presumably additionally trick any individual into granting them access to resources all the plot in which thru the cloud. Azure capabilities assemble no longer require Microsoft’s approval or code execution on a victim’s machine, researchers point out; this potential that, or no longer it’s more straightforward for them to evade safety systems.

An attacker must first have a web utility and Azure tenant to host it. From there, phishing emails are the finest plot for them to originate a foothold, says Saraga. An attacker might presumably additionally send a message with a hyperlink to install the malicious Azure app; this hyperlink would allege the user to an attacker-managed dwelling, which might presumably per chance redirect the user to Microsoft’s login page.

The authentication is handled and signed by Microsoft; therefore, even educated users might per chance be fooled,” he notes. Once the victim logs in to his or her Microsoft 365 occasion, a token is created for the app and the user will almost certainly be triggered to grant permissions. The advised will scrutinize acquainted to someone who has installed an app in SharePoint or Teams; however, or no longer it’s additionally where victims might presumably additionally just see a crimson flag: “This utility is now not any longer revealed by Microsoft or your group.”

Right here’s the most straightforward clue that can presumably cowl unfriendly play, Saraga notes, but many of us tend to click on “accept” with out thinking twice about it. From there, a victim might presumably additionally just no longer know any individual unauthorised is there unless the intruder modifies or creates objects that are visible to the user, he explains.

With these permissions, an attacker would have the opportunity to be taught emails or access files as they wish. This tactic is finest for reconnaissance, launching worker-to-worker spearphishing assaults, and stealing files and emails from Set of job 365, Saraga adds. “By reading the user’s emails, we’re going to title the most well-liked and inclined contacts, send interior spearphishing emails that come from our victim, and infect his peers,” he writes in a weblog submit on the findings. “We are able to additionally utilize the victim’s email fable to exfiltrate recordsdata that we salvage in 365.”

Windows 10 updates issues APR 2020

There’s yet another disastrous Windows 10 update, and this one could seriously mess up your PC. A new update released this month is leading to major crashes and deleted files, but there is a way to uninstall the update if you’re affected.

Windows Latest reports that numerous users have been struggling with issues caused by Windows 10 update KB4549951. This update, released on April 14, was first reported to be causing just computer crashes but newer complaints have pointed to the troublesome update as the cause of lost files.

Crashes and blue screen of death
This update is causing multiple types of crashes, with at least seven different stop codes reported (listed by Windows Latest):

PAGE_FAULT_IN_NONPAGED_AREA
CRITICAL_PROCESS_DIED
ACPI_BIOS_ERROR
INACCESSIBLE BOOT DEVICE
MEMORY_MANAGEMENT
DPC_WATCHDOG_VIOLATION
Portcls.sys


A few users are claiming that these shutdowns are occurring one after the other, meaning there’s no way to actually access the PC and fix the problem.

Disappearing files
In addition to the BSOD problem, other users are reporting that files, including pictures, documents and apps, are being deleted. This is similar to a Windows update from a few months ago, which was thought to be deleting users’ files but in fact was moving them to a new user profile.

How to uninstall Windows 10 update KB4549951
If you’re suffering from these problems, here’s how to uninstall the offending update.

  1. Within the Start menu, go to Settings.
  2. Select ‘Update & security.’
  3. Select ‘Windows Update.’
  4. Select ‘View update history’ -> ‘Uninstall updates’.
  5. On this screen, find the KB4549951 update on the list, select it, and choose ‘Uninstall.’

Don’t push the panic button for updating with patches .. it’s better to wait and watch rather than inviting an issue.

Symlink Race .In to limelight now

A symlink race is a kind of software security vulnerability that results from a program creating files in an insecure manner.A malicious user can create a symbolic link to a file not otherwise accessible to them. When the privileged program creates a file of the same name as the symbolic link, it actually creates the linked-to file instead, possibly inserting content desired by the malicious user or even provided by the malicious user. Resulting in Elevation of privilege attack

It is called a “race” because in its typical manifestation, the program checks to see if a file by that name already exists; if it does not exist, the program then creates the file. An attacker must create the link in the interval between the check and when the file is created.

RACK911 a research lab says the bugs can be exploited by an attacker to delete files used by the antivirus or by the operating system, resulting in crashes or rendering the computer unusable.

RACK911 researchers have created proof-of-concept scripts that abuse a (symlink) race condition to link malicious files to legitimate files via directory junctions (on Windows) and symbolic links (on Mac & Linux).

When the antivirus detects the malicious file and moves to delete it, it ends up deleting its own files, or removing core files owned by the operating system.

Attacks in the real world using the RACK911 bugs would require that an attacker be in a position to first download and then run the symlink attack code on a device. This is not something that can help attackers breach a system, but something that could help them improve their access on a hacked system.

This means this type of bug can only be used as a second-stage payload in a malware infection, to elevate privileges, to disable security products, or to sabotage computers in a destructive attack.

Key players McAfee , Comodo , Avast, Kaspersky, Bit Defender, Malwarebytes are vulnerable to this exploit.