Cloud Computing, a Weapon of Mass Destruction?

Presented at DEF CON 18 (2010), July 30, 2010, 11 a.m. (50 minutes)

Using cloud computing to attack systems allows for the testing of a company's incident response and recovery program. We have been using the cloud computing environment to test real world scenarios for different types of attacks, such as Distributed Denial of Service, Flooding, and Packet Fragmentation. The presentation will review some of the common attack types, what they are, and how they can be used to disrupt service. I will also review the steps that led us to choose the cloud computing environment, why these environments are good for most, but also why they may not meet your regulatory requirements. And lastly, I will review mitigation strategies and response programs that can reduce the operational risks when responding to these events.


Presenters:

  • David Bryan / VideoMan - Security Consultant & Hacker   as David "VideoMan" M. N. Bryan
    David has over 9+ years of computer security experience and is a self taught expert. With that comes a CISSP and experience working on security engineering, design, administration and more recently consulting. He has performed security assessment projects for health care, nuclear, retail, manufacturing, pharmaceutical, banking and educational sectors. As an active participant in the information security community, he volunteers at DEFCON where he designs and implements the Firewall and Network for what is said to be the most hostile network environment in the world. He is also an active participant in the local Minneapolis security groups both as a board member of OWASP MSP and co-manager of DC612. His roots and experience come from working for a large enterprise banks, designing and managing enterprise security systems. In the more recent years he has been working as an Information Security Consultant to review the security and architecture of information computing environments.
  • Michael Anderson - Security Consultant, NetSPI
    Mike Anderson currently works as a security consultant for NetSPI, in Minneapolis, MN. He studied computer sciences and Japanese at the University of Minnesota, and worked as a systems operator and technician, supporting 2,000 concurrent users.

Links:

Similar Presentations: