Monday, December 20, 2010

“White” and “Black” Clouds - The Conficker Case

According to the Network World magazine (http://www.networkworld.com/community/node/58829) one of the biggest computing networks anywhere are the computers controlled by the Conficker computer worm. In March 2010 Conficker controlled 6.4 million computer systems. 230 global domains were penetrated, which included more than 18 million computers, or 28 terabits per second of bandwidth. Conficker operations could be therefore be classified as a “black” cloud. There is no reason why successors to the Conficker would not reappear in a different form in the future.

In comparison the biggest legitimate (e.g. “white”) cloud provider is Google. It is made up of 500,000 systems, 1 million CPUs and 1,500 gigabits per second (Gbps) of bandwdith. Amazon comes in second with 160,000 systems, 320,000 CPUs and 400 Gbps of bandwidth, while Rackspace offers 65,000 systems, 130,000 CPUs and 300 Gbps. Microsoft’s Azure is so far only in a start-up mode of cloud computing services.

The Google, Amazon, Azure and Rackspace “white” clouds have very little in common with the Conficker “black” clouds. They operate in completely different ways. The difference is in the ways they expose themselves to vulnerabilities of their security.

Conficker attacks any computer, anywhere where computers (servers, desktops, laptops) are not correctly defended. This lack of sufficient defenses applies to significant shares of the global population of over half a billion devices. Such attacks are launched from diverse origins that are identified as coming from “hackers”.

In contrast, the customers of Google, Amazon, Rackspace and Azure initiate and then manage their connections in well-defended computing environments. The differences between “white” and “black” clouds are the security measures how threats are applied.

Google, Amazon, Rackspace and Azure clouds are coordinated by methods, which incorporate software and hardware that offer elaborate protective measures for security assurance. Botnets as well as most virus attack mechanism do not target well-funded and well-defended clouds of “white” cloud firms.

Conficker and similar botnets function by exploiting millions of back doors that can be identified in operating systems such as in Microsoft Windows. Security counter measures must then deal with a long list of known Window flaws as well as with the human errors in the defense of exposed computers.

The vastness of the Conficker operations requires users to purchase, from a diversity of security vendors, protective devices to operate their IT systems. Individual owners of systems must become knowledgeable of the perils of malware, such as botnets like Conficker, when they decide to protect their own computing infrastructure.

SUMMARY
The relocation of a firm’s computer operations from a vulnerable “black cloud” into a better-defended “white cloud” has the advantage of lowering the costs of computer security. With the rapid escalation in the capabilities of attackers, organizations such as DoD can set up their own protected “private clouds” that will be able to afford the maintenance of a “white” network with lower risks and greater efficiency.