User:Maura Driscoll/sandbox

Web browser security can be breached via the browser itself, via the operating system, or via network connections: The browser may not be aware of any of these breaches and may assume a safe user connection.
 * Operating system is breached and malware is reading/modifying the browser memory space in privilege mode
 * Operating system has a malware running as a background process, which is reading/modifying the browser memory space in privilege mode
 * Main browser executable can be hacked
 * Browser components may be hacked
 * Browser plugins can be hacked
 * Browser network communications could be intercepted outside the machine

Breaches of web browser security are usually for the purpose of bypassing protections to:
 * Display pop-up advertising
 * Collect personally identifiable information (PII) for either Internet marketing or identity theft, website tracking or web analytics about a user against their will using tools such as web bugs, Clickjacking, Likejacking (where Facebook's like button is targeted),, HTTP cookies, zombie cookies or Flash cookies (Local Shared Objects or LSOs);
 * Install adware, viruses, spyware such as Trojan horses (to gain access to users' personal computers via cracking)
 * Install other malware including online banking theft using man-in-the-browser attacks.

Vulnerabilities in the web browser software itself can be minimized by keeping browser software updated.

However, browser software updates will not be sufficient if the underlying operating system is compromised, for example, by a rootkit. In addition, some browser subcomponents such as scripting, add-ons, and cookies may be particularly vulnerable ("the confused deputy problem") and also need to be addressed.

Following the principle of defence in depth, a fully patched and correctly configured browser may not be sufficient to prevent all browser-related security issues. For example, a rootkit can capture keystrokes while someone logs into a banking website, or carry out a man-in-the-middle attack by modifying network traffic to and from a web browser. DNS hijacking or DNS spoofing may be used to return false positives for mistyped website names, or to subvert search results for popular search engines. Malware such as RSPlug simply modifies a system's configuration to point at rogue DNS servers.

Browsers can use more secure methods of network communication to help prevent some of these attacks:
 * DNS: DNSSec and DNSCrypt, for example with non-default DNS servers such as Google Public DNS or OpenDNS.
 * HTTP: HTTP Secure and SPDY with digitally signed public key certificates or Extended Validation Certificates.

Perimeter defenses are commonly implemented as a best practice in large organizations to block malicious network traffic before it reaches a browser. These defenses typically include the use of firewalls and the use of filtering proxy servers that block malicious websites and perform antivirus scans of file downloads.

Plugins and extensions
Although not part of the browser per se, browser plugins and extensions extend the attack surface, exposing vulnerabilities in Adobe Flash Player, Adobe (Acrobat) Reader, Java plugin, and ActiveX that are commonly exploited. Malware may also be implemented as a browser extension, such as a browser helper object in the case of Internet Explorer. Browsers like Google Chrome and Mozilla Firefox can block—or warn users of—insecure plugins.

US-CERT recommends to block Flash using NoScript. Charlie Miller recommended "not to install Flash" at the computer security conference CanSecWest. Several other security experts also recommend to either not install Adobe Flash Player or to block it.

A backbone network provides network-to-network communication for large networks. Its role in a network infrastructure is to provide an efficient path to route information from one network to another. It can use any combination of LAN and WAN technologies to connect networks within the same building, across different buildings, or over wide areas.

For example, a large company might implement a backbone network to connect departments that are located around the world. The equipment that ties together the departmental networks constitutes the network backbone.

When designing a network backbone, network performance and network congestion are critical factors to take into account. For this reason, high-speed transmission media are used wherever possible. Any network servers that form the backbone usually do not provide application services to user computers; instead, they are dedicated to handling network-to-network traffic.

Another example of a backbone network is the Internet backbone, which is the set of wide area networks (WANs) and core routers that tie together all networks connected to the Internet.

_________________________

Cloud computing is a branch of computer technology that relies on networks to provide location-independent computer applications to users and to businesses. Software applications, along with hardware resources such as data storage, are made available to user communities by cloud service providers. Instead of purchasing, owning, installing, and having to maintain software applications or data storage capabilities, user communities can lease applications and storage from a cloud service provider.

This type of subscription-style delivery model, sometimes loosely known as Software as a Service (Saas), applies even when the cloud service provider offers its services at no cost. The model applies whether the provider offers its capabilities to individual users, to large organizations, or to other cloud service providers. A cloud-shaped symbol represents the location-independence of the set of capabilities offered through this model. The capabilities provided can include software applications (such as email), features (such as user identity security), hardware resources (such as data storage), and network technologies (such as rapid response times). The capabilities are often integrated.

Cloud computing offers a wealth of advantages to individual users and businesses alike. Cloud service providers arrange, provide and maintain the software, hardware, and networking infrastructure on behalf of their user communities. User communities have access to their applications from multiple user devices anywhere in the world that internet service is provided. Since user applications, user configuration information, and user data can all be maintained in the cloud, instead of maintained on a local user device or a local server, thin clients such as smart phones and pad computers can operate a rich set of application functions without needing built-in storage features on the devices themselves.



The primary disadvantage of cloud computing is that user communities entrust their application access and their individually-customized data to the cloud service providers. The user community relies on cloud service providers to provide access to features that people use daily, as well as access to personal user information. For example, user email application as well as their individual email messages are stored on a server in the cloud. The actual physical location of the server that provides access to the application, the physical location of the server that stores the user's personal data, the type of security technologies used to keep the user data secure, and the methods to deliver speedy access to the user are known only to the cloud service provider.

For reasons that take in the trade-offs between the advantage and disadvantages of cloud computing, network security is, and will remain, a major issue, creating a wealth of cloud service providers that offer packaged security solutions to other cloud service providers. For example, an application service provider might subscribe, in turn, to a security service provider. This allows the application service provider to leverage up-to-date security features in the application service that it provides to its user community, without having to get into the security business itself and keep up with advances in cloud security technologies. All three players in that example are accessing features through the cloud, using a subscription service type of model that cloud-based technologies are designed to offer. In this way, the capability provided to the user is integrated from a technology perspective, and is both location-independent and transparent from a user perspective.

Due to cloud computing, people use increasingly complex computer applications from mobile phone devices that have internet data capability. The application intelligence, the customization of that application for a particular user, storage, security, and availability is provided to the user transparently from the cloud.

Whether or not

is determined

integrated

In terms of disadvantages, the user communities rely fully on cloud

A cloud-shaped sympFor example, an application provider

thisi Cloud service providers offer software applications (such as email), hardware resources (such as email storage), and network capabilities (such as fast access times) over the network.

The cloud service provider selects and manages the specific software, hardware and networking technologies used to provide an application or resource. The service subscriber can be an individual user, a public community of users, or a private community of users (such as a business or school).

A subscription model is used whether or not the subscriber pays for the service, since some services are provided without cost, such as Wikipedia. ... versus downloading and installing software applications to a location-dependent user device.

The specifics of the software application delivery methods, network server locations, and network technologies are managed by the cloud service provider. The set of software, hardware, and networking technologies used is known as an infrastructure.

The name, cloud computing, is based on the arrangement of whatever set of location-independent, transparent computer resources the service provider selects to deliver and maintain the complete, interactive computer application to its service subscribers. An application will use a set of hardware and software infrastructure solutions. (These are in turn provided by other cloud providers - that's really where this stuff is all going.)

For example, Wikipedia uses the internet and a set of network servers as part of its hardware infrastructure solution. It uses software applications to provide vi to the data stored on the servers as part of its software infrastructure solution. Wikipedia users do not need to know the details of how the service ir provided. The Wikipedia service is provided when a user types or selects the word, Wikipedia, from any internet-capable device, from any internet-capable location in the world. The service provider, Wikipedia, uses a cloud computing architecture to deliver this service.

Hybrid cloud, etc, could follow here.

Need to check out all the wiki links available - subscription model, network technologies, even application delivery methods (thumb drive to be installed locally, but not available globally). Overall, would like to avoid the whole local / global terminology thing, if possible.

Need to cite great, current refs for all that, too. Check out B&N maybe for some current, accessible stuff.

Seriously need a plan once I vet most of the issues and try to organize them! Yow.

The main article, as it stood starts here:

is the use of computing resources (hardware and software) that are delivered as a service over a network (typically the Internet). The name comes from the use of a cloud-shaped symbol as an abstraction for the infrastructure it contains in system diagrams. Cloud computing entrusts remote services with a user's data, software and computation.

My first sandbox. What a mess! ; )