ASSIGNMENT 2

Qualification BTEC Level 5 HND Diploma in Computing

Unit number and title Unit 16: Cloud computing

Submission date 17/04/2022 Date Received 1st submission

Re-submission Date Date Received 2nd submission

Student Name Quach Cong Tuan Student ID BHAF200014

Class PBIT17101 Assessor name Le Van Thuan

Student declaration

I certify that the assignment submission is entirely my own work and I fully understand the consequences of plagiarism. I understand
that making a false declaration is a form of malpractice.

Student’s signature Quach Cong Tuan

Grading grid

P5 P6 P7 P8 M3 M4 D2
❒ Summative Feedback: ❒ Resubmission Feedback:

Grade: Assessor Signature: Date:

Signature & Date:

 Table of Contents
I. Introduction ...................................................................................................................................................... 5
II. Configure a Cloud Computing platform with a cloud service provide framework .............................................. 6
1. Amazon Web Services (IaaS) .......................................................................................................................... 7
Steps configure an AWS ..................................................................................................................................... 8
2. GitHub ......................................................................................................................................................... 14
Steps configure a GitHub ................................................................................................................................. 15
3. Heroku (PaaS) .............................................................................................................................................. 19
Steps configure a GitHub ................................................................................................................................. 20
4. Check the application .................................................................................................................................. 26
1. Homepage ............................................................................................................................................... 26
2. Product .................................................................................................................................................... 27
3. Signup ...................................................................................................................................................... 27
4. Login ........................................................................................................................................................ 28
5. Demo Function Signup ............................................................................................................................. 28
6. Demo Function Login ............................................................................................................................... 29
7. Demo Function Create Product ................................................................................................................ 30
III. Analyze the most common problems which arise in a Cloud Computing platform and appropriate solutions
to these problems. .................................................................................................................................................. 31
1. Privacy ......................................................................................................................................................... 31
2. Security ........................................................................................................................................................ 31
3. Abuse........................................................................................................................................................... 32
4. Higher Cost .................................................................................................................................................. 32
5. Recovery of lost data in contingency ........................................................................................................... 32
6. Migration ..................................................................................................................................................... 33
IV. Assess the most common security issues in cloud environments................................................................. 34
1. Data security................................................................................................................................................ 34
1.1. Safeguards for data security in cloud computing ................................................................................. 34
2. Authentication Attack .................................................................................................................................. 35
2.1. Solution for Authentication Attack: ...................................................................................................... 35
3. Malware Injection Attacks ........................................................................................................................... 36
3.1. Cross-Site Scripting Attack ................................................................................................................... 36
 3.2. SQL Injection Attack ............................................................................................................................. 36
3.3. Solutions .............................................................................................................................................. 36
V. The issues and constraints one can face during the development process ...................................................... 38
1. Application Error.......................................................................................................................................... 38
2. Forbidden (403) ........................................................................................................................................... 39
VI. These Ways You Can Improve Cloud Security .............................................................................................. 40
1. Deploy Multi-Factor Authentication (MFA) .................................................................................................. 40
2. Manage Your User Access to Improve Cloud Computing Security ................................................................ 40
3. Monitor End User Activities with Automated Solutions to Detect Intruders ................................................ 40
4. Create a Comprehensive Off-boarding Process to Protect against Departing Employees ............................ 40
5. Provide Anti-Phishing Training for Employees on a Regular Basis ................................................................ 40
6. Consider Cloud-to-Cloud Back Up Solutions................................................................................................. 41
VII. Conclusion ................................................................................................................................................... 42
References .............................................................................................................................................................. 43
 I. Introduction
In the scientific world, cloud computing has received a lot of attention. Cloud computing is a methodology for
provides on-demand network access to a shared pool of programmatic computing resources that can be deployed
and released quickly and with little administrative effort. I’m a company employee of ATN, will design a cloud
computing solution in this assignment 2, I will explain it more clearly as well as have instructions and demo steps.
 II. Configure a Cloud Computing platform with a cloud service provide framework
As mentioned in exercise 1 about designing a model to be able to put the website of ATN company on the system. I
used the public cloud system. Besides, I will use PaaS and IaaS service delivery platforms to combine. This will be
optimized by me and presented according to the diagram below.
 1. Amazon Web Services (IaaS)
Amazon Web Services (AWS) can help your business thrive. AWS is the world’s most comprehensive and broadly
adopted cloud platform. Offering over 175 fully-featured cloud services from data centers around the globe,
organizations from large enterprises and governmental agencies to fast-growing startups, have easy access to IT
services like processing, networking, storage, security and more. AWS helps them lower costs, become more agile
and innovate faster to scale and grow.

AWS is commonly used for:

- Storing large amounts of data

- Processing large datasets
- Handling peak loads for e-commerce websites
- Hosting static websites
- Hosting dynamic applications or websites with web, application and database tiers
- And so much more

Some additional benefits of AWS, beyond what’s listed above, include:

- Better security options

- Increased productivity through automation
- New revenue streams through differentiated solutions
- Higher availability leading to improved user satisfaction
- Rapid experimentation and transformation in response to business changes and needs
- Faster innovation and time to market
- Reduced costs with better performance
- Open standards eliminate getting locked into one vendor

Below are the steps to implement and use AWS that I apply in this project. Follow my steps below:

 Step 1: Register AWS

 Step 2: Active account and Login
 Step 3: Create Instance (EC2)
 Step 4: Set up system and open port
 Step 5: Connect with VMWare (XShell)
Steps configure an AWS

Step 1: Register AWS

Step 2: Active account and Login
Step 3: Create Instance (EC2)
Step 4: Set up system and open port
Please open port 3306 to connect to Database. Create a key pair in the form of RSA with the extension .pem and
save it, this key will be used to connect to your virtual machine.
Step 5: Connect with VMWare (XShell)

At the XShell virtual machine, execute the following commands to update your entire database file. Once connected
you can use the root account or create a new user account with an equivalent administrative role. In this project, I
will act as root.

sudo su - root

mysql -u root -p123@123a

show databases;

//If you don't have your database, create the following:

create database toystore_cc;

//Then open your database.sql file and copy it here. After executing the commands, execute the show tables
command to see if the data has been fully imported.

show tables;

GRANT ALL PRIVILEGES ON toystore_cc.* TO 'tuanqc'@'%' IDENTIFIED BY '123@123a';

// the above command will enable remote access on Heroku.

 2. GitHub
GitHub, can be divided into the Git, and the Hub. The service includes access controls as well as a number of
collaboration features like tools for basic task management and for all projects you handle. GitHub hosts your source
code projects in a variety of different programming languages and keeps track of the various changes made to every
iteration.

The main benefits of using GitHub

- It makes it easy to contribute to your open-source projects

- Documentation
- Showcase your work
- Markdown
- GitHub is a repository
- Track changes in your code across versions
- Integration options

Below are the steps to implement and use GITHUB that I apply in this project. Follow my steps below:

 Step 1: Register GitHub

 Step 2: Create a repository
 Step 3: Git clone and Edit file .env (If you use Laravel)
 Step 4: Git push to GitHub
Steps configure a GitHub

Step 1: Register GitHub

Step 2: Create a repository
Step 3: Git clone and Edit file .env (If you use Laravel)
Step 4: Git push to GitHub

And Result
 3. Heroku (PaaS)
The Heroku Platform, now from Salesforce, is a platform-as-a-service based on a managed container system, with
integrated data services and ecosystem for deploying modern apps. It takes an app-centric approach for software
delivery, integrated with developer tools and workflows. It’s three main tools are: Heroku Developer Experience
(DX), Heroku Operational Experience (OpEx), and Heroku Runtime.

Heroku Developer Experience (DX)

Developers deploy directly from tools like Git, GitHub or Continuous Integration (CI) systems without the need to
manage infrastructure. The web-based Heroku Dashboard makes it possible to manage applications online and gain
visibility into performance.

Heroku Operational Experience (OpEx)

OpEx helps developers troubleshoot and remediate issues and customize the ops experience to identify and address
trends in application health. Heroku provides a set of tools to alert teams if something goes wrong, or to
automatically scale web dynos if the response time for web requests exceeds a specified threshold.

Heroku Runtime

Heroku runs apps inside dynos—smart containers on a fully managed runtime environment. Developers deploy their
code written in Node, Ruby, Java, PHP, Python, Go, Scala, or Clojure to a build system which produces an app that's
ready for execution. The system and language stacks are then monitored, patched, and upgraded. The runtime
keeps apps running without manual intervention.

Below are the steps to implement and use Heroku that I apply in this project. Follow my steps below:

 Step 1: Register Heroku

 Step 2: Create New App
 Step 3: Connect with GitHub and Select repository
 Step 4: Choose a branch to deploy
 Step 5: Click view to display website
Steps configure a GitHub

Step 1: Register Heroku

Step 2: Create New App
Step 3: Connect with GitHub and Select repository
Step 4: Choose a branch to deploy
Step 5: Click view to display website
And Result
 4. Check the application
Below I will perform the operations and functions of the website to check if the website is really running or not.
The functions I will perform include:

- Registration
- Log in
- Create products

Link My Website: http://cloudcomputing-atn.herokuapp.com/index

1. Homepage
2. Product

3. Signup
 4. Login

5. Demo Function Signup

I will create an account with the following information:

- Username: qcongtuan
- Password: 123@123a
- Full name: Quach Cong Tuan
- Phone Number: 0991979999
- Email: [email protected]
- Address: BTEC FPT
- City: Hanoi
 6. Demo Function Login
I will login the account information I just created with username: qcongtuan and password 123@123a

After logging in, the toolbar shows the login name

 7. Demo Function Create Product

I will add the product with the information as shown in the image and the result will be like the image below:
 III. Analyze the most common problems which arise in a Cloud Computing platform
and appropriate solutions to these problems.
The term "cloud computing" refers to an idea that has been around for quite some time. The provision of computing
services from a distance. Cloud computing is Internet-based computing in which computers and other devices can
access pooled resources, software, and information on demand.

It seems like "the cloud" is being discussed everywhere these days. This nebulous concept appears to embrace
nearly everything we are. While "the cloud" is merely a metaphor for the internet, cloud computing is the current
buzzword. It improves data storage, security, flexibility, and employee cooperation, as well as changing the workflow
of small and large businesses to assist them in making better decisions while lowering expenses.

It's evident that cloud computing is a trend that's only going to get bigger. We forecasted the relevance and
deployment of the cloud in organizations like Alibaba, Amazon, Google, and Microsoft in our business intelligence
trends piece.

These are major issues in Cloud Computing:

1. Privacy
The user data can be accessed by the host company with or without permission. The service provider may access
the data that is on the cloud at any point in time. They could accidentally or deliberately alter or even delete
information.

Solution:

- Let's encrypt the data

- Access control, data access object
- …

2. Security
Cloud-based services involve third-party for storage and security. Can one assume that a cloud-based company will
protect and secure one’s data if one is using their services at a very low or for free? They may share users’
information with others. Security presents a real threat to the cloud.

Solution:

- Use security policies and service providers that offer the best in design security
- Data encrypt.
- Use tight security protection protocols for cloud solutions (SSL).
- Train IT staff on how to handle security issues with an appropriate solution.
- Establish corporate policies and culture on data security development and assurance.
 3. Abuse
While providing cloud services, it should be ascertained that the client is not purchasing the services of cloud
computing for a nefarious purpose. In 2009, a banking Trojan illegally used the popular Amazon service as a
command-and-control channel that issued software updates and malicious instructions to PCs that were infected
by the malware So the hosting companies and the servers should have proper measures to address these issues.

Solution:

Enterprises/ATN Company must monitor those who have access to the cloud and set up mitigations for any threats
or risks. Data loss prevention and disaster recovery plans can aide in the recovery process if abuse of cloud services
should occur.

4. Higher Cost
If you want to use cloud services uninterruptedly then you need to have a powerful network with higher bandwidth
than ordinary internet networks, and also if your organization is broad and large so ordinary cloud service
subscription won’t suit your organization. Otherwise, you might face hassle in utilizing an ordinary cloud service
while working on complex projects and applications. This is a major problem before small organizations, that
restricts them from diving into cloud technology for their business.

Here are some common cost models used in the cloud and the most economical solutions:

- Pay-As-You-Go
- Prepaid/Fixed Subscriptions
- Reserved Instances
- Spot Instances
- Calculating Cloud Costs such as capital costs, operational costs and indirect business costs
- Make a specific schedule and specific strategy.
- …

5. Recovery of lost data in contingency

Before subscribing any cloud service provider goes through all norms and documentations and check whether their
services match your requirements and sufficient well-maintained resource infrastructure with proper upkeeping.
Once you subscribed to the service you almost hand over your data into the hands of a third party. If you are able
to choose proper cloud service then in the future you don’t need to worry about the recovery of lost data in any
contingency.

Solution:

- Come up with a specific plan with troubleshooting steps

- Always back-up data by day, month, year
- Always check and maintain regularly
 6. Migration
One of the main cloud computing industry challenges in recent years concentrates on migration. This is a process of
moving an application to a cloud. An although moving a new application is a straightforward process, when it comes
to moving an existing application to a cloud environment, many cloud challenges arise.
 IV. Assess the most common security issues in cloud environments.
Security is the most major barrier to businesses adopting cloud computing. Because cloud computing involves a
wide range of technologies, including networking, databases, operating systems, virtualization, resource scheduling,
transaction management, load balancing, concurrency control, and management, it is difficult to define. There are
certain security risks, to be sure.

Cloud computing is no exception, as many of these systems and technologies have flaws. The network connecting
cloud systems, for example, must be secure. In addition, the cloud computing virtualization approach poses a
number of security concerns. The mapping of a virtual machine to a physical computer, for example, must be done
safely. Encryption of data and the enforcement of suitable data sharing policies are both aspects of data security.
Cloud Computing's Security Challenges:

1. Data security
There is a risk of data misuse when numerous organizations share resources. To avoid risk, data repositories, as well
as data that is stored, transported, or processed, must be secured. Data security is one of the most pressing concerns
in cloud computing. It is critical to offer authentication, authorization, and access control for data stored in the cloud
to improve cloud computing security. The following are the three primary areas of data security:

Cloud data security is the combination of technology solutions, policies, and procedures that you implement to
protect cloud-based applications and systems, along with the associated data and user access.

The core principles of information security and data governance—data confidentiality, integrity, and availability
(known as the CIA triad)—also apply to the cloud:

 Confidentiality: protecting the data from unauthorized access and disclosure

 Integrity: safeguard the data from unauthorized modification so it can be trusted
 Availability: ensuring the data is fully available and accessible when it’s needed

These tenets apply regardless of:

 Which cloud model you adopt—public, private, hybrid, or community clouds

 Which cloud computing categories you use—software-as-a-service (SaaS), platform-as-a-service (PaaS),
infrastructure-as-a service (IaaS), or function-as-a-service (FaaS)

1.1. Safeguards for data security in cloud computing

Data security in the cloud starts with identity governance. You need a comprehensive, consolidated view of data
access across your on-premises and cloud platforms and workloads. Identity governance provides:

 Visibility: The lack of visibility results in ineffective access control, increasing both your risks and costs.
 Federated access: This eliminates manual maintenance of separate identities by leveraging your Active
Directory or other system of record.
  Monitoring: We need a way to determine if the access to cloud data is authorized and appropriate.

In addition to governance, here are some other recommended data security safeguards for cloud computing:

1.1.1 Deploy encryption:

Ensure that sensitive and critical data, such as PII and intellectual property, is encrypted both in transit and at rest.
Not all vendors offer encryption, and you should consider implementing a third-party encryption solution for added
protection.

1.1.2. Back up the data:

While vendors have their own backup procedures, it’s essential to back up your cloud data locally as well. Use the
3-2-1 rule for data backup: Keep at least three copies, store them on at least two different media, and keep at least
one backup offsite (in the case of the cloud, the offsite backup could be the one executed by the vendor).

1.1.3. Implement identity and access management (IAM):

Your IAM technology and policies ensure that the right people have appropriate access to data, and this framework
needs to encompass your cloud environment. Besides identity governance, IAM components include access
management (such as single sign-on, or SSO) and privileged access management.

1.1.4. Manage your password policies:

Poor password hygiene is frequently the cause of data breaches and other security incidents. Use password
management solutions to make it simple for your employees and other end users to maintain secure password
practices.

1.1.5. Adopt multi-factor authentication (MFA):

In addition to using secure password practices, MFA is a good way to mitigate the risk of compromised credentials.
It creates an extra hurdle that threat actors must overcome as they try to gain entry to your cloud accounts.

2. Authentication Attack
An authentication attack is also a type of assault when it comes to the cloud. During the authentication process,
hackers attempt to obtain the user's credentials and personal information. If they succeed, the hackers will gain
access to personal information owned by users, sensitive information stored by corporations, and other information.

2.1. Solution for Authentication Attack:

Authentication, especially in the cloud, is always a risk. Use of Key Management is one approach for both sides. In
the server logs, the time of access should be noted. In addition, the account should be automatically locked after a
number of failed login attempts.
3. Malware Injection Attacks

3.1. Cross-Site Scripting Attack

Cross-site scripting (XSS) is a web application security vulnerability. An attacker can use XSS to run scripts on the
workstations of users of a targeted online application. As a result, attackers may be able to steal client passwords
and sessions, as well as deliver malware. Every year since its inception, the Open Web Application Security Project
(OWASP) has included XSS in its top ten list of the most serious web application security vulnerabilities. XSS
vulnerabilities are detected in two-thirds of all applications, according to the research.

3.2. SQL Injection Attack

One of the most serious threats to a SaaS application is SQL injection. This could lead to the loss of sensitive and
critical information (e.g., financial, personal). The attacker can take crucial and secret information from a business
or organization using this method, causing significant damage to both tangible (e.g., data) and intangible (e.g.,
reputation) assets. The goal of this study is to look at the possibility of utilizing machine learning techniques to
identify SQL injection at the application level. The algorithms that will be put to the test are classifiers that have
been trained on a variety of harmful and benign payloads.

3.3. Solutions
Solution to avoid XSS and SQL attacks:

 Make sure form fields aren't prepared with the Hyper Text Markup Language (HTML).
 Validate the accuracy of all fields, strings, variables, and cookies.
 Set the cookie expiry time to a limited length of time if you must save superfluous data in cookies.
 Encryption should be used for all data interactions between clients and servers.
 Do not use the Remember Me option when authenticating on websites.
 V. The issues and constraints one can face during the development process
When doing the process of uploading a website to the server, I encountered many difficulties when there were too
many errors. Maybe these errors are very common errors like Application Error or Forbidden. These bugs have made
it difficult for programmers like me to edit and update. Below I will list some errors that programmers are likely to
encounter like me.

1. Application Error
When I’m opening your application and an "Application Error" message is displayed.

Resolution

"Application Error" or similar is always caused by your own application code. Routing errors will normally only
surface themselves within the logs of your application.

To track this kind of issue down you should look at your logs:

$ heroku logs --tail --app your_app_name

In most cases, you will be able to see the cause of the error there. To learn more about logging, please see our
Logging article on DevCenter.

If you can't see the source of the error straight away, try restarting your app from another terminal window or via
the Heroku Dashboard:

$ heroku restart

There are some errors which only occur when the app is rebooting so you will need to restart the app to see these
log messages appear.
 2. Forbidden (403)
I deployed a PHP application and when I hit the url, I get the following error:

“Forbidden

You don't have permission to access / on this server.”

And then I searched a lot of sites like "Stackoverflow" for a way to fix this, and luckily for me, I was able to find a
way to fix this very easily, I needed to create a new one. new file named .htaccess - this will help me get access to
the site.
 VI. These Ways You Can Improve Cloud Security

1. Deploy Multi-Factor Authentication (MFA)

Traditional username and password combinations are frequently insufficient to secure user accounts from hackers,
and stolen credentials are one of the most common ways for hackers to get access to your online business data and
apps.

MFA is one of the simplest yet most effective security measures for preventing unauthorized access to your cloud
services. In fact, most security experts will warn you that failing to deploy MFA as part of your infrastructure as a
service (IAAS) design is now regarded careless. Take a look at our data sheet to find out everything you need to
know about MFA.

2. Manage Your User Access to Improve Cloud Computing Security

Most employees don't need access to every application, every piece of information, or every file in your cloud
infrastructure. Setting proper levels of authorization with an IAM plan ensures that each employee can only view or
manipulate the applications or data necessary for him or her to do their job. Assigning access control not only helps
prevent an employee from accidentally editing information that he or she isn't authorized to access, but also
protects you from hackers who have stolen an employee's credentials.

3. Monitor End User Activities with Automated Solutions to Detect Intruders

End-user activity can be monitored and analyzed in real time to discover anomalies that depart from normal usage
patterns, such as log ins from previously unknown IP addresses or devices.

These unusual behaviors could suggest a system breach, so detecting them early can stop hackers in their tracks
and allow you to address security issues before they cause havoc.

4. Create a Comprehensive Off-boarding Process to Protect against Departing Employees

Make sure that when employees depart, they can't access your cloud storage, systems, data, customer information,
or intellectual property. This is an important security responsibility that is frequently postponed days or weeks after
someone has left.

Because each employee is likely to have access to a variety of cloud applications and platforms, you'll need a
systemized deprovisioning procedure to ensure that each departing employee's access rights are removed.

5. Provide Anti-Phishing Training for Employees on a Regular Basis

Through social engineering techniques like as phishing, impersonating websites, and social media monitoring,
hackers can get access to secure information by stealing employees' login credentials. Cybersecurity has evolved
into a team effort.
 6. Consider Cloud-to-Cloud Back Up Solutions
As previously stated, the chances of you losing data owing to a cloud provider's fault are extremely low - but the
chances of you losing data due to human error are extremely high.
 VII. Conclusion
In this assignment 2, I have detailed the specifics as well as presented how to put a website on Heroku and AWS
systems, the systems I have set up and instructions on how to do this. to configure. In part II.4 I also demoed the
functions and checked for errors and results. With the following sections, I have analyzed and given my personal
views on security in cloud computing. In this assignment, I really hope I can get the corresponding score. The entire
content in the article is presented by me based on my personal views with the sections.
References
D'Silva, F., 2021. 6 Tips for Improving Cloud Computing Security. [Online]
Available at: https://www.ntiva.com/blog/6-tips-for-improving-cloud-computing-security
[Accessed 15 April 2022].

GOOGLE CLOUD PLATFORM, 2021. How does backup and data recovery work in the Cloud?. [Online]
Available at: https://gcloud.devoteam.com/blog/how-does-backup-and-data-recovery-work-in-the-cloud/
[Accessed 16 April 2022].

Novoseltseva, E., 2020. Benefits Of Using Github. [Online]

Available at: https://apiumhub.com/tech-blog-barcelona/using-github/
[Accessed 15 April 2022].

Olson, P., 2020. Benefits of Cloud Computing with AWS. [Online]

Available at: https://www.alacriti.com/benefits-of-cloud-computing-with-aws/
[Accessed 15 April 2022].

SailPoint, 2021. Data Security in Cloud Computing. [Online]

Available at: https://www.sailpoint.com/identity-library/data-security-in-cloud-
computing/#:~:text=What%20is%20data%20security%20in,associated%20data%20and%20user%20access.
[Accessed 16 April 2022].

Thakkar, M., 2017. 7 Biggest Challenges in Cloud App Development. [Online]

Available at: https://synoptek.com/insights/it-blogs/7-biggest-challenges-in-cloud-app-development/
[Accessed 17 April 2022].

Valle, A. A. d., 2021. Heroku Platform. [Online]

Available at: https://www.trustradius.com/products/heroku-platform/reviews?qs=pros-and-cons#faqs
[Accessed 16 April 2022].