Home > Design Patterns > Cloud Traffic Hijacking Protection

Cloud Traffic Hijacking Protection (Cope, Erl)

How can cloud communication be protected from traffic hijacking?

Cloud Traffic Hijacking Protection

Problem

Attackers can often locate Internet service providers (ISPs) whose internal or ISP-to-ISP Border Gateway Protocol (BGP) session is susceptible to a man-in-the-middle attack. Once located, an attacker can potentially advertise any prefix they want, causing some or all traffic to be diverted from the real source towards the attacker.

Solution

A series of mechanisms are established to ensure mutually authenticated and encrypted communications data channels where possible, encryption and integrity protection of data in transit between the cloud consumer and cloud provider, as well as the monitoring and alerting of traffic anomalies.

Application

Cloud traffic hijacking attacks can be mitigated using either a third party and/or on-premise traffic monitoring system in conjunction with validated encryption and digital signatures or authentication codes for the data in transit.
Cloud Traffic Hijacking Protection: Various traffic hijacking mitigations are executed.

Various traffic hijacking mitigations are executed.