Home > Design Patterns > Cloud Traffic Hijacking Protection

Cloud Traffic Hijacking Protection (Cope, Erl)

How can cloud communication be protected from traffic hijacking?

Cloud Traffic Hijacking Protection


Attackers can often locate Internet service providers (ISPs) whose internal or ISP-to-ISP Border Gateway Protocol (BGP) session is susceptible to a man-in-the-middle attack. Once located, an attacker can potentially advertise any prefix they want, causing some or all traffic to be diverted from the real source towards the attacker.


A series of mechanisms are established to ensure mutually authenticated and encrypted communications data channels where possible, encryption and integrity protection of data in transit between the cloud consumer and cloud provider, as well as the monitoring and alerting of traffic anomalies.


Cloud traffic hijacking attacks can be mitigated using either a third party and/or on-premise traffic monitoring system in conjunction with validated encryption and digital signatures or authentication codes for the data in transit.
Cloud Traffic Hijacking Protection: Various traffic hijacking mitigations are executed.

Various traffic hijacking mitigations are executed. Cloud Certified Professional (CCP) Module 7: Fundamental Cloud Security Cloud Certified Professional (CCP) Module 8: Advanced Cloud Security

This mechanism is covered in CCP Module 7: Fundamental Cloud Security and
in Module 8: Advanced Cloud Security.

For more information regarding the Cloud Certified Professional (CCP) curriculum, visit

Cloud Computing Design Patterns

The architectural model upon which this design pattern is based is further covered in:

Cloud Computing Design Patterns by Thomas Erl, Robert Cope, Amin Naserpour

(ISBN: 9780133858563, Hardcover, ~ 528 pages)

For more information about this book, visit