Secure Cloud Authentication with Private – Public Keys

You cannot ignore the various cloud based services that most of the enterprises use on a daily basis. Some of these services use password authentication but many of them use public and private keys for authentication.

The use of public / private keys have increased, and is now being used by a number of protocols and applications. The primary reason for this is improving security, since the keys provide a much better security than a password that was chosen by a user. In order to provide cloud services, we have to ensure we’re properly protecting our public/private keys.

Sample encryption & decryption process

Some Business areas where public/private keys are used:

The most common use of the public/private key pairs are by the applications hosted on cloud based dedicated servers. You simply rent a dedicated server from cloud service providers such as Microsoft Azure or Amazon Web Service. All it requires is a bank account and a few simple mouse clicks to get a dedicated server up and running in matter of minutes.

The administrators use SSH daemon for interacting with them. The Secure Shell or SSH, is an cryptographic (encrypted) network protocol to allow remote login and other network services to operate securely over an unsecured network. You will use the public-private keys to secure your application while password authentication is disabled.

Often used in the banks and other kinds of financial institutions; the website application issues a new key for every user who are given access to this service.

Developers use the public-private keys to authenticate, via the private key to push or pull the source code in the cloud environment. The cloud tools simplify the installation and maintenance of the source code repositories.

Understanding Key Security

Asymmetric encryption uses the public and private keys, to authenticate the system or encrypt/decrypt the data, while in transit. The public key can always be shared with the public as it is used for data encryption while the private key can only decrypt data. Using specific commands the keys can be generated which can accept various arguments to fine-tune the key generation process.

Ways to improve security of public and private keys:

  1. Use password-protected keys:

It is important to select a strong password when generating the private key, to protect it from an unlawful use. An attacker who has gained access to the machine that stores the private keys will eventually be able to access the private keys which in the unencrypted form can provide an attacker access to the cloud-based system.

The attacker can gain access to the machine through various techniques like uploading the shell through a web-based vulnerability in the web application. He will be able to gain partial access to the underlying file system or the access/directory where administrators often place the private keys for authenticating the other cloud-based systems.

This emphasizes the importance of encrypting the private keys with an additional strong password that  prevents the attacker from gaining access to other systems.

  1. Use a strong key.

When creating the private key, it is possible to instruct the ssh-keygen command, to create keys of the following size: 1024, 2048, 4096 and so on. The private keys are usually constructed from the product of two randomly generated prime number. The strength of the public/private key encryption lies in the fact that it’s very easy to calculate the product of two randomly chosen prime numbers, but it is difficult to determine which of the two prime numbers were used by knowing their product.

It is advisable to choose the 4096- bit key that is currently considered secure as it contains enough possibilities to prevent the attacker from using brute-force to gain the passwords in real time.

  1. Reduce the login time.

Using the public and private keys, involves providing password for the private keys all the time. The ssh-agent which stores the decrypted private key in the cache for the duration of the session, can reduce the time it takes to authenticate the system.
The decrypted key can then be used to authenticate the cloud-service without providing the private key password. The decrypted version of the key is only available in the cache and only to the ssh-agent process, while the actual file in the file system remains encrypted. An attacker with access to the file system, will only be able to steal the encrypted version of the private key.

  1. Back up your keys.

Creating backup is a good idea when you rely on a number of public/private key-pairs to authenticate the cloud-based services. Otherwise, if the keys are lost through hard drive failure or accidental file removal operation, the user would no longer be able to authenticate the cloud-based service.

Failing to back up the keys properly can result in getting locked of the cloud service. Contacting the cloud service provider can restore access to the system, but the process is long and cumbersome. In the worst-case scenario, access to the system is lost completely. This can happen if everything is encrypted in the cloud and the cloud-service provider doesn’t have any access to the system or files.

Usage of the public and private keys have increased and is now used by a number of cloud-based services instead of the passwords to authenticate the system, as it provides much better security. Therefore, properly securing the public and private keys are necessary to prevent the attackers from gaining access to the cloud service.

There are ways to protect the public and private keys on the client. So even if an attacker is able to compromise the client, he won’t be able to use the keys. Keep in mind that an attacker who has gained the private keys can authenticate the cloud service and perform a lot of malicious actions like stealing user data, decrypt sensitive information and disrupt the service, among others.

For more details or information, connect with us at info@sysfore.com or call us at +91-80-4110-5555. Website: www.sysfore.com

Sysfore Technologies partners with Infinity

The Sysfore Technologies has added another name to its growing list of Partner network. The Infinity, a Stamford Technology Company, is the global provider of Life Science Enterprise Level IT services for biotech, pharmaceutical and medical device companies of all size.

Having operations in the United States, Canada and India, the Infinity has invested heavily in developing intellectual property for drug safety, enterprise quality management, regulatory, compliance and lean value chain optimization for the biotech, pharmaceutical and medical device companies of various size.

Infinity company logo

The Sysfore Technologies is both Microsoft Gold Certified Partner and AWS Cloud Consulting Partner India. It is the leading system integrator (SI), specializing in building systems for enterprise clients using cloud, mobile and responsive web technologies. We serve a global client base, offering Consulting, Technology and Managed Services.

As a Gold Certified Partner, Sysfore has demonstrated expertise in Microsoft technologies and a proven ability to meet customers’ needs and make a smooth transition to the Azure Platform.

As the AWS Cloud Consulting Partner India, Sysfore can help you design, architect, build, migrate and manage your web and mobile applications on the AWS platform. It provides a secure, flexible and resilient cloud environment for your responsive web development and ERP implementations.

Infinity can gain from Sysfore’s experience and cloud expertise to provide vast industry specific solutions, deep technology expertise and a diverse portfolio of services, to help the customers optimize their business processes, maximize usage of the latest technologies, and drive innovation across their organization.

Growing Cloud Partnership

The Infinity can leverage Sysfore’s Cloud Solution for Microsoft Azure or AWS, that help enterprises smartly connect intelligent capabilities needed to become the digital business. It can gain from the agility and economics of cloud computing with the reliability and security of an on-premise IT environment.

The Sysfore’s cloud offering include cloud consulting, application, mobile and web development, cloud managed services, cloud migration and deployment services.

It creates custom application solutions which enable organizations to achieve the competitive advantage within the continuously changing technology world. It has proven experience in various technologies like .NET, Java, PHP and other open source platform, to design, deploy and run applications across on-site, mobile, web and cloud based platform for multiple industries.

Sysfore Cloud Advantage

Whether it is creating a new solution, application or updating an existing one; Sysfore has an excellent development and support team to give you the best execution of application development services.

This cloud partnership allows both of them to help accelerate their client’s growth.
We offer a complete range of value added service in the application development and customization field:

• Optimize performance, costs and business continuity.
• Create a new class of applications that leverage the hybrid cloud platform.
• Provide a clear cloud road map which assesses, creates, deploys and migrates applications or infrastructures to the cloud.
• Seamlessly manage integration and automation of SaaS, IaaS and PaaS workloads, between Microsoft private and public clouds, or between cloud and on-premises.
• Auto-scale, burst and dynamically provision for capable applications across Microsoft cloud.
Here Is wishing both the Sysfore Technologies and the Infinity a long and successful partnership based on true collaboration, trust and mutual benefits.

You can contact us at  info@sysfore.com or call us at +91-80-4110-5555, +91 9845189275 or +91 9845698669 to know more about this growing partnership.

Disaster Recovery is Broken… Don’t blame Your IT! Switch to Zerto DR

We hear a lot about the ease of cloud, the flexibility of cloud – the ability to cut down on your costs and consume only what is required. The correct term would be “cloud bursting”. If this were that simple, then every business would be queuing up for this opportunity. They would not have to spend time, resource and money on significant and complex cloud migration projects.

Disaster Recovery and Business Continuity for a New World

Disaster recovery is more than just a strategy in your business continuity plans. It is a crucial part that will get your business back online in the event of any natural or manmade disaster. What most organizations don’t realize though is that the right disaster recovery solution will also deliver IT resiliency.

Zerto is more than just replication and DR. Zerto provides enterprise-class disaster recovery and business continuity software specifically for virtualized data centers and cloud environments. It is offers enterprise workload mobility, from a product that works exclusively in the virtual layer. That means they can move applications and data, in a consistent state, in a few clicks, with just a minute or so of disruption and also between different hypervisors and clouds.  

Zerto DR Equipped for any IT World

Sysfore and Zerto – a Viable Partnership

Cloud DR is the basis for deciding when, where and how to move your business to cloud. With Zerto, effective DR is possible within the private cloud, to the public cloud and in the public cloud.

Zerto partners with Sysfore, the leading Cloud Service Providers (CSPs) to offer a cloud based business continuity and disaster recovery (DR) service, enabling businesses of all sizes to protect production applications both to the cloud and in the cloud. Having extensive Cloud DR expertise, Sysfore offers Zerto Cloud DR Ecosystem and services powered by Zerto Virtual Replication (ZVR) 4.0 — a platform for secure, non-intrusive, cloud-based BC DR for private, hybrid and public clouds.

Get in touch with our DR experts and we’ll give a free assessment on implementing Zerto’s DR solution for your business.

Disaster Recovery Solution from Zerto

Zerto’s hypervisor-based replication technology is the first disaster recovery system that lets Cloud Service Providers offer cost-effective, automated, enterprise-class DR as a Service. With Zerto, cloud providers can deliver a solution that is:

  • Multi-site — the ability to replicate between more than one site, enabling you to support many customers.
  • Multi-tenant — full integration with multiple platforms like VMware, Hyper-V, AWS and Cloud, which enables centralized and simplified management of all virtual data centers as well as effectively leverage resources within the cloud to realize economies of scale.
  • Array agnostic — replicates any customer environment to your cloud regardless of their storage vendor or architecture
  • Deployed quickly and remotely — installs remotely in hours without requiring any changes to the customer environment
  • Tested and validated anytime — recovers customer applications in your cloud with one click of a button
  • Granular — allows customers to pick specific applications to protect, regardless of their physical server or storage location
  • Comprehensive — provides robust replication and offsite backup in one simple product
  • Consistent and reliable — provides scalable, block-level replication with RPO of seconds and RTO of mere  minutes

Implement Zerto’s Disaster Recovery solutions in your business, to avoid costly outages. Installation of the Zerto Virtual Replication software can be completed in under an hour, even for complex applications. By replicating at the hypervisor level, Zerto simplifies replication and recovery into a three-click process.

Contact Sysfore’s Cloud Disaster Recovery experts thorough info@sysfore.com or call us at +91-80-4110-5555 to know more.