A Review on Security Issues and Attacks in Distributed Systems

Nowadays, so many people are connected to the internet to access the different resources of their use and different companies are using distributed environment to provide their services to the customers. So there is a need of more secure distributed environment in which all transaction and operations can be complete successfully in a secure way. In distributed System environment it is very important to provide service at anytime, anywhere to the customers, this require proper time management of all computing and networking resources, resource allocation on time and their proper utilization. In distributed environment security is primary concern.


I. INTRODUCTION
In today's networked world, computers rarely work in isolation.They collaborate with each other for the purpose of communication, processing, data transfer, storage etc., When systems work in this collaborative fashion with other systems that are geographically scattered over wide distance it is commonly known as a distributed system.In literature, researchers have used diverse definitions to outline what a distributed system is.
Coulouris et al., have defined a distributed system as "a system where the hardware and software components have been installed in geographically dispersed computers that coordinate and collaborate their actions by passing messages between them [1].Tanenbaum and Van Steen have defined a distributed system as "a collection of systems that appears to the users as a single system" [2].From Tanenbaum's definition, it can be conceived that a distributed system refers to a software system rather than the hardware that are involved in creating the system.Combining these definitions, it can be stated that a distributed system is an application that communicates with multiple dispersed hardware and software in order to coordinate the actions of multiple processes running on different autonomous computers over a communication network, so that all components hardware and software  Manuscript received April 15, 2016; revised November 9, 2016.cooperate together to perform a set of related tasks targeted towards a common objective.
Most people consider a distributed system and a network of computers to be the same.But these two terms mean two different but related things.A computer network is an interconnected set of autonomous computers that communicated with each other.A user using a computer network understands that he uses different resources lying on different computers as a computer network does not hide the existence of multiple computers.But a distributed system on the other hand provides the feeling that the user is working on a single homogenous more powerful computer with more resources.The existence of multiple autonomous computers is transparent to the user as the distributed system application that is running on the computers would select suitable computers and allocate jobs without the specific intervention of the user [3].
Distributed systems have been built with the objective of attaining the following: a. Transparency b.Openness c. Reliability d.Performance e. Scalability In order to achieve the above objectives, security of the system must be given adequate attention as it is one of the fundamental issues in distributed systems [4].Attention must be paid at every stage including design, implementation, operation and management of distributed systems.
In this paper, the author takes an in depth look at the implementation of security in some most popular distributed systems and also the methodology used for Security Issues the attacks in distributed System is discussed.

II. DISTRIBUTED SYSTEMS
There are many distributed systems in operation today.The following are some of the most popular distributed systems in use today.
 Cluster Computing  Grid Computing  Distributed storage systems  Distributed databases

A. Cluster Computing
Computers communicating over a high speed network can be made to work and present itself as a single computer to the users.A set of computers that are grouped together in such a manner that they form a single resource pool is called a cluster.Any task that has been assigned to the cluster would run on all the computers in the cluster in a parallel fashion by breaking the whole task into smaller self contained tasks.Then, the result of the smaller tasks would be combined to form the final result [5].
Cluster computing helps organizations to increase their computing power using the standard and commonly available technology.These hardware and software which are commonly known as commodity items can be purchased from the market at relatively low cost [6].Cluster computing has seen tremendous growth in the recent years.Around 80 percent of top 500 supercomputing centers in the world are using clusters.Clusters are used primarily to run scientific, engineering, commercial, and industrial applications that require high availability and high throughput processing [7].Protein sequencing in biomedical applications, earth quake simulation in civil engineering, petroleum reservoir simulation in earth resource and petroleum engineering and replicated and distributed storage and backup servers for high demand web based business applications are a few examples for applications which primarily run on clusters [8][9][10][11].Fig. 1 shows a typical arrangement of computers in a Computing Cluster.

B. Grid Compuring
Grid is a type of distributed computing system where a large number of small loosely coupled computers are brought together to form a large virtual supercomputer.This virtual super computer has to perform tasks that are large for any single computer to perform within a reasonable time.
Grid is defined as a parallel and distributed system that is capable of selecting, sharing, and aggregating geographically distributed resources dynamically at runtime based on their availability, capability, performance, and cost meeting the users' Quality of Service (QoS) requirements [12].Grid computing combines computing resources distributed across a large geographical area belonging to different persons and organization.The main purpose of the grid system is to collaboratively work across multiple systems to solve single computing task by dividing the task into smaller self contained tasks and distributing those tasks to different computers.
The middleware used in grid computing is responsible for dividing and apportioning the tasks.The size of a grid system can vary from few hundred computers within an organization to large systems consisting of thousands of nodes across multiple organizations.Small grids confined to a single organization is commonly known as intra-node corporation while the larger wider system is referred to as inter node corporation [13].Fig. 2 shows Grid System distributed across heterogeneous computing platforms.Grids have been used to perform computationally intensive scientific, mathematical, and academic problems through volunteer computing.Drug discovery, economic forecasting, seismic analysis, and back office data processing for e-commerce are a few of the tasks that are commonly solved using grid computing.

C. Distributed Storage Systems
The rapid growth of storage volume, bandwidth and computation resources along with the reduction in the cost of storage devices have fueled popularity of distributed storage systems.The main objective of distributing storage across multiple devices is to protect the data in case of disk failure through redundant storage in multiple devices and to make data available closer to the user in massively distributed system [14].There are mainly four types of distributed storage systems.There are namely, Server Attached Redundant Array of Independent Disks (RAID), centralized RAID, Network Attached Storage (NAS) and Storage Area Network (SAN).NAS and SAN are the most popular distributed storage techniques out of the four.NAS and SAN have slight differences in techniques adopted for transferring data between devices and the performance due to this difference.NAS mainly uses TCP/IP protocol to transfer data across multiple devices whereas SAN uses SCSI setup on fiber channels.Hence NAS can be implemented on any physical network supporting TCP/IP such as Ethernet, FDDI, or ATM.But SAN can be implemented only fiber channel.SAN has better performance compared NAS as TCP has higher overhead and SCSI faster than TCP/IP networks.

D. Distributed Databasee System
Distributed database system is a collection of independent database systems distributed across multiple computers that collaboratively store data in such a manner that a user can access data from anywhere as if it has been stored locally irrespective of where the data is actually stored.Fig. 4 shows an arrangement of distributed database system across multiple network sites.

III. SECURITY IN DISTRIBUTED SYSTEMS
Security is one of the most important issues in distributed systems.When data is distributed across multiple networks or information is transferred via public networks, it becomes vulnerable to attacks by mischievous elements.Similarly other computing resources like processors, storage devices, networks etc., can also be attacked by hackers.

A. Security for Computing Clusters
When the computing clusters are made available to the public or networks are setup using public resources such as the Internet, they become subject to various kinds of attacks.The most common types of attacks on the clusters are computation-cycle stealing, inter-node communication snooping, and cluster service disruption.Hence the clusters have been protected by security mechanisms that include services like authentication, integrity check, and confidentiality.The main purpose of the security mechanisms is to protect the system against hackers as well as to meet the security requirements of the applications.
Li and Vaughn have studied the security vulnerabilities of computing clusters using exploitation graphs (egraphs).They have modeled several attacks that can be carried on all three pillars of security namely, confidentiality, integrity and availability.They have shown that e-graphs can be simplified based on domain knowledge such as cluster configurations, detected vulnerabilities, etc. they further state that this technique could be used for certification of clusters with the help of a knowledge base of cluster vulnerabilities.
Xie and Qin have developed two resource allocation schemes named Deadline and Security constraints (TAPADS) and Security-Aware and Heterogeneity-Aware Resource allocation for Parallel jobs (SHARP).These two schemes ensure that parallel applications executed on computing clusters meet the security requirements while meeting the deadline of executions .Hence it could be seen that if these schemes ensure mainly the availability of the system as timely execution of an application is an indication of the availability of the resources.
Denial of Service (DoS) attack is one of the common attacks on distributed systems.These attack mainly target resources in such a manner that the resources are prevented from carrying out their legitimate operations.A method that uses services and markov chain to mitigate the effects on the DoS attack on a cluster based wireless sensor network has been presented in .
Hence it can be seen that computing clusters are vulnerable to attacks by mischievous elements like hackers and crackers due to its open nature and use of public resources such as the internet.Extensive research has been carried out by several researchers on the security of clusters and they have proposed several methods that can be made used to protect the clusters from these attacks.

B. Grid System Security
Grid computer systems provide several security mechanisms to protect the grid resources against attacks.Middleware is one of the critical system software in the grid infrastructure as it provides the common communication infrastructure and makes the grid services available to applications.Middleware also allows for a uniform security configuration at the service container or messaging level.Grid authentication is based on Public Key Infrastructure (PKI) and capable of handling different types of user credentials such as PKI, SAML, Kerberos tickets, password, etc., Delegation is one of the necessary mechanisms in grid service delivery and is implemented using X.509 Proxy Certificate.Authorization to access grid resources is based on Virtual Organization (VO) attributes assigned to a user and managed by Virtual Organization Membership Service (VOMS).Trust management in grid systems are handled using certificates and trust relations are represented by a certificate chain that include Grid Certification Authority (CA) certificate and other successively generated proxies .Grid authentication module is one of the critical components in preventing external users from randomly accessing internal grid and protecting the grid system from unauthorized users.This module handles security threats from internal network, when certificated grid users carry out illegal (unauthorized) operations within the grid .
These grid security mechanisms are all implemented on almost all grid systems available today.There several grid community initiatives going on in the area of grid middleware interoperability which would finally unify the grid security as a single coherent security platform and scheme.

C. Distributed Storage System Security
Several active researches are going on in the area of threat modeling and developing security model for protecting distributed storage systems.The most important resource in the distributed storage system is the data stored in the storage devices of the system.This data needs to be properly labeled and protected.Also any protection system introduced must be backward compatible in other words; it not only should protect the data stored after the security scheme is installed but also the data that had been there prior to the introduction of that scheme.
Hasan et al., have introduced a threat model named CIAA threat model.This model addresses all the security issues namely, Confidentiality, Integrity, Availability and Authentication.In arriving at this model, authors have organized the threats on a distributed storage system under each category of the CIAA pillars of security and provided techniques that can be used to circumvent the threats.The other security model discussed by the authors is the Data Lifecycle Model that examines the types of threats that may occur at different stages of data state from creation to extinction.Under this model threats have been organized under six groups and solutions have been proposed.
Dikaliotis, Dimakis and Ho have proposed a simple linear hashing technique that can detect errors in the storage nodes in the encoded distributed storage systems .Mutually Cooperative Recovery (MCR) mechanism enables the system to recover data in situations of multiple node failures.The transmission scheme and design a linear network coding scheme based on (n, k) strong-MDS code proposed help recover systems from failure with relative ease [14].
Hence it can be seen that the security schemes in the distributed storage systems mainly concentrate on data security in terms of integrity and failure management (availability).

D. Distributed Database Security
Distributed database management systems face more security threats compared to their counterpart centralized database systems.The development of security for distributed database systems have become more complicated with the introduction of several new database models such as object-oriented database model, temporal database model, object relational database model etc.
In traditional security model, all the data stored in database and the users who access that data belong to the same security level.A multilevel secure database system assigns security level to each transaction and data.Clearance level of a transaction is represented by security level assigned to it and the classification level of data is given by the classification level.A multilevel secure database management system (MLS/DBMS) restricts database operations based on the security levels .From the above discussion, it can be seen that by introducing the military information classification and access control security of distributed databases can be enhanced.
Zubi has presented a design that would improve the scalability, accessibility and flexibility while accessing various types of data in a distributed database system.He has also proposed multi level access control, confidentiality, reliability, integrity and recovery to manage the security of a distributed database system.

IV. SUMMARY
From the above discussion, it can be seen that security becomes more prominent when the systems have been distributed across over multiple geographic locations.Each type of distributed system has its own peculiar security requirements.But, all the systems have the common CIA triad as the heart of any security implementation.In computing clusters and grids the security mainly concentrates on protecting the data in transit and access to distributed resources.Security in clusters is somewhat simpler compared to grid due to homogeneous nature of clusters.One of the main attacks that has been carried out on clusters is the Denial of Service (DoS) attack.Researchers have proposed novel methods based on markov chain to mitigate the impact of DoS attacks.
In grid the middleware layer provides the platform for the implementation of security on the entire grid system.Grid system use strong security based on PKI and X.509 certificates.The user authentication module in the grid provides security against threats by external sources and illegal actions by internal users.
Security of distributed storage systems mainly concentrate on securing data.The main areas concentrated on distributed storage are protection against data corruption and protection of data in situations of node failures.Researchers have proposed various models and schemes to protect the storage system against attacks and node failures.In distributed database system, the security implementation has been made more complicated due to the availability of different kinds of database models.But researchers have shown that by applying multi level security based on military information classification and access control, distributed database security can be enhanced.

V. METHODOLOGY USED FOR SECURITY ISSUES
In this section there is discussion of security methodology and their management for information, physical and network security and authentication A. Security of Information Information which is maintained in the database is very important for the company.It is essential for any organization to store the data for future purpose and retrieve it or manipulate it for later use..There are three main constraints which should be properly maintain on the information 1) Integrity -Integrity of information means that information should be complete and accurate it should not be modified without permission of it's legitimate user.2) Confidentiality -Confidentiality of information means information should not be access or used by unauthorized user.It should be secure.3) Availability-Availability of information means that whatever information is needed by the legitimate user/system at any time should be available to that user/system.
When the private network of any company is connected to Internet or distributed system then chances of attack on the internal network, information and many application which use this information may run on different machine either may be desktop or mobile devices are increased.Intrusion detection system should be installed on these machine or devices for security.Design of storage device also affects distributed system services The storage device design should have the features that data should be available to client in different geographical location quickly and personal and private detail should be controlled.[2]Now a days to maintain the security of data two main techniques are used in distributed system these are replication and secret sharing.The architecture based on the design data store is implemented by a set of number of server, Client make read and write operations with subset of servers.This can be assume as a public key infrastructure each client and server has a private key for which the public key is known.All the channel are secure against eavesdropping and replay attack.At each receiver, requests are authorized using access control list, which are updated securely time to time by a system administrator, using separate service.B. Physical Security in Distributed System All the elements of a distributed system should be physically protected.Some [3] Internal control procedures are necessary for all hardware and software deployed in distributed, and less secure, environments.The level of security surrounding any hardware and software should depend on the sensitivity of the data that can be accessed, the significance of applications processed, the cost of the equipment, and the availability of backup equipment.Because of their portability and location in distributed environments, personal computers (PCs) often are prime targets for theft and misuse.The location of PCs and the sensitivity of the data and systems they access determine the extent of physical security required.In these cases, some companies, institutions should consider securing PCs to workstations, locking or removing disk drives and unnecessary physical ports, and using screensaver passwords or automatic timeouts.Employees also should have only the access to PCs and data they need to perform their job.The sensitivity of the data processed or accessed by the computer usually dictates the level of control required.The effectiveness of security measures depends on employee awareness and enforcement of these controls.Physical security of networks as well as PCs also includes power protection, physical locks, and secure work areas enforced by security guards.Physical access to the network components (files, applications, communications, etc.) should be limited to those who require access to perform their jobs.Network workstations or PCs should be password protected and monitored for workstation activity.All of these activities affect the services provided by the distributed system.In a distributed network frequencies emission also an important factor by which physical security can be controlled,these frequencies emissions are either intentional and unintentional.Intentional emissions are those broadcast, for instance, by a wireless network.Unintentional emissions are the normally occurring radiation from monitors, keyboards, disk drives, and other devices.Shielding is a primary control over emissions.The goal of shielding is to confine a signal to a defined area.An example of shielding is the use of foil-backed wallboard and window treatments.Once a signal is confined to a defined area, additional controls can be implemented in that area to further minimize the risk that the signal will be intercepted or changed.C. Security of Network and Authentication Policy Technical security of network in distributed system is main area of focus in security of distributed environment.It basically involve how we make secures the network from network related attacks and how we handle the authentication mechanism.The paper basically focused on firewall technique for security of network and Kerberos for authentication.1) Firewall to Protect Network Firewall is a system that is the sole point of connection between the internal network and protect it from the outside network.Basically firewall protect a network from unauthorized traffic by filtering out the unwanted traffic coming into or going from the secure network.There are certain decision rules in firewall technology on the basis of these rule firewall filter the data packet.These rules are based on predefined security policies.Routers also present a useful choke point for all of the traffic entering or leaving a network.In some cases attacker may hide the actual address of the data packet and make the address like the packet belong to internal network destination send to internal networkthat is, packets that claim to be coming from internal machines but that are actually coming in from the outside -because such packets are usually part of address-spoofing attacks.[4] In such attacks, an attacker is pretending to be coming from an internal machine.So in such cases Decision-making of this kind can be done only in a filtering router at the perimeter of your network.Only a filtering router in that location which is the boundary between "inside" and "outside" network is able to recognize such a packet, by looking at the source address and whether the packet came from internal network connection or the external network connection.The below figure i.e., Fig. 5 shows that interior router which work as firewall identify the packet which is actually send by attacker and reject the data packet which actually coming from attacker.[5]The Methodology used in firewall is that it divide the whole network into three zoneinternal network, demilitarized zone (DMZ) and the out side network.Here DMZ play an important role the DMZ is used to handle the services such as DNS and email server that need to access from outside.DMZ can be accessible by both internal network and outside network but host in DMZ network can not access the internal network, in this way internal network is secure.Optimization techniques which make it's working more efficient.The general framework suggested in [6], for rule based firewall optimization.In framework, it captures the semantics of ACL (Access Control List) in terms whether each packet is accepted or rejected.To accomplish this, it divides packet space into independent partitions to correctly consider the changed set of packets matched by rules as the packets are processed within an ACL.Additionally, it compared to existing approaches.In this way, this model is able to find the optimal rule for reordering.Thus, it can also be used to compare and evaluate other optimization approaches and recognize their practical benefits and limitations.Authors in [6], focuses on the optimality of rule orders generated by the optimization rather than running time of the optimization algorithms because its direct impact on firewall performance and running time optimization does not affect firewall performance and one-time offline process.The process used for firewall optimization provides an algorithm, which given an ACL and a traffic profile, produces the optimal reordered rules.It is based on a novel rule-based partitioning of the packet space and reduction to integer programming.It formally establishes the correctness of the algorithm.It uses a semantic formalization of firewalls and its equivalence.An equivalence argument connecting this formalization with the reduction to integer programming..It provides an evaluation framework for rule based firewall optimization techniques.It is specially used to empirically evaluate two representative heuristic algorithms.New one additional introduced production firewall configuration, which is effective for understanding the tradeoffs of firewall optimization techniques.
2) Kerberos for Authentication in Distributed System.Due to increasing use if internet and technology enabled business activities, may organization use encryption technique to protect sensitive information transmitted over the internet and other networks.in the area of online application and client server computing where communication is TCP/IP Based there Kerberos protocol is used.Kerberos is an authentication system which is used in distributed system.It is adopted by many enterprises, organizations, universities.[7]Kerberos use cryptography concept.Kerberos provides evidence of a principal's identity to protect against the identity related attacks.In the working of Kerberos principal is main actor a principal is generally either a user or a particular service on home machine.A principal consists of the three-tuple: <primaryname, instance, realm>.If the principal is a usera genuine personthe primary name is the login identifier which may be any email id or user name which is unique to each user and the instance is either null or represents particular attributes of the user that is root.If the principal is not a user it is a service of the system , then service name is used as the primary name and the machine name is used as the instance i.e. rlogin.myhost.The realm is used to distinguish among different authentication domains.Kerberos principals may obtain tickets for services from a special server known as the ticket granting server, or TGS.A ticket contains assorted information identifying the principal, encrypted in the private key of the service.Here are some notation used in this technique {Tc,s }Ks = {s, c, addr, timestamp, lifetime, {Kc,s }c client principal, s server principal, tgs ticket-granting server,Kx private key of ‗x',Kc,s session key for ‗c' and ‗s',{in f o}Kx info encrypted in key Kx.{Tc,s }Ks Encrypted ticket for ‗c' to use ‗s'.{Ac }Kc,s Encrypted authenticator for ‗c' to use ‗s' addr client's IP address.Since only Kerberos and the service share the private key Ks, the ticket is known to be authentic.The ticket contains a new private session key, Kc,s , known to the client as well; this key may beused to encrypt transactions during the session.To guard against replay attacks, all ticketspresented are accompanied by an authenticator: {Ac }Kc,s = {c, addr, timestamp}Kc,s [7]This is a brief string encrypted in the session key and containing a timestamp; if the time does not match the current time within the (predetermined) clock skew limits, the request is assumed to be fraudulent.For services where the client needs bidirectional authentication, the server can reply with {timestamp + 1} Kc, s This demonstrates that the server was able to read timestamp from the authenticator, and hence that it knew Kc,s; that in turn is only available in the ticket, which is encrypted in the server's private key.Tickets are obtained from the TGS by sending a requests, {Tc,tgs }Ktgs , {Ac }Kc,tgs .In other words, an ordinary ticket/authenticator pair is used; the ticket is known as the ticket granting ticket.The TGS responds with a ticket for server s and a copy of Kc,s, all encrypted with a private key shared by the TGS and the principal: {{Tc,s }K s ,Kc, s }Kc,tgs.The session key Kc,s is a newly-chosen random key.The key Kc,tgs and the ticketgranting ticket itself, are obtained at session-start time.The client sends a message to Kerberos with a principal name; Kerberos responds with{Kc,tgs ,{Tc, tgs }Kegs }Kc The client key Kc is derived from a noninvertible transform of the user's typed password.Thus, all privileges depend ultimately on this one key.Note that servers must possess private keys of their own, in order to decrypt tickets.These keys are stored in a secure location on the server's machine.The below Fig. 6 illustrates the complete Kerberos Authentication protocol.The paper focused on Distributed denial of services and Identity attacks that mostly occur in distributed system .A. Distributed Denial of Services Attack Denial of services is an attack in which the main purpose of attacker or hacker is to destroy the service of resources used by the legitimate user when this attack occur in distributed system then it is called distributed denial of of-service (DDoS) attack is one in which a multitude of compromised systems attack a single target, and causing denial of service for users of the targeted system.The flood of incoming messages to the target system essentially forces it to shut down, thereby denying service to the system to legitimate users.In a typical DDoS attack, a hacker begins by exploiting a vulnerability in one computer system and making it the DDoS master.It is from the master system that the intruder identifies and communicates with other systems that can be compromised.The intruder loads cracking tools available on the Internet.With a single command, the intruder instructs the controlled machines to launch one of many flood attacks against a specified target.The inundation of packets to the target causes a denial of service.Yahoo, Buy.com, RIAA and the United States Copyright Office are among the victims of DDoS attacks.DDoS attacks can also create more widespread disruption.In October 2010, for example, a massive DDoS attack took the entire country of Myanmar offline.A computer under the control of an intruder is known as a zombie .B. DDoS Prevention Many researchers are working for the solutions by which DDoS can be prevented.The paper focus on some exiting solutions and some suggested solution for DDoS.Some current effort to prevent DDoS are following-1) ISP Filtering -Almost all ISPs have IP filters to try preventing various types of attacks.A lot of ISPs detect malicious packets with known signatures and/or bad TCP/UDP options.This also prevents few attack vectors [8].Government can also help in case of such type of attacks, governments can enforce policies on some ISPs to block certain routes and/or subnets in case of attacks.But these efforts are very local even ISPs in the same country often do not share data about blacklisted IPs or malicious hosts.2) Monitoring Teams -There are several teams that monitor internet activity and create a dynamic list of IPs with a metric for their threat level.Team Cymru, as an example, monitors specific Internet critical infrastructure, providing the results in this section.This permits the viewer to determine the scope and duration of Internet-effecting outages, and the localized effect of such outages.Many such monitoring projects use ICMP (ping), yet this isn't a great measure of performance.For this reason we also monitor connectivity to Internet critical infrastructure and between Team Cymru pods using both TCP and UDP.The monitoring focuses on DNS and BGP, the two most critical services.3) Hunting Tools -There are several tools for hunting botnets that are not publicly available used by some law enforcement authorities.Microsoft has developed one of those tools recently.Although Microsoft is reluctant to give out details on its botnet buster -the company said that even revealing its name could give cyber criminals a clue on how to thwart it!companyexecutives [8].Some other solution may be suggested to prevent the DDoS are Heterogeneity in Operating System and Cloud Computing .When There is only one operating system in the world that everybody uses.Now it's going to be very easy for the attackers to write one exploit that runs on every single machine on earth!On the contrary, if every single machine had its own operating system, then an attacker must write malware for every specific user.In this latter scenario, botnets would not exist for sure.It would require a gigantic amount of work.The point from this argument is that heterogeneity of platforms makes it statistically harder on the attacker to write a malware that spreads well.The problem is that most of the personal computers on earth run Microsoft software.Recently, servers also are migrating to Microsoft.This fact makes the decision pretty easy for the attacker when he is choosing the platform under which his agents are going to work.
[8]Cloud computing has been out there for while now.It is actually doing quite well.Amazon EC2 and Google clouds are getting pretty big and are used in numerous ways.Unfortunately, cloud computing is used for bad purposes also.Phishers are using cloud endpoints to provide their network with load balancing and survivability.Fast-flux enabled phishing sites using rapid DNS rotation across a large number of end points helps phishers evade most filters.With backup websites on the cloud and a good plan for the rotation, one could make use of multiple small servers across multiple cloud vendors and survive a strong DDoS attack.B. Identity Attack in Distributed System [9] In structured P2P application used Key-Based Routing (KBR) to assign application components such as traffic indirection, storage servers or measurement servers to the live node in the network.An attacker can take control and maintain KBR messages as its own.Attacker, make use of KBR information, that each node only sees a small subset of the overlay members.It is known as Identity attack.Any spiteful peer on the path of a KBR message can respond to the source code and maintain, as it is request's destination.The undetected attacker takes a control of particular key and its related applications.Multiple attackers can jointly perform stronger attacks.That is, separate the node from the network and effectively perform the manual partitioning of the overlay.Nodes detect the identity attack through the generation and timely distribution of self-verifying, -Existence proofs‖.The overlay nodes periodically, sign and distribute these proofs on behalf of well-defined regions of the namespace they reside in .For each section, a small number of randomly selected proofs are stored and provide them on request through proof manager.Existence proofs are digitally signed certificates.In [9], Self-verifying evidence of an attack is the first mechanism, used to track down and mark attackers.It also allowing overlay peers to locate and avoid attacker's node in favor of more reliable alternative routes.Second mechanism is to track attackers via blacklist; it verifies the valid evidence of the interested third parties in the network.If it found, adds it to the blacklist.Each node on the blacklist has an associated counter, which is incremented each time a new alert is presented showing that node performed an attack.Third mechanism is evading attacker via malice-aware routing.In this technique, once attackers have been identified with blacklists, nodes can actively avoid them when routing KBR requests.

A. Securing P2P Network against Identity Attack
Structured P2P overlay can simplify data storage and management for a verity of large scale Distributed applications.Thus, the usefulness of the infrastructure has been validated by study of real world use of structured overlay applications [9].Still, these applications infrastructures are susceptible to numerous critical spiteful attacks.One of them is Identity attack, which allows the spiteful peer in the network to capture application request and assume the responsibility of any application component.Below Fig. 7 explains about the Identity attack.

VII. CONCLUSION
In this paper, the development of distributed systems was discussed in terms of what a distributed system is and the objectives of setting up a distributed system.From all the available distributed systems, four most commonly used distributed systems were discussed in depth and then the security issues faced by these systems and the solutions proposed by various researchers were discussed in depth.Finally the security issues and solutions proposed for different systems were summarized and compared with each other.
In this paper different security aspect in like information security , physical security , technical security of networks are studied.All these securities should be properly implemented in distributed environment.In this paper the techniques to implement these securities has been discussed.In this paper two attack DDoS and Identity Attack are also discussed.These attack may occur in distributed system and also has been occurred in the past.In this paper solution for these attack have been discussed.However after studied all these making the distributed system more adaptive and dynamic is a typical.

Fig. 3
Fig.3shows the typical arrangement of distributed storage system.

Figure 7 .
Figure 7.The Identity Attack.1023 sends a message towards key 3222.Before the message reaches the root 3223, an attacker intercepts it and responds as the root.