• Share
  • Email
  • Embed
  • Like
  • Private Content
OpenStack - Security Professionals Information Exchange
 

OpenStack - Security Professionals Information Exchange

on

  • 2,032 views

A presentation to the Security Professionals Information Exchange in Calgary on Nov. 24, 2011.

A presentation to the Security Professionals Information Exchange in Calgary on Nov. 24, 2011.

Statistics

Views

Total Views
2,032
Views on SlideShare
2,020
Embed Views
12

Actions

Likes
0
Downloads
51
Comments
0

2 Embeds 12

http://paper.li 10
http://us-w1.rockmelt.com 2

Accessibility

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    OpenStack - Security Professionals Information Exchange OpenStack - Security Professionals Information Exchange Presentation Transcript

    • Infrastructure as a Service An Introduction to OpenStack
    • Agenda
      • Introductions
      • Cybera
      • Infrastructure as a Service
      • OpenStack
      • Security Landscape
      • Other Technologies
      • Methodologies
      • Questions
    • Tech Adoption Curve
    • Amazon Web Services
    • OpenStack
      • “ To produce the ubiquitous Open Source cloud computing platform that will meet the needs of public and private cloud providers regardless of size, by being simple to implement and massively scalable.”
    • OpenStack Object Storage
    • OpenStack Object Storage Architecture
    • OpenStack Image Service
    • OpenStack Compute
    • OpenStack Compute Architecture
    • OpenStack Compute Architecture
    • OpenStack Compute Architecture
    • OpenStack Security Fundamentals
      • Keypairs
        • Allows ssh access to your instance
        • Name
        • Public key
        • Private key
        • 1024 bit
        • “ Injected” into VM
      • Security Groups
        • Firewall
        • Name
        • Port
        • IP range
        • Protocol
        • Live outside VM
    • OpenStack Security Fundamentals
      • HTTPS
      • VLANManager mode
        • VLAN and bridge for each project
        • Requires a switch that supports VLAN tagging
        • Private IPs that are only accessible from inside the VLAN
      • Floating IPs
      • VPN
        • A special VPN instance (cloudpipe) needs to be created
        • Certificate and key for the user to access the VPN
        • Haven’t put this to use yet
    • Open Security Architecture: Cloud Computing Pattern
      • Cloud Computing Pattern
      • Controls
    • IaaS Security Best Practices
      • AWS Security Best Practices
        • Protect your data in transit
        • Protect your data at rest
        • Protect your AWS credentials
        • Manage multiple Users and their permissions with IAM
        • Secure your application
    • IaaS Security Best Practices
      • Twenty Rules for Amazon Cloud Security
        • Encrypt all network traffic.
        • Use only encrypted file systems for block devices and non-root local devices.
        • Encrypt everything you put in S3 using strong encryption…
      • Key Security Issues for the Amazon Cloud
        • Amazon is in control of your data.
        • The Amazon S3 cloud storage infrastructure is weakly secured.
        • Perimeter security in the cloud is very different…
    • OpenStack Vulnerability Management
      • wiki.openstack.org/VulnerabilityManagement
      • The OpenStack vulnerability management team is responsible for coordinating the progressive disclosure of a vulnerability.
      • Classification
        • Critical, Normal, Low
      • Process
        • From encrypted email
        • From Launchpad bug entry
        • Coordinated disclosure
    • OpenStack Community
    • OpenStack Projects
      • DAIR
        • www.canarie.ca/en/dair-program/about
        • github.com/canarie/dair
      • Cloud-Enabled Space Weather Platform
        • www.ceswp.ca
      • NeCTAR
        • www.nectar.org.au
    • Other Technologies
      • Virtual Computing Lab
      • StarCluster
      • Moodle
      • Nagios & collectd
      • Puppet
      • KVM
      • Python & Django
      • Groovy & Grails
      • Git
      • Ubuntu & CentOS
      • NoMachine
    • DevOps
      • In a DevOps environment, developers and sysadmins build relationships, processes, and tools that allow them to better interact and ultimately better service the customer.
      • DevOps is also more than just software deployment – it’s a whole new way of thinking about cooperation and coordination between the people who make the software and the people who run it.
      • Infrastructure as Code
    • Scrum
      • Agile
      • Iterative (sprints)
      • Focused on delivery and feedback
      • Customer collaboration
    • Tech Radar
    • Confucius Sez “ Real knowledge is to know the extent of one’s ignorance.”
    • Questions?
      • slideshare.net/cybera/openstack-security-professionals-information-exchange
      • cybera.ca
      • cybera.ca/tech-radar
      • cybera.ca/tech-radar/getting-started-with-cloud-openstack-cybera
      • groups.google.com/group/cybera-tech-radar