Your SlideShare is downloading. ×
0
Virtual Security in Cloud Networks
Virtual Security in Cloud Networks
Virtual Security in Cloud Networks
Virtual Security in Cloud Networks
Virtual Security in Cloud Networks
Virtual Security in Cloud Networks
Virtual Security in Cloud Networks
Virtual Security in Cloud Networks
Virtual Security in Cloud Networks
Virtual Security in Cloud Networks
Virtual Security in Cloud Networks
Virtual Security in Cloud Networks
Virtual Security in Cloud Networks
Virtual Security in Cloud Networks
Virtual Security in Cloud Networks
Virtual Security in Cloud Networks
Virtual Security in Cloud Networks
Virtual Security in Cloud Networks
Virtual Security in Cloud Networks
Virtual Security in Cloud Networks
Virtual Security in Cloud Networks
Virtual Security in Cloud Networks
Virtual Security in Cloud Networks
Virtual Security in Cloud Networks
Virtual Security in Cloud Networks
Virtual Security in Cloud Networks
Virtual Security in Cloud Networks
Virtual Security in Cloud Networks
Virtual Security in Cloud Networks
Virtual Security in Cloud Networks
Virtual Security in Cloud Networks
Virtual Security in Cloud Networks
Virtual Security in Cloud Networks
Virtual Security in Cloud Networks
Virtual Security in Cloud Networks
Virtual Security in Cloud Networks
Virtual Security in Cloud Networks
Virtual Security in Cloud Networks
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Virtual Security in Cloud Networks

195

Published on

Understanding the difference between Cloud and Virtualization

Understanding the difference between Cloud and Virtualization

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
195
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
29
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • http://news.cnet.com/twitter-phishing-scam-may-be-spreading/
  • http://community.ca.com/blogs/securityadvisor/archive/2009/12/09/zeus-in-the-cloud.aspx
  • Transcript

    • 1. Flash TalkPrivacy, Security and Trust Issues arising from Cloud Computing
    • 2. Who Am I?Marcelo Greboisgrebois@gmail.comwww.linkedin.com/grebois@Grebois
    • 3. General Idea and Agenda
    • 4. Not Focusing on any vendor
    • 5. Intended AudienceThis presentation is more theorical thantechnical so its main audience is;- All Sysadmins- Security Auditors- Infrastructure designers- Virtualization professionals
    • 6. NIST definition of Cloud Computing “Cloud computing is a model for enablingconvenient, on-demand network access to a shared pool of configurable computing resources(e.g., networks, servers, storage, applications , and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.”
    • 7. What is NOT cloud computing NIST does not include virtualization as part of their cloud description so; CLOUD COMPUTING IS NOT VIRTUALIZATIONCloud Computing is a new paradigm that offers a number of new features.Any new paradigm has weaknesses characteristic to its very design.
    • 8. The Power Grid Analogy
    • 9. What they want us to believe- Totally secure- Management Free- Pay-as-you-go- No Downtime
    • 10. networkNetwork AdminServer AdminApplication Owners ?Data Custodians Traditional Security Who’s Watching? VM Process Service VM Process Service VM Process Service VM Process Service VM Process Service Physical NICs VM Process Service VM VM VM Process Service VM Process Service Management VM Process Service VM Physical Network Virtual Network
    • 11. Virtualization & Cloud Security What is so scary about “the cloud”? Today’s   ata  Center D Tomorrow’s   ublic  Cloud P ? ? ? ? ?We Have Control ? Who Has Control?It’s located at X. Where is it located?It’s stored in server’s Y, Z. Where is it stored?We have backups in place. Who backs it up?Our admins control access. Who has access?Our uptime is sufficient. How resilient is it?The auditors are happy. How do auditors observe?Our security team is engaged. How does our security team engage?
    • 12. Market Analysis Gmail Google Apps SaaS – Software as a Service(Platform , Scaling and Hardware transparent) Live workspace Salesforce.com Increasing Virtualization Microsoft Force.com Sun Caroline PaaS – Platform as a Service Google app Microsoft Azure(Hardware Provisioning Hidden – Automatic Scaling) engine Amazon Simple DB Amazon HaaS – Hardware as a Service EC2/S3Programmatic Interface for Hardware Provisioning In house hosted Bare Metal serversPeople Process based hardware provisioning EDS (Infrastructure Outsourcing) Flexibility of Offering
    • 13. 19
    • 14. Lord of the Rings
    • 15. The usual suspects
    • 16. FOCUS ON DATADon’t let one person managing all the devices • Enforce Separation of Duties (SOD) SOD makes sure that one individual cannot complete a critical task by himself.Avoid the same person can manage the hosts and theVirtual MachineUse Role Based Access Control • RBAC is the model used in Virtual Center
    • 17. Authentication Network Access Control grants access to enterprise networkresources is granted based upon authentication of the user and device as well as only if compliat with policy
    • 18. AuthorizationComplexity in the Cloud overnance/Risk orkload Risk EC2 App Virt Web Service PolicyApp Guidance OSOS Best Practices Hypervisor BLADE SAN Coherence Security Posture and Behavior Coupling
    • 19. Follow best practices Fabric: Lots of Configuration!2
    • 20. Enforce Strong Access Controls Security Implementation in Principle VI Least Roles with only Joe Privileges required privileges Separation of Roles applied only Harry Duties to required objects Administrator Operator User Anne
    • 21. Keep follow best practices
    • 22. Virtualization & Cloud SecurityLayers of a typical Cloud Service Application as a service SAAS PAAS IAAS Application software licensed for use as a Cloud Delivered service provided to customers on demand Services Platform as a service Optimized middleware – application servers, database servers, portal servers Infrastructure as a service Virtualized servers, storage, networking Business Support Services Cloud Platform Offering Mgmt, Customer Mgmt, Ordering Mgmt, Billing Operational Support Services Infrastructure Provisioning Instance, Image, Resource / Asset Mgmt Virtualized Resources Virtual Network, Server, Storage System Resources Network, Server, Storage Physical System and Environment
    • 23. Virtualization & Cloud SecurityCloud Security Application as a service Application software licensed for use as a Cloud Delivered service provided to customers on demand  Secure integration with existing Services Platform as a service enterprise security infrastructure Optimized middleware – application servers, database servers, portal servers  Federated identity / identity as a service  Authorization, entitlements Infrastructure as a service  Log, audit and compliance reporting Virtualized servers, storage, networking  Intrusion prevention Business Support Services Cloud Platform Offering Mgmt, Customer Mgmt, Ordering Mgmt, Billing  Process isolation, data segregation Operational Support Services  Control of privileged user access Infrastructure Provisioning Instance, Image, Resource / Asset Mgmt  Provisioning w/ security and location constraints Virtualized Resources  Image provenance, image & VM integrity Virtual Network, Server, Storage  Multi-tenant security services (identity, compliance reporting, etc.) System Resources Network, Server, Storage  Multi-tenant intrusion prevention  Consistency top-to-bottom Physical System and Environment
    • 24. Virtualization & Cloud SecurityCloud Security = SOA Security + Virtualization Security Application as a service Application software licensed for use as a Cloud Delivered service provided to customers on demand Services Platform as a service Optimized middleware – application servers, Service Oriented Architecture (SOA) database servers, portal servers Security Infrastructure as a service Virtualized servers, storage, networking Business Support Services Cloud Platform Offering Mgmt, Customer Mgmt, Ordering Mgmt, Billing Operational Support Services Infrastructure Provisioning Instance, Image, Resource / Asset Mgmt Virtualization Security Virtualized Resources Virtual Network, Server, Storage System Resources Network, Server, Storage Physical System and Environment
    • 25. Incident Analysis• Most CSP does not provide incident analysis• Access to log is restricted to the customers• Forensics become almost impossible• CSP force you to trust in their security
    • 26. Is not that bad!• Possible solutions are; • HIDS • Virtual Firewalls • Catbird Security • Vshield• Of course the old ones; • Data encryption • Data integrity check ( during VMs transfer )

    ×