Virtual Security in Cloud Networks

233
-1

Published on

Understanding the difference between Cloud and Virtualization

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
233
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
29
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • http://news.cnet.com/twitter-phishing-scam-may-be-spreading/
  • http://community.ca.com/blogs/securityadvisor/archive/2009/12/09/zeus-in-the-cloud.aspx
  • Virtual Security in Cloud Networks

    1. 1. Flash TalkPrivacy, Security and Trust Issues arising from Cloud Computing
    2. 2. Who Am I?Marcelo Greboisgrebois@gmail.comwww.linkedin.com/grebois@Grebois
    3. 3. General Idea and Agenda
    4. 4. Not Focusing on any vendor
    5. 5. Intended AudienceThis presentation is more theorical thantechnical so its main audience is;- All Sysadmins- Security Auditors- Infrastructure designers- Virtualization professionals
    6. 6. NIST definition of Cloud Computing “Cloud computing is a model for enablingconvenient, on-demand network access to a shared pool of configurable computing resources(e.g., networks, servers, storage, applications , and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.”
    7. 7. What is NOT cloud computing NIST does not include virtualization as part of their cloud description so; CLOUD COMPUTING IS NOT VIRTUALIZATIONCloud Computing is a new paradigm that offers a number of new features.Any new paradigm has weaknesses characteristic to its very design.
    8. 8. The Power Grid Analogy
    9. 9. What they want us to believe- Totally secure- Management Free- Pay-as-you-go- No Downtime
    10. 10. networkNetwork AdminServer AdminApplication Owners ?Data Custodians Traditional Security Who’s Watching? VM Process Service VM Process Service VM Process Service VM Process Service VM Process Service Physical NICs VM Process Service VM VM VM Process Service VM Process Service Management VM Process Service VM Physical Network Virtual Network
    11. 11. Virtualization & Cloud Security What is so scary about “the cloud”? Today’s   ata  Center D Tomorrow’s   ublic  Cloud P ? ? ? ? ?We Have Control ? Who Has Control?It’s located at X. Where is it located?It’s stored in server’s Y, Z. Where is it stored?We have backups in place. Who backs it up?Our admins control access. Who has access?Our uptime is sufficient. How resilient is it?The auditors are happy. How do auditors observe?Our security team is engaged. How does our security team engage?
    12. 12. Market Analysis Gmail Google Apps SaaS – Software as a Service(Platform , Scaling and Hardware transparent) Live workspace Salesforce.com Increasing Virtualization Microsoft Force.com Sun Caroline PaaS – Platform as a Service Google app Microsoft Azure(Hardware Provisioning Hidden – Automatic Scaling) engine Amazon Simple DB Amazon HaaS – Hardware as a Service EC2/S3Programmatic Interface for Hardware Provisioning In house hosted Bare Metal serversPeople Process based hardware provisioning EDS (Infrastructure Outsourcing) Flexibility of Offering
    13. 13. 19
    14. 14. Lord of the Rings
    15. 15. The usual suspects
    16. 16. FOCUS ON DATADon’t let one person managing all the devices • Enforce Separation of Duties (SOD) SOD makes sure that one individual cannot complete a critical task by himself.Avoid the same person can manage the hosts and theVirtual MachineUse Role Based Access Control • RBAC is the model used in Virtual Center
    17. 17. Authentication Network Access Control grants access to enterprise networkresources is granted based upon authentication of the user and device as well as only if compliat with policy
    18. 18. AuthorizationComplexity in the Cloud overnance/Risk orkload Risk EC2 App Virt Web Service PolicyApp Guidance OSOS Best Practices Hypervisor BLADE SAN Coherence Security Posture and Behavior Coupling
    19. 19. Follow best practices Fabric: Lots of Configuration!2
    20. 20. Enforce Strong Access Controls Security Implementation in Principle VI Least Roles with only Joe Privileges required privileges Separation of Roles applied only Harry Duties to required objects Administrator Operator User Anne
    21. 21. Keep follow best practices
    22. 22. Virtualization & Cloud SecurityLayers of a typical Cloud Service Application as a service SAAS PAAS IAAS Application software licensed for use as a Cloud Delivered service provided to customers on demand Services Platform as a service Optimized middleware – application servers, database servers, portal servers Infrastructure as a service Virtualized servers, storage, networking Business Support Services Cloud Platform Offering Mgmt, Customer Mgmt, Ordering Mgmt, Billing Operational Support Services Infrastructure Provisioning Instance, Image, Resource / Asset Mgmt Virtualized Resources Virtual Network, Server, Storage System Resources Network, Server, Storage Physical System and Environment
    23. 23. Virtualization & Cloud SecurityCloud Security Application as a service Application software licensed for use as a Cloud Delivered service provided to customers on demand  Secure integration with existing Services Platform as a service enterprise security infrastructure Optimized middleware – application servers, database servers, portal servers  Federated identity / identity as a service  Authorization, entitlements Infrastructure as a service  Log, audit and compliance reporting Virtualized servers, storage, networking  Intrusion prevention Business Support Services Cloud Platform Offering Mgmt, Customer Mgmt, Ordering Mgmt, Billing  Process isolation, data segregation Operational Support Services  Control of privileged user access Infrastructure Provisioning Instance, Image, Resource / Asset Mgmt  Provisioning w/ security and location constraints Virtualized Resources  Image provenance, image & VM integrity Virtual Network, Server, Storage  Multi-tenant security services (identity, compliance reporting, etc.) System Resources Network, Server, Storage  Multi-tenant intrusion prevention  Consistency top-to-bottom Physical System and Environment
    24. 24. Virtualization & Cloud SecurityCloud Security = SOA Security + Virtualization Security Application as a service Application software licensed for use as a Cloud Delivered service provided to customers on demand Services Platform as a service Optimized middleware – application servers, Service Oriented Architecture (SOA) database servers, portal servers Security Infrastructure as a service Virtualized servers, storage, networking Business Support Services Cloud Platform Offering Mgmt, Customer Mgmt, Ordering Mgmt, Billing Operational Support Services Infrastructure Provisioning Instance, Image, Resource / Asset Mgmt Virtualization Security Virtualized Resources Virtual Network, Server, Storage System Resources Network, Server, Storage Physical System and Environment
    25. 25. Incident Analysis• Most CSP does not provide incident analysis• Access to log is restricted to the customers• Forensics become almost impossible• CSP force you to trust in their security
    26. 26. Is not that bad!• Possible solutions are; • HIDS • Virtual Firewalls • Catbird Security • Vshield• Of course the old ones; • Data encryption • Data integrity check ( during VMs transfer )
    1. A particular slide catching your eye?

      Clipping is a handy way to collect important slides you want to go back to later.

    ×