SlideShare a Scribd company logo

Cloud_Security_Final

Download as PPTX, PDF
B
Bhavin Shah
1 of 16
Cloud Penetration Testing: Methodology By Bhavin Shah
Testing the Cloud Question Research Threat Statement Experiment and Model Collect Results Propose Solution 2
STEP 1 Ask Questions Key Questions: 1) What are the various techniques used to authenticate users to the cloud?  Why is cloud authentication the paramount component of cloud security? 2) How secure is authentication in the cloud?  Are there security issues in elements other than the cloud system (ex. physical security, databases, etc.) ? 3
 Establish a research environment  OpenStack, open-source cloud software  Research authentication measures for the specified environment  Keystone, OpenStack’s authentication service  Horizon Dashboard, OpenStack’s graphical interface for administrators to manage cloud resources STEP 2 Research 4
STEP 3 Threat Statement An attacker can obtain credentials of the cloud administrator through hacking and/or social engineering and use them to authenticate to a cloud and temporarily or permanently damage normal operations. 5
STEP 4 Normal Operations 6
STEP 5 Vulnerability Testing 7
STEP 6 Results Overview: Information in the captured session cookie revealed user credentials. Why? The credentials were insecure because by default, Horizon uses HTTP for web communications instead of the more secure HTTPS. 8
STEP 7 Devising a Solution Problem Source: Use of HTTP Solution: Enable HTTPS for communications Avoiding similar problems in future:  Follow security guidelines  Properly configure new software  Regularly check existing software for vulnerabilities and apply patches 9
Extra Content  Horizon  Logging  Nova Version  SSH  Image Provision  Devstack Directory 10
11 Shown here is the window used to login to the Horizon Dashboard.
12 The screenshot above shows the process used to enable logging in OpenStack.
13 Shown above is a command used to get the version number of OpenStack’s compute service, Nova.
14 This is an error encountered while using SSH to connect to an OpenStack instance. It is occurring because the key pair file used for security is not being accessed privately by the user who generated it.
15 Above is an image of the OpenStack Dashboard. It currently shows several images that can be launched as instances in the cloud.
16 Below is a screenshot from Ubuntu showing the main devstack directory.

Recommended

Network Analysis Automation In OpenStack
Network Analysis Automation In OpenStackNetwork Analysis Automation In OpenStack
Network Analysis Automation In OpenStackjannahyusoff1
 
Holistic Security for OpenStack Clouds
Holistic Security for OpenStack CloudsHolistic Security for OpenStack Clouds
Holistic Security for OpenStack CloudsMajor Hayden
 
OpenStack Security Project
OpenStack Security ProjectOpenStack Security Project
OpenStack Security ProjectTravis McPeak
 
BlueHat v17 || Go Hunt: An Automated Approach for Security Alert Validation
BlueHat v17 || Go Hunt: An Automated Approach for Security Alert Validation BlueHat v17 || Go Hunt: An Automated Approach for Security Alert Validation
BlueHat v17 || Go Hunt: An Automated Approach for Security Alert Validation BlueHat Security Conference
 
Shmoocon 2013 - OpenStack Security Brief
Shmoocon 2013 - OpenStack Security BriefShmoocon 2013 - OpenStack Security Brief
Shmoocon 2013 - OpenStack Security Briefopenfly
 
Security Issues in OpenStack
Security Issues in OpenStackSecurity Issues in OpenStack
Security Issues in OpenStackoldbam
 
Openstack security presentation 2013
Openstack security presentation 2013Openstack security presentation 2013
Openstack security presentation 2013brian_chong
 
An Inconvenient Truth: Evading the Ransomware Protection in Windows 10
An Inconvenient Truth: Evading the Ransomware Protection in Windows 10An Inconvenient Truth: Evading the Ransomware Protection in Windows 10
An Inconvenient Truth: Evading the Ransomware Protection in Windows 10Soya Aoyama
 

Recommended

Network Analysis Automation In OpenStack
Network Analysis Automation In OpenStackNetwork Analysis Automation In OpenStack
Network Analysis Automation In OpenStackjannahyusoff1
 
Holistic Security for OpenStack Clouds
Holistic Security for OpenStack CloudsHolistic Security for OpenStack Clouds
Holistic Security for OpenStack CloudsMajor Hayden
 
OpenStack Security Project
OpenStack Security ProjectOpenStack Security Project
OpenStack Security ProjectTravis McPeak
 
BlueHat v17 || Go Hunt: An Automated Approach for Security Alert Validation
BlueHat v17 || Go Hunt: An Automated Approach for Security Alert Validation BlueHat v17 || Go Hunt: An Automated Approach for Security Alert Validation
BlueHat v17 || Go Hunt: An Automated Approach for Security Alert Validation BlueHat Security Conference
 
Shmoocon 2013 - OpenStack Security Brief
Shmoocon 2013 - OpenStack Security BriefShmoocon 2013 - OpenStack Security Brief
Shmoocon 2013 - OpenStack Security Briefopenfly
 
Security Issues in OpenStack
Security Issues in OpenStackSecurity Issues in OpenStack
Security Issues in OpenStackoldbam
 
Openstack security presentation 2013
Openstack security presentation 2013Openstack security presentation 2013
Openstack security presentation 2013brian_chong
 
An Inconvenient Truth: Evading the Ransomware Protection in Windows 10
An Inconvenient Truth: Evading the Ransomware Protection in Windows 10An Inconvenient Truth: Evading the Ransomware Protection in Windows 10
An Inconvenient Truth: Evading the Ransomware Protection in Windows 10Soya Aoyama
 
OpenStack: Security Beyond Firewalls
OpenStack: Security Beyond FirewallsOpenStack: Security Beyond Firewalls
OpenStack: Security Beyond FirewallsGiuseppe Paterno'
 
BlueHat v17 || Scaling Incident Response - 5 Keys to Successful Defense at S...
BlueHat v17 || Scaling Incident Response - 5 Keys to Successful Defense at S... BlueHat v17 || Scaling Incident Response - 5 Keys to Successful Defense at S...
BlueHat v17 || Scaling Incident Response - 5 Keys to Successful Defense at S...BlueHat Security Conference
 
Connection String Parameter Pollution Attacks
Connection String Parameter Pollution AttacksConnection String Parameter Pollution Attacks
Connection String Parameter Pollution AttacksChema Alonso
 
Injection flaw teaser
Injection flaw teaserInjection flaw teaser
Injection flaw teaserNotSoSecure Global Services
 
Secure Keystone Deployment
Secure Keystone DeploymentSecure Keystone Deployment
Secure Keystone DeploymentPriti Desai
 
key aggregate cryptosystem for scalable data sharing in cloud storage abstract
key aggregate cryptosystem for scalable data sharing in cloud storage abstractkey aggregate cryptosystem for scalable data sharing in cloud storage abstract
key aggregate cryptosystem for scalable data sharing in cloud storage abstractSanjana Yemajala
 
Microsoft Ignite session: Look under the hood: bypassing antimalware tactics ...
Microsoft Ignite session: Look under the hood: bypassing antimalware tactics ...Microsoft Ignite session: Look under the hood: bypassing antimalware tactics ...
Microsoft Ignite session: Look under the hood: bypassing antimalware tactics ...Paula Januszkiewicz
 
OpenStack - Security Professionals Information Exchange
OpenStack - Security Professionals Information ExchangeOpenStack - Security Professionals Information Exchange
OpenStack - Security Professionals Information ExchangeCybera Inc.
 
BlueHat v17 || Detecting Compromise on Windows Endpoints with Osquery
BlueHat v17 || Detecting Compromise on Windows Endpoints with Osquery BlueHat v17 || Detecting Compromise on Windows Endpoints with Osquery
BlueHat v17 || Detecting Compromise on Windows Endpoints with Osquery BlueHat Security Conference
 
key aggregate cryptosystem for scalable data sharing in cloud
key aggregate cryptosystem for scalable data sharing in cloudkey aggregate cryptosystem for scalable data sharing in cloud
key aggregate cryptosystem for scalable data sharing in cloudSravan Narra
 
Microsoft Azure Security Infographic
Microsoft Azure Security InfographicMicrosoft Azure Security Infographic
Microsoft Azure Security InfographicMicrosoft Azure
 
key-aggregate cryptosystem for scalable data sharing in cloud storage
key-aggregate cryptosystem for scalable data sharing in cloud storagekey-aggregate cryptosystem for scalable data sharing in cloud storage
key-aggregate cryptosystem for scalable data sharing in cloud storageswathi78
 
Equifax cyber attack contained by containers
Equifax cyber attack contained by containersEquifax cyber attack contained by containers
Equifax cyber attack contained by containersAqua Security
 
Key aggregate cryptosystem for scalable data sharing in cloud storage
Key aggregate cryptosystem for scalable data sharing in cloud storage Key aggregate cryptosystem for scalable data sharing in cloud storage
Key aggregate cryptosystem for scalable data sharing in cloud storage Adz91 Digital Ads Pvt Ltd
 
IoT-Shield: A Novel DDoS Detection Approach for IoT-Based Devices
IoT-Shield: A Novel DDoS Detection Approach for IoT-Based DevicesIoT-Shield: A Novel DDoS Detection Approach for IoT-Based Devices
IoT-Shield: A Novel DDoS Detection Approach for IoT-Based DevicesSaeidGhasemshirazi
 
Key aggregate cryptosystem for scalable data sharing in cloud storage
Key aggregate cryptosystem for scalable data sharing in cloud storageKey aggregate cryptosystem for scalable data sharing in cloud storage
Key aggregate cryptosystem for scalable data sharing in cloud storageMugesh Mukkandan
 
Strayer cis 333 entire course
Strayer cis 333 entire courseStrayer cis 333 entire course
Strayer cis 333 entire courseuopassignment
 
Oracle security 08-oracle network security
Oracle security 08-oracle network securityOracle security 08-oracle network security
Oracle security 08-oracle network securityZhaoyang Wang
 
Presentation-final
Presentation-finalPresentation-final
Presentation-finalTAPAN KUMER HALDER TOPU
 
PKI token as a secure mechanism of Keystone authentication system for OpenStack
PKI token as a secure mechanism of Keystone authentication system for OpenStackPKI token as a secure mechanism of Keystone authentication system for OpenStack
PKI token as a secure mechanism of Keystone authentication system for OpenStackshaerraezzaty
 
Presentation fyp1automationreplicationinopenstack
Presentation fyp1automationreplicationinopenstackPresentation fyp1automationreplicationinopenstack
Presentation fyp1automationreplicationinopenstackathiqah
 
Hybrid Cloud Approach for Secure Authorized Deduplication
Hybrid Cloud Approach for Secure Authorized DeduplicationHybrid Cloud Approach for Secure Authorized Deduplication
Hybrid Cloud Approach for Secure Authorized DeduplicationPrem Rao
 

More Related Content

What's hot

OpenStack: Security Beyond Firewalls
OpenStack: Security Beyond FirewallsOpenStack: Security Beyond Firewalls
OpenStack: Security Beyond FirewallsGiuseppe Paterno'
 
BlueHat v17 || Scaling Incident Response - 5 Keys to Successful Defense at S...
BlueHat v17 || Scaling Incident Response - 5 Keys to Successful Defense at S... BlueHat v17 || Scaling Incident Response - 5 Keys to Successful Defense at S...
BlueHat v17 || Scaling Incident Response - 5 Keys to Successful Defense at S...BlueHat Security Conference
 
Connection String Parameter Pollution Attacks
Connection String Parameter Pollution AttacksConnection String Parameter Pollution Attacks
Connection String Parameter Pollution AttacksChema Alonso
 
Secure Keystone Deployment
Secure Keystone DeploymentSecure Keystone Deployment
Secure Keystone DeploymentPriti Desai
 
key aggregate cryptosystem for scalable data sharing in cloud storage abstract
key aggregate cryptosystem for scalable data sharing in cloud storage abstractkey aggregate cryptosystem for scalable data sharing in cloud storage abstract
key aggregate cryptosystem for scalable data sharing in cloud storage abstractSanjana Yemajala
 
Microsoft Ignite session: Look under the hood: bypassing antimalware tactics ...
Microsoft Ignite session: Look under the hood: bypassing antimalware tactics ...Microsoft Ignite session: Look under the hood: bypassing antimalware tactics ...
Microsoft Ignite session: Look under the hood: bypassing antimalware tactics ...Paula Januszkiewicz
 
OpenStack - Security Professionals Information Exchange
OpenStack - Security Professionals Information ExchangeOpenStack - Security Professionals Information Exchange
OpenStack - Security Professionals Information ExchangeCybera Inc.
 
BlueHat v17 || Detecting Compromise on Windows Endpoints with Osquery
BlueHat v17 || Detecting Compromise on Windows Endpoints with Osquery BlueHat v17 || Detecting Compromise on Windows Endpoints with Osquery
BlueHat v17 || Detecting Compromise on Windows Endpoints with Osquery BlueHat Security Conference
 
key aggregate cryptosystem for scalable data sharing in cloud
key aggregate cryptosystem for scalable data sharing in cloudkey aggregate cryptosystem for scalable data sharing in cloud
key aggregate cryptosystem for scalable data sharing in cloudSravan Narra
 
Microsoft Azure Security Infographic
Microsoft Azure Security InfographicMicrosoft Azure Security Infographic
Microsoft Azure Security InfographicMicrosoft Azure
 
key-aggregate cryptosystem for scalable data sharing in cloud storage
key-aggregate cryptosystem for scalable data sharing in cloud storagekey-aggregate cryptosystem for scalable data sharing in cloud storage
key-aggregate cryptosystem for scalable data sharing in cloud storageswathi78
 
Equifax cyber attack contained by containers
Equifax cyber attack contained by containersEquifax cyber attack contained by containers
Equifax cyber attack contained by containersAqua Security
 
Key aggregate cryptosystem for scalable data sharing in cloud storage
Key aggregate cryptosystem for scalable data sharing in cloud storage Key aggregate cryptosystem for scalable data sharing in cloud storage
Key aggregate cryptosystem for scalable data sharing in cloud storage Adz91 Digital Ads Pvt Ltd
 
IoT-Shield: A Novel DDoS Detection Approach for IoT-Based Devices
IoT-Shield: A Novel DDoS Detection Approach for IoT-Based DevicesIoT-Shield: A Novel DDoS Detection Approach for IoT-Based Devices
IoT-Shield: A Novel DDoS Detection Approach for IoT-Based DevicesSaeidGhasemshirazi
 
Key aggregate cryptosystem for scalable data sharing in cloud storage
Key aggregate cryptosystem for scalable data sharing in cloud storageKey aggregate cryptosystem for scalable data sharing in cloud storage
Key aggregate cryptosystem for scalable data sharing in cloud storageMugesh Mukkandan
 
Strayer cis 333 entire course
Strayer cis 333 entire courseStrayer cis 333 entire course
Strayer cis 333 entire courseuopassignment
 
Oracle security 08-oracle network security
Oracle security 08-oracle network securityOracle security 08-oracle network security
Oracle security 08-oracle network securityZhaoyang Wang
 

What's hot (18)

OpenStack: Security Beyond Firewalls
OpenStack: Security Beyond FirewallsOpenStack: Security Beyond Firewalls
OpenStack: Security Beyond Firewalls
 
BlueHat v17 || Scaling Incident Response - 5 Keys to Successful Defense at S...
BlueHat v17 || Scaling Incident Response - 5 Keys to Successful Defense at S... BlueHat v17 || Scaling Incident Response - 5 Keys to Successful Defense at S...
BlueHat v17 || Scaling Incident Response - 5 Keys to Successful Defense at S...
 
Connection String Parameter Pollution Attacks
Connection String Parameter Pollution AttacksConnection String Parameter Pollution Attacks
Connection String Parameter Pollution Attacks
 
Injection flaw teaser
Injection flaw teaserInjection flaw teaser
Injection flaw teaser
 
Secure Keystone Deployment
Secure Keystone DeploymentSecure Keystone Deployment
Secure Keystone Deployment
 
key aggregate cryptosystem for scalable data sharing in cloud storage abstract
key aggregate cryptosystem for scalable data sharing in cloud storage abstractkey aggregate cryptosystem for scalable data sharing in cloud storage abstract
key aggregate cryptosystem for scalable data sharing in cloud storage abstract
 
Microsoft Ignite session: Look under the hood: bypassing antimalware tactics ...
Microsoft Ignite session: Look under the hood: bypassing antimalware tactics ...Microsoft Ignite session: Look under the hood: bypassing antimalware tactics ...
Microsoft Ignite session: Look under the hood: bypassing antimalware tactics ...
 
OpenStack - Security Professionals Information Exchange
OpenStack - Security Professionals Information ExchangeOpenStack - Security Professionals Information Exchange
OpenStack - Security Professionals Information Exchange
 
BlueHat v17 || Detecting Compromise on Windows Endpoints with Osquery
BlueHat v17 || Detecting Compromise on Windows Endpoints with Osquery BlueHat v17 || Detecting Compromise on Windows Endpoints with Osquery
BlueHat v17 || Detecting Compromise on Windows Endpoints with Osquery
 
key aggregate cryptosystem for scalable data sharing in cloud
key aggregate cryptosystem for scalable data sharing in cloudkey aggregate cryptosystem for scalable data sharing in cloud
key aggregate cryptosystem for scalable data sharing in cloud
 
Microsoft Azure Security Infographic
Microsoft Azure Security InfographicMicrosoft Azure Security Infographic
Microsoft Azure Security Infographic
 
key-aggregate cryptosystem for scalable data sharing in cloud storage
key-aggregate cryptosystem for scalable data sharing in cloud storagekey-aggregate cryptosystem for scalable data sharing in cloud storage
key-aggregate cryptosystem for scalable data sharing in cloud storage
 
Equifax cyber attack contained by containers
Equifax cyber attack contained by containersEquifax cyber attack contained by containers
Equifax cyber attack contained by containers
 
Key aggregate cryptosystem for scalable data sharing in cloud storage
Key aggregate cryptosystem for scalable data sharing in cloud storage Key aggregate cryptosystem for scalable data sharing in cloud storage
Key aggregate cryptosystem for scalable data sharing in cloud storage
 
IoT-Shield: A Novel DDoS Detection Approach for IoT-Based Devices
IoT-Shield: A Novel DDoS Detection Approach for IoT-Based DevicesIoT-Shield: A Novel DDoS Detection Approach for IoT-Based Devices
IoT-Shield: A Novel DDoS Detection Approach for IoT-Based Devices
 
Key aggregate cryptosystem for scalable data sharing in cloud storage
Key aggregate cryptosystem for scalable data sharing in cloud storageKey aggregate cryptosystem for scalable data sharing in cloud storage
Key aggregate cryptosystem for scalable data sharing in cloud storage
 
Strayer cis 333 entire course
Strayer cis 333 entire courseStrayer cis 333 entire course
Strayer cis 333 entire course
 
Oracle security 08-oracle network security
Oracle security 08-oracle network securityOracle security 08-oracle network security
Oracle security 08-oracle network security
 

Similar to Cloud_Security_Final

PKI token as a secure mechanism of Keystone authentication system for OpenStack
PKI token as a secure mechanism of Keystone authentication system for OpenStackPKI token as a secure mechanism of Keystone authentication system for OpenStack
PKI token as a secure mechanism of Keystone authentication system for OpenStackshaerraezzaty
 
Presentation fyp1automationreplicationinopenstack
Presentation fyp1automationreplicationinopenstackPresentation fyp1automationreplicationinopenstack
Presentation fyp1automationreplicationinopenstackathiqah
 
Hybrid Cloud Approach for Secure Authorized Deduplication
Hybrid Cloud Approach for Secure Authorized DeduplicationHybrid Cloud Approach for Secure Authorized Deduplication
Hybrid Cloud Approach for Secure Authorized DeduplicationPrem Rao
 
Secure Data Sharing in Cloud Computing Using Revocable-Storage Identity-Based...
Secure Data Sharing in Cloud Computing Using Revocable-Storage Identity-Based...Secure Data Sharing in Cloud Computing Using Revocable-Storage Identity-Based...
Secure Data Sharing in Cloud Computing Using Revocable-Storage Identity-Based...Yashwanth Reddy
 
Creating Secure Applications
Creating Secure Applications Creating Secure Applications
Creating Secure Applications guest879f38
 
Setting up your virtual infrastructure using FIWARE Lab Cloud
Setting up your virtual infrastructure using FIWARE Lab CloudSetting up your virtual infrastructure using FIWARE Lab Cloud
Setting up your virtual infrastructure using FIWARE Lab CloudFernando Lopez Aguilar
 
OpenStack Federated Cloud Services using API-Proxy and third party solutions
OpenStack Federated Cloud Services using API-Proxy and third party solutionsOpenStack Federated Cloud Services using API-Proxy and third party solutions
OpenStack Federated Cloud Services using API-Proxy and third party solutionsSudheendra Harwalkar
 
Intro to the FIWARE Lab
Intro to the FIWARE LabIntro to the FIWARE Lab
Intro to the FIWARE LabFIWARE
 
Getting started with open stack
Getting started with open stackGetting started with open stack
Getting started with open stackDan Radez
 
Cloudstack vs Openstack
Cloudstack vs OpenstackCloudstack vs Openstack
Cloudstack vs OpenstackHuzefa Husain
 
"OpenStack — more than just software". Tom Fifield, OpenStack
"OpenStack — more than just software". Tom Fifield, OpenStack"OpenStack — more than just software". Tom Fifield, OpenStack
"OpenStack — more than just software". Tom Fifield, OpenStackYandex
 
Learn OpenStack from trystack.cn
Learn OpenStack from trystack.cnLearn OpenStack from trystack.cn
Learn OpenStack from trystack.cnOpenCity Community
 
Setting up your virtual infrastructure using FIWARE Lab Cloud
Setting up your virtual infrastructure using FIWARE Lab CloudSetting up your virtual infrastructure using FIWARE Lab Cloud
Setting up your virtual infrastructure using FIWARE Lab CloudFernando Lopez Aguilar
 
What's New in Docker - February 2017
What's New in Docker - February 2017What's New in Docker - February 2017
What's New in Docker - February 2017Patrick Chanezon
 
System Design SpecificationsThere are various methods of pro.docx
System Design SpecificationsThere are various methods of pro.docxSystem Design SpecificationsThere are various methods of pro.docx
System Design SpecificationsThere are various methods of pro.docxdeanmtaylor1545
 
Cloud Reliability: Decreasing outage frequency using fault injection
Cloud Reliability: Decreasing outage frequency using fault injectionCloud Reliability: Decreasing outage frequency using fault injection
Cloud Reliability: Decreasing outage frequency using fault injectionJorge Cardoso
 
cloud computing preservity
cloud computing preservitycloud computing preservity
cloud computing preservitychennuruvishnu
 
Survey of open source cloud architectures
Survey of open source cloud architecturesSurvey of open source cloud architectures
Survey of open source cloud architecturesabhinav vedanbhatla
 
PROJECT REVIEW of technical vulnerability 1 (3).pptx
PROJECT REVIEW of technical vulnerability 1 (3).pptxPROJECT REVIEW of technical vulnerability 1 (3).pptx
PROJECT REVIEW of technical vulnerability 1 (3).pptxDHANUSH447825
 

Similar to Cloud_Security_Final (20)

Presentation-final
Presentation-finalPresentation-final
Presentation-final
 
PKI token as a secure mechanism of Keystone authentication system for OpenStack
PKI token as a secure mechanism of Keystone authentication system for OpenStackPKI token as a secure mechanism of Keystone authentication system for OpenStack
PKI token as a secure mechanism of Keystone authentication system for OpenStack
 
Presentation fyp1automationreplicationinopenstack
Presentation fyp1automationreplicationinopenstackPresentation fyp1automationreplicationinopenstack
Presentation fyp1automationreplicationinopenstack
 
Hybrid Cloud Approach for Secure Authorized Deduplication
Hybrid Cloud Approach for Secure Authorized DeduplicationHybrid Cloud Approach for Secure Authorized Deduplication
Hybrid Cloud Approach for Secure Authorized Deduplication
 
Secure Data Sharing in Cloud Computing Using Revocable-Storage Identity-Based...
Secure Data Sharing in Cloud Computing Using Revocable-Storage Identity-Based...Secure Data Sharing in Cloud Computing Using Revocable-Storage Identity-Based...
Secure Data Sharing in Cloud Computing Using Revocable-Storage Identity-Based...
 
Creating Secure Applications
Creating Secure Applications Creating Secure Applications
Creating Secure Applications
 
Setting up your virtual infrastructure using FIWARE Lab Cloud
Setting up your virtual infrastructure using FIWARE Lab CloudSetting up your virtual infrastructure using FIWARE Lab Cloud
Setting up your virtual infrastructure using FIWARE Lab Cloud
 
OpenStack Federated Cloud Services using API-Proxy and third party solutions
OpenStack Federated Cloud Services using API-Proxy and third party solutionsOpenStack Federated Cloud Services using API-Proxy and third party solutions
OpenStack Federated Cloud Services using API-Proxy and third party solutions
 
Intro to the FIWARE Lab
Intro to the FIWARE LabIntro to the FIWARE Lab
Intro to the FIWARE Lab
 
Getting started with open stack
Getting started with open stackGetting started with open stack
Getting started with open stack
 
Cloudstack vs Openstack
Cloudstack vs OpenstackCloudstack vs Openstack
Cloudstack vs Openstack
 
"OpenStack — more than just software". Tom Fifield, OpenStack
"OpenStack — more than just software". Tom Fifield, OpenStack"OpenStack — more than just software". Tom Fifield, OpenStack
"OpenStack — more than just software". Tom Fifield, OpenStack
 
Learn OpenStack from trystack.cn
Learn OpenStack from trystack.cnLearn OpenStack from trystack.cn
Learn OpenStack from trystack.cn
 
Setting up your virtual infrastructure using FIWARE Lab Cloud
Setting up your virtual infrastructure using FIWARE Lab CloudSetting up your virtual infrastructure using FIWARE Lab Cloud
Setting up your virtual infrastructure using FIWARE Lab Cloud
 
What's New in Docker - February 2017
What's New in Docker - February 2017What's New in Docker - February 2017
What's New in Docker - February 2017
 
System Design SpecificationsThere are various methods of pro.docx
System Design SpecificationsThere are various methods of pro.docxSystem Design SpecificationsThere are various methods of pro.docx
System Design SpecificationsThere are various methods of pro.docx
 
Cloud Reliability: Decreasing outage frequency using fault injection
Cloud Reliability: Decreasing outage frequency using fault injectionCloud Reliability: Decreasing outage frequency using fault injection
Cloud Reliability: Decreasing outage frequency using fault injection
 
cloud computing preservity
cloud computing preservitycloud computing preservity
cloud computing preservity
 
Survey of open source cloud architectures
Survey of open source cloud architecturesSurvey of open source cloud architectures
Survey of open source cloud architectures
 
PROJECT REVIEW of technical vulnerability 1 (3).pptx
PROJECT REVIEW of technical vulnerability 1 (3).pptxPROJECT REVIEW of technical vulnerability 1 (3).pptx
PROJECT REVIEW of technical vulnerability 1 (3).pptx
 

Cloud_Security_Final

  • 3. STEP 1 Ask Questions Key Questions: 1) What are the various techniques used to authenticate users to the cloud?  Why is cloud authentication the paramount component of cloud security? 2) How secure is authentication in the cloud?  Are there security issues in elements other than the cloud system (ex. physical security, databases, etc.) ? 3
  • 4.  Establish a research environment  OpenStack, open-source cloud software  Research authentication measures for the specified environment  Keystone, OpenStack’s authentication service  Horizon Dashboard, OpenStack’s graphical interface for administrators to manage cloud resources STEP 2 Research 4
  • 5. STEP 3 Threat Statement An attacker can obtain credentials of the cloud administrator through hacking and/or social engineering and use them to authenticate to a cloud and temporarily or permanently damage normal operations. 5
  • 8. STEP 6 Results Overview: Information in the captured session cookie revealed user credentials. Why? The credentials were insecure because by default, Horizon uses HTTP for web communications instead of the more secure HTTPS. 8
  • 9. STEP 7 Devising a Solution Problem Source: Use of HTTP Solution: Enable HTTPS for communications Avoiding similar problems in future:  Follow security guidelines  Properly configure new software  Regularly check existing software for vulnerabilities and apply patches 9
  • 10. Extra Content  Horizon  Logging  Nova Version  SSH  Image Provision  Devstack Directory 10
  • 11. 11 Shown here is the window used to login to the Horizon Dashboard.
  • 12. 12 The screenshot above shows the process used to enable logging in OpenStack.
  • 13. 13 Shown above is a command used to get the version number of OpenStack’s compute service, Nova.
  • 14. 14 This is an error encountered while using SSH to connect to an OpenStack instance. It is occurring because the key pair file used for security is not being accessed privately by the user who generated it.
  • 15. 15 Above is an image of the OpenStack Dashboard. It currently shows several images that can be launched as instances in the cloud.
  • 16. 16 Below is a screenshot from Ubuntu showing the main devstack directory.