CloudPassage Halo    Installfest                    1
Quick Intro•   Thanks for coming out!•   Enjoy the free food ☺•   Focus on security issues with IaaS cloud•   Interweave t...
Where Can I Get      These Slides?community.cloudpassage.com      CloudPassage Halo Installfest   3
Tonight’s Focus• Infrastructure as a Service (IaaS)  – Can apply to PaaS and SaaS from a    provider’s perspective• Mostly...
What You Need For The Labs• Laptop or tablet• Root equiv access to a Linux VM  – Local or public is fine  – Spin up now if...
Houston…We Have a Problem                 All network security benefits                 Lost in migration:                ...
Delineation of Responsibility             IaaS               PaaS SaaS               Interface           Interface        ...
What Are My Options?   CloudPassage Halo Installfest   8
Issues to Address• No firewall control• Vulnerability management• Provider image may not meet  corporate standards  – Conf...
Extending The LAN  Into The Cloud CloudPassage Halo Installfest   10
LAN Extended Challenges• Increases load on corporate link   – Today we’re mobile   – Limits public cloud scaling• Increase...
Virtual Appliance Management       CloudPassage Halo Installfest   12
Virtual Appliance Architecture       CloudPassage Halo Installfest   13
What About Introspection?• Hypervisor based security   – Has visibility into all VMs• Single point of control   – For a sp...
Host-Based Architecture                        Consistent architecture                        (and risk abatement)        ...
Why Host Based Firewalls?• Tenant controlled  – Provider gains no additional access• Mitigate potential risks from vswitch...
Why restrict Admin Ports?Dshield.org dataGreen = # of IPslooking for openSSH portsRed = # of IPs hitby SSH scan           ...
Halo Firewall InterfaceCloak the port till these users authenticate         CloudPassage Halo Installfest         18
Issues to Address• No firewall control• Vulnerability management• Provider image may not meet  corporate standards  – Conf...
Image Deployment• Provider images usually not patched• Some 3rd party images are pre-patched  – To the time of the images ...
Vulnerability Wire Testing• Some providers have restrictions  – May be limited by terms of service  – May be limited to sp...
Host Based Vulnerability            Checking• Validate compliances within the VM itself• Can check remote and local vulner...
Halo Software Risks  CloudPassage Halo Installfest   23
Issues to Address• No firewall control• Vulnerability management• Provider image may not meet corporate standards  – Confi...
Configuration Settings• Are only required processes running?    – Are they securely configured?•   Is password aging enfor...
Creating A Halo Check   CloudPassage Halo Installfest   26
Halo Check Results CloudPassage Halo Installfest   27
System Accounts• What accounts are on the system?• Did the provider modify the default  accounts?  – ec2-user• Which accou...
Halo Server Access CloudPassage Halo Installfest   29
Expanded Details CloudPassage Halo Installfest   30
Issues to Address• No firewall control• Vulnerability management• Provider image may not meet  corporate standards  – Conf...
Clues To An Attack•   Some file changes indicate a compromise•   Static Web server files•   /etc/passwd has new account•  ...
Define Files to Check   CloudPassage Halo Installfest   33
Halo FIM Reporting  CloudPassage Halo Installfest   34
Event ReportingCloudPassage Halo Installfest   35
Alert ReportingCloudPassage Halo Installfest   36
Lab TimeLet’s Install Halo!   CloudPassage Halo Installfest   37
Start Here toCreate an Account CloudPassage Halo Installfest   38
Upcoming SlideShare
Loading in …5
×

Halo Installfest Slides

876 views

Published on

Slides presented at CloudPassage Halo Installfest 03/28/12

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
876
On SlideShare
0
From Embeds
0
Number of Embeds
88
Actions
Shares
0
Downloads
10
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Halo Installfest Slides

  1. 1. CloudPassage Halo Installfest 1
  2. 2. Quick Intro• Thanks for coming out!• Enjoy the free food ☺• Focus on security issues with IaaS cloud• Interweave that with installing Halo• We’re here to help! – Ask questions – Staff will be handy if you need us – Any and all feedback greatly appreciated CloudPassage Halo Installfest 2
  3. 3. Where Can I Get These Slides?community.cloudpassage.com CloudPassage Halo Installfest 3
  4. 4. Tonight’s Focus• Infrastructure as a Service (IaaS) – Can apply to PaaS and SaaS from a provider’s perspective• Mostly geared to public cloud – Although applicable to private• Tenant security concerns – We’ll skip physical security CloudPassage Halo Installfest 4
  5. 5. What You Need For The Labs• Laptop or tablet• Root equiv access to a Linux VM – Local or public is fine – Spin up now if needed• Internet access – Wifi settings: As Posted CloudPassage Halo Installfest 5
  6. 6. Houston…We Have a Problem All network security benefits Lost in migration: • Firewall – Filter port level access • Firewall – Control rootkit transfer • Proxy – Control app level data • NIDS – Inspect stream for attacks • Sniffer – Audit trail of network traffic CloudPassage Halo Installfest 6
  7. 7. Delineation of Responsibility IaaS PaaS SaaS Interface Interface Interface Application Application Application Solution Stack Solution Stack Solution StackTenant Operating System Operating System Operating System Hypervisor Hypervisor HypervisorProvider Compute & Storage Compute & Storage Compute & Storage Network Network Network Facility Facility Facility CloudPassage Halo Installfest 7
  8. 8. What Are My Options? CloudPassage Halo Installfest 8
  9. 9. Issues to Address• No firewall control• Vulnerability management• Provider image may not meet corporate standards – Configuration settings – Accounts• Detect intrusions CloudPassage Halo Installfest 9
  10. 10. Extending The LAN Into The Cloud CloudPassage Halo Installfest 10
  11. 11. LAN Extended Challenges• Increases load on corporate link – Today we’re mobile – Limits public cloud scaling• Increase load on perimeter infrastructure• Negates network benefits – Provider load balancing – Multi-peer points – Geo-location DNS – Higher latency• No protection within virtual infrastructure CloudPassage Halo Installfest 11
  12. 12. Virtual Appliance Management CloudPassage Halo Installfest 12
  13. 13. Virtual Appliance Architecture CloudPassage Halo Installfest 13
  14. 14. What About Introspection?• Hypervisor based security – Has visibility into all VMs• Single point of control – For a specific hypervisor deployment• Public - Do you want other tenants to have access to your hypervisor?• Do you want your provider to have non- auditable access to your VMs?• Can break segregation of duties CloudPassage Halo Installfest 14
  15. 15. Host-Based Architecture Consistent architecture (and risk abatement) regardless of deployment CloudPassage Halo Installfest 15
  16. 16. Why Host Based Firewalls?• Tenant controlled – Provider gains no additional access• Mitigate potential risks from vswitch or VLANs• Supported across all cloud infrastructures – Consistent management regardless of deployment• Security Is portable with the VM• This is the model supported by Halo CloudPassage Halo Installfest 16
  17. 17. Why restrict Admin Ports?Dshield.org dataGreen = # of IPslooking for openSSH portsRed = # of IPs hitby SSH scan CloudPassage Halo Installfest 17
  18. 18. Halo Firewall InterfaceCloak the port till these users authenticate CloudPassage Halo Installfest 18
  19. 19. Issues to Address• No firewall control• Vulnerability management• Provider image may not meet corporate standards – Configuration settings – Accounts• Detect intrusions CloudPassage Halo Installfest 19
  20. 20. Image Deployment• Provider images usually not patched• Some 3rd party images are pre-patched – To the time of the images release – Which 3rd parties can you trust?• Auto-patching usually disabled• Some known vulnerabilities may not yet be patched – But it may be possible to mitigate risk is known CloudPassage Halo Installfest 20
  21. 21. Vulnerability Wire Testing• Some providers have restrictions – May be limited by terms of service – May be limited to specific products• Targeting concerns – What if your IP’s are not continuous? – What if the IP changes?• Does not detect local exploits CloudPassage Halo Installfest 21
  22. 22. Host Based Vulnerability Checking• Validate compliances within the VM itself• Can check remote and local vulnerabilities• Typically lower cost to deploy – Less billable utilization• Can false negative if patch not loaded – Kernel updates• This is the model Halo uses CloudPassage Halo Installfest 22
  23. 23. Halo Software Risks CloudPassage Halo Installfest 23
  24. 24. Issues to Address• No firewall control• Vulnerability management• Provider image may not meet corporate standards – Configuration settings – Accounts• Detect intrusions CloudPassage Halo Installfest 24
  25. 25. Configuration Settings• Are only required processes running? – Are they securely configured?• Is password aging enforced?• Is root permitted direct SSH access?• Proper permissions on critical files?• Is sudo or wheel properly configured?• Any changes since deployment? CloudPassage Halo Installfest 25
  26. 26. Creating A Halo Check CloudPassage Halo Installfest 26
  27. 27. Halo Check Results CloudPassage Halo Installfest 27
  28. 28. System Accounts• What accounts are on the system?• Did the provider modify the default accounts? – ec2-user• Which accounts have root level access?• Who has accounts on which servers?• How do you add/delete accounts for many servers simultaneously? CloudPassage Halo Installfest 28
  29. 29. Halo Server Access CloudPassage Halo Installfest 29
  30. 30. Expanded Details CloudPassage Halo Installfest 30
  31. 31. Issues to Address• No firewall control• Vulnerability management• Provider image may not meet corporate standards – Configuration settings – Accounts• Detect intrusions CloudPassage Halo Installfest 31
  32. 32. Clues To An Attack• Some file changes indicate a compromise• Static Web server files• /etc/passwd has new account• /etc/sudoers has new entries• ssh_known_hosts has new entries• authorized_keys has new entries• Halo uses SHA-256 to detect changes CloudPassage Halo Installfest 32
  33. 33. Define Files to Check CloudPassage Halo Installfest 33
  34. 34. Halo FIM Reporting CloudPassage Halo Installfest 34
  35. 35. Event ReportingCloudPassage Halo Installfest 35
  36. 36. Alert ReportingCloudPassage Halo Installfest 36
  37. 37. Lab TimeLet’s Install Halo! CloudPassage Halo Installfest 37
  38. 38. Start Here toCreate an Account CloudPassage Halo Installfest 38

×