CloudSec , don't forget Security in the Cloud !

2,677 views

Published on

My CloudSec Lightning talk at CloudCamp Antwerp

0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
2,677
On SlideShare
0
From Embeds
0
Number of Embeds
284
Actions
Shares
0
Downloads
45
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

CloudSec , don't forget Security in the Cloud !

  1. 1. CloudSec The real voyage of discovery consists in having new eyes . Marcel Proust
  2. 2. Kris Buytaert <ul><li>Senior Linux and Open Source Consultant @inuits.be
  3. 3. „ Infrastructure Architect“
  4. 4. Building Clouds since 2004
  5. 5. Surviving the 10 th floor test
  6. 6. Co-Author Virtualization with Xen
  7. 7. Guest Editor at Virtualization.com </li></ul>
  8. 8. The Cloud ? Cloud computing refers to the use of Internet (&quot;cloud&quot;) based computer technology for a variety of services. It is a style of computing in which dynamically scalable and often virtualised resources are provided as a service over the Internet. The concept incorporates software as a service (SaaS), Web 2.0 and other recent, well-known technology trends, in which the common theme is reliance on the Internet for satisfying the computing needs of the users.
  9. 9. SAAS <(>) Cloud PAAS <(>) Cloud IAAS > Cloud
  10. 10. Cloud and Open Source <ul><li>Xen
  11. 11. Enomalism
  12. 12. openQRM
  13. 13. OpenNebula
  14. 14. SnowFlock
  15. 15. Eucalyptus
  16. 16. ScalR </li></ul><ul><li>Python (Google AppEng)
  17. 17. Puppet
  18. 18. Chef
  19. 19. Hadoop
  20. 20. MemcacheD </li></ul>
  21. 21. Cloud and Open Source Imagine having to pay software licenses for machines that have only lived 1 hour. And 10000 of them each month
  22. 22. The Cloud in 2005 for host in `seq 1 10000` create_vhost { Create LVM partitions Chroot Rsync Configure }
  23. 23. CloudSec <ul><li>Deploying in an untrusted domain </li><ul><li>This is not your average DMZ
  24. 24. You don't even own the Vhost </li></ul><li>Cloud Datacenters Attrackt Attackers </li><ul><li>Identical Hypervisors => Only 1 exploit needed
  25. 25. Cloud Hijacking </li></ul><li>Pre and Post Deployment </li><ul><li>What was there and what stays behind ? </li></ul></ul>
  26. 26. What changed with Cloud ? <ul><li>Deployment Methods
  27. 27. Scale </li><ul><li>1 physical machine => MANY VM's
  28. 28. Deploy on demand </li></ul><li>The Network stack </li><ul><li>System vs Network vs Virtualization
  29. 29. Who's network is this anyhow ? </li></ul></ul>
  30. 30. What changed with Cloud ? Involvement of IT, or the lack thereof!
  31. 31. Flux and Scale <ul><li>Can Traditional HIDS follow the quick changing state of Hosts ?
  32. 32. My HA Clusters, are Active Passive, Active Active, or N+M too. Their state is in constant flux too
  33. 33. The role Config Management and Platform Automation grows every second. </li></ul>
  34. 34. Static Security was DEAD before Virtualization Cloud <ul><li>High Availability Clusters
  35. 35. VM Relocation
  36. 36. Live Migration
  37. 37. Rapid ReDeployment
  38. 38. Multiple Instances of a service </li></ul>
  39. 39. Image Sprawl, your update nightmare <ul><li>Image sprawl </li><ul><li>Copy VM, Deploy VM, Modify VM, Copy VM </li></ul><li>How do you patch 1 VM ?
  40. 40. Did you patch before or after that one was copied ?
  41. 41. How do you patch 100 VM's ?
  42. 42. What about machines that are offline ? </li></ul>
  43. 43. Image Sprawl, your update nightmare The biggest challenges we have in virtualization cloud are operational and organizational rather than technical. Christofer Hoff
  44. 44. For better nights <ul><li>Automate Deployment
  45. 45. Implement Configuration Management
  46. 46. Map Security management to Config Mgmt </li></ul><ul><li>Prepare to Survive the 10 th floor test ! </li></ul>
  47. 47. Security Advise <ul><li>Increase security as never before
  48. 48. Encrypt all inter Vhost traffic
  49. 49. FireWall as Never before
  50. 50. Don't store critical data in the cloud </li><ul><li>Use it for analytics
  51. 51. Workload offload
  52. 52. Volatile data </li></ul><li>Build your own Private Cloud </li></ul>
  53. 53. Security still isn't a product you can buy It's not even a process It's a lifestyle
  54. 54. ` Kris Buytaert < [email_address] > Further Reading http://www.krisbuytaert.be/blog/ http://www.inuits.be/ http://www.virtualization.com/ http://www.oreillygmt.com/ ? !
  55. 55. SaaSSec <ul><li>One Vendor
  56. 56. Full control over </li><ul><li>His application
  57. 57. His application stack </li></ul><li>Supposed to manage his platform in Secure Fashion
  58. 58. But do you TRUST him ? </li></ul>

×