Security from the Ground             Up to the Cloud…      Esmaeil Sarabadani      Systems and Security Consultant      Re...
What will be covered…•   An overview on Public and Private Clouds    and their building blocks•   Cloud security concerns•...
What is the cloud?!! •   It’s nothing supernatural. •   It’s been with you for a     long time. •   It’s used for social  ...
Private Cloud                    Public Cloud•   Everything is hosted on     •   Everything is hosted by a    premise.    ...
Microsoft Public cloud vs. Private Cloud
Microsoft Cloud Building BlocksAuthN, AuthZ, Auditing                          Admin / Tenant Interfaces                  ...
Cloud Security Concerns               •   Protecting the virtualized                   environment               •   Data ...
Cloud Defense-in-Depth Approach  Layer                                 Defenses              •   Windows Security Model fo...
Data Isolation and Hypervisor                                    No Access    Root VM   Guest VM    Guest VM        Guest ...
Virtualization Architecture    Root Partition            Guest Partitions    Hypervisor:                                  ...
Data Isolation
Where is my data located?       Choose where to store your data …
The Location of Data
Network Security                                     Hackers How DDoS attacks are detected and stopped in Microsoft public...
Network Traffic Isolation • Hosts and VMs support   802.1Q (VLAN Tagging)    • Each assigned VLAN ID    • Enforced across ...
Network Traffic IsolationPublic/Private Cloud                              Hypervisor    Hypervisor     Hypervisor        ...
Network Traffic Isolation
Virtualization Security Benefits           •   Limits security exposure.           •       Isolation               Reduce ...
Q: Will I lose control ?!!
Q: Am I putting all my eggs in one basket?!!
Q: Will I lose ownership of my data?!!
Questions to ask before moving to cloud…                      •   Encryption                      •   Storage             ...
Cloud Audit Policies  • What data does my provider    log?  • Which logs do I have control    over?  • How long do provide...
Questions & Answers
ResourcesEmail: e.sarabadani@gmail.comBlog: http://esihere.wordpress.com/Twitter: http://www.twitter.com/esmaeilsUseful we...
Win Cool Prizes!!!   Complete the Tech Insights contests   and stand a chance to win many cool   prizes…   Look in your co...
We value your feedback!Please remember to complete theoverall conference evaluation form (inyour bag) and return it to the...
Tech insights 2011 SEA - Security from the Ground up to the Cloud
Upcoming SlideShare
Loading in …5
×

Tech insights 2011 SEA - Security from the Ground up to the Cloud

917 views

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
917
On SlideShare
0
From Embeds
0
Number of Embeds
285
Actions
Shares
0
Downloads
4
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • Presenters please use this slide to direct participants to websites, books, trials, product pages etc as a follow through to your presentation
  • Tech insights 2011 SEA - Security from the Ground up to the Cloud

    1. 1. Security from the Ground Up to the Cloud… Esmaeil Sarabadani Systems and Security Consultant Redynamics Asia Sdn. Bhd.
    2. 2. What will be covered…• An overview on Public and Private Clouds and their building blocks• Cloud security concerns• Cloud Defense-in-Depth approach• Security in the cloud virtualized environment• Data and network traffic isolation in the cloud• Control and ownership of the data in the cloud• Questions to ask before moving to the cloud
    3. 3. What is the cloud?!! • It’s nothing supernatural. • It’s been with you for a long time. • It’s used for social activities, entertainment, business and so more. • It brings more: • Availability • Reliability • Scalability • Affordability • Security
    4. 4. Private Cloud Public Cloud• Everything is hosted on • Everything is hosted by a premise. cloud service provider.• You will have to pay only • You will have to pay for once for the licenses and the cloud service you are the implementation. using.• Security and data • Security and data protection is all under protection is guaranteed. yourWhatever… responsibility. • You will have to follow• You will not have to the cloud service follow any cloud service providers’ policies. providers’ policies.
    5. 5. Microsoft Public cloud vs. Private Cloud
    6. 6. Microsoft Cloud Building BlocksAuthN, AuthZ, Auditing Admin / Tenant Interfaces System Center Virtual Machine Manager Hyper-V Based Hypervisor Compute / Network / Storage
    7. 7. Cloud Security Concerns • Protecting the virtualized environment • Data isolation • Firewall configuration • Complexity • Hypervisor security issues • The geographical location of data • Complicated audit and forensics
    8. 8. Cloud Defense-in-Depth Approach Layer Defenses • Windows Security Model for Access Control and Auditing Data • System Center Data Protection Manager for Data Availability • User Identification and AuthorizationApplication • Application-Layer Malware Protection • Host Boundaries Enforced by External Hypervisors Host • Host Malware Protection • VLAN and Packet Filters in Network Fabric Network • Host Firewall to Supplement & Integrate IPSec Isolation • Control Access to portals / Services using UAGPerimeter • Controlled Egress Filtering using TMG
    9. 9. Data Isolation and Hypervisor No Access Root VM Guest VM Guest VM Guest VM Hypervisor Physical Hardware
    10. 10. Virtualization Architecture Root Partition Guest Partitions Hypervisor: • Isolation Boundary between partitions. • Only 600 KB in size Virtualization Guest Stack Applications Root Partition:Ring 3 • Mediates all access to hypervisor • Server core minimizes attack Server Core surface Drivers VMBus Guest OS • ~50% less patching requiredRing 0 Kernel Guest Partitions:Ring -1 Hypervisor • Guests cannot interfere with Storage NIC CPU each other • Dedicated VMBUS Channel
    11. 11. Data Isolation
    12. 12. Where is my data located? Choose where to store your data …
    13. 13. The Location of Data
    14. 14. Network Security Hackers How DDoS attacks are detected and stopped in Microsoft public cloud network … VM VM VM VM VM VM VM VM VM Hypervisors Microsoft Public Cloud
    15. 15. Network Traffic Isolation • Hosts and VMs support 802.1Q (VLAN Tagging) • Each assigned VLAN ID • Enforced across network fabric • Firewalls permit inter- VLAN traffic as per policy • Isolates: • Host from guests • Mgmt. traffic from guest traffic
    16. 16. Network Traffic IsolationPublic/Private Cloud Hypervisor Hypervisor Hypervisor This is to prevent and stop the attacks coming from the inside and from the other VMs.
    17. 17. Network Traffic Isolation
    18. 18. Virtualization Security Benefits • Limits security exposure. • Isolation Reduce spread of risks. • Roll-Back Quickly recover from security breaches. • Abstraction Limited direct access to hardware. • Back-ups and disaster recovery. • Portability Can switch to standby VMs. • Ability to divide workloads. • Deployment Custom Guest OS security settings.
    19. 19. Q: Will I lose control ?!!
    20. 20. Q: Am I putting all my eggs in one basket?!!
    21. 21. Q: Will I lose ownership of my data?!!
    22. 22. Questions to ask before moving to cloud… • Encryption • Storage • Data transfer limits • Web access • File size limits • Auditing policies • Government involvement
    23. 23. Cloud Audit Policies • What data does my provider log? • Which logs do I have control over? • How long do providers keep logs? • What data does my provider give to me upon request? • Which Law Enforcement Agency has jurisdiction over my data?
    24. 24. Questions & Answers
    25. 25. ResourcesEmail: e.sarabadani@gmail.comBlog: http://esihere.wordpress.com/Twitter: http://www.twitter.com/esmaeilsUseful websites:http://technet.microsoft.com/http://www.insecuremag.com/http://technet.microsoft.com/en-us/edge/ff524488
    26. 26. Win Cool Prizes!!! Complete the Tech Insights contests and stand a chance to win many cool prizes… Look in your conference bags NOW!!
    27. 27. We value your feedback!Please remember to complete theoverall conference evaluation form (inyour bag) and return it to theRegistration Counter on the last day inreturn for a Limited Edition Gift

    ×