Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Real Security in a Virtual Environment                          By Mattias Geniar                          System Engineer...
So ... Who am I?
My comfort zone.     root@mattias:~#
Not this.
Now what’s this about?
First: what is cloud computing?
Infrastructure-as-a-Service
Software-as-a-Service
Platform-as-a-Service
Hey dude, security?!
Preventing this cloud ...
From becoming this one.
Whatcha talking ‘bout fool?
Quote“Every security system that has ever been breached was once thought infallible.
It’s about layers. Many layers.
A secure location.
With sufficient power.
And cooling.
That is secure.
But that’s just the bottom layer.
Don’t forget this.
How virtual is ‘virtual’?
The heart: storage.
Seperate network.
But in a good way.
Should it be encrypted?
On your storage itself?
Or within your VM?
Key management.
Redundant storage. Good x 2.
RAIDs
Have backups. Lots of them.
The kidneys: connectivity.
Walls of fire.
Subnet exampleThis is you                    This is evil me IP: 10.0.0.100                IP: 10.0.0.105 Subnet: 255.255....
Firewall your firewall?
Secure connections.
Know what goes on.
Find intruders.
IDS & IPS
We like graphs. And IDS.
And boxes. With info.
Even when the cloud ‘moves’.
# diff ‘os-virt’ ‘hardware-virt’
Oh hai root. root@srv:~# hostname srv.domain.be root@srv:~# vzlist --all CTID NPROC STATUS IP_ADDR           HOSTNAME 101 ...
Who’s this?
Quote“The weakest link in any security system, is the person holding the information
Developers that care.
That don’t do stupid things.
With secure API’s.
And management.
No no. Real management.
Quote“Geeks don’t have interests. They have passions.
So. Layers you said?
Q&A
Thank you.                    root@mattias:~# logoutTwitter: @mattiasgeniar     www.nucleus.be   Mail: m@ttias.be
Real Security in a Virtual Environment
Upcoming SlideShare
Loading in …5
×

Real Security in a Virtual Environment

751 views

Published on

A general overview on the pitfalls in cloud security and everything that surrounds it.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Real Security in a Virtual Environment

  1. 1. Real Security in a Virtual Environment By Mattias Geniar System Engineer @Nucleus
  2. 2. So ... Who am I?
  3. 3. My comfort zone. root@mattias:~#
  4. 4. Not this.
  5. 5. Now what’s this about?
  6. 6. First: what is cloud computing?
  7. 7. Infrastructure-as-a-Service
  8. 8. Software-as-a-Service
  9. 9. Platform-as-a-Service
  10. 10. Hey dude, security?!
  11. 11. Preventing this cloud ...
  12. 12. From becoming this one.
  13. 13. Whatcha talking ‘bout fool?
  14. 14. Quote“Every security system that has ever been breached was once thought infallible.
  15. 15. It’s about layers. Many layers.
  16. 16. A secure location.
  17. 17. With sufficient power.
  18. 18. And cooling.
  19. 19. That is secure.
  20. 20. But that’s just the bottom layer.
  21. 21. Don’t forget this.
  22. 22. How virtual is ‘virtual’?
  23. 23. The heart: storage.
  24. 24. Seperate network.
  25. 25. But in a good way.
  26. 26. Should it be encrypted?
  27. 27. On your storage itself?
  28. 28. Or within your VM?
  29. 29. Key management.
  30. 30. Redundant storage. Good x 2.
  31. 31. RAIDs
  32. 32. Have backups. Lots of them.
  33. 33. The kidneys: connectivity.
  34. 34. Walls of fire.
  35. 35. Subnet exampleThis is you This is evil me IP: 10.0.0.100 IP: 10.0.0.105 Subnet: 255.255.255.0 Subnet: 255.255.255.0 Gateway: 10.0.0.1 Gateway: 10.0.0.1 The firewall: 10.0.0.1
  36. 36. Firewall your firewall?
  37. 37. Secure connections.
  38. 38. Know what goes on.
  39. 39. Find intruders.
  40. 40. IDS & IPS
  41. 41. We like graphs. And IDS.
  42. 42. And boxes. With info.
  43. 43. Even when the cloud ‘moves’.
  44. 44. # diff ‘os-virt’ ‘hardware-virt’
  45. 45. Oh hai root. root@srv:~# hostname srv.domain.be root@srv:~# vzlist --all CTID NPROC STATUS IP_ADDR HOSTNAME 101 74 running 10.0.2.1 topsecret-srv root@srv:~# vzctl enter 101 -bash-3.1# hostname topsecret-srv.domain.be -bash-3.1# id uid=0(root) gid=0(root)
  46. 46. Who’s this?
  47. 47. Quote“The weakest link in any security system, is the person holding the information
  48. 48. Developers that care.
  49. 49. That don’t do stupid things.
  50. 50. With secure API’s.
  51. 51. And management.
  52. 52. No no. Real management.
  53. 53. Quote“Geeks don’t have interests. They have passions.
  54. 54. So. Layers you said?
  55. 55. Q&A
  56. 56. Thank you. root@mattias:~# logoutTwitter: @mattiasgeniar www.nucleus.be Mail: m@ttias.be

×