Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Real Security in a Virtual Environment<br />By Mattias GeniarSystem Engineer @Nucleus<br />
  So ... Who am I?<br />Mattias Geniar576 𝑦𝑒𝑎𝑟𝑠 𝑜𝑙𝑑<br />System Engineer at Nucleus<br />(Cloud) Hosting provider<br />htt...
  My comfort zone.<br />root@mattias:~# <br />
  Not this.<br />
  Now what’s this about?<br />
  Preventing this cloud ...<br />
  From becoming this one.<br />
  Whatcha talking ‘bout fool?<br />
  Quote<br />“<br />Every security system that has<br />ever been breached was once<br />thought infallible.<br />
  It’s about layers. Many layers.<br />
  A secure location.<br />
  With sufficient power.<br />
  And cooling.<br />
  That is secure.<br />
  But that’s just the bottom layer.<br />
  Don’t forget this.<br />
  How virtual is ‘virtual’?<br />
  The heart: storage.<br />
  Seperate network.<br />
  But in a good way.<br />
  Should it be encrypted?<br />
  On your storage itself?<br />
  Key management.<br />
  Or within your VM?<br />
  Redundant storage. Good x 2.<br />
  RAIDs<br />
  Have backups. Lots of them.<br />
  The kidneys: connectivity.<br />
  Walls of fire.<br />
  Firewall your firewall?<br />
  Secure connections.<br />
  Know what goes on.<br />
  Find intruders.<br />
  IDS & IPS<br />
  We like graphs. And IDS.<br />
  And boxes. With info.<br />
  Even when the cloud ‘moves’.<br />
  # diff ‘os-virt’ ‘hardware-virt’<br />
  Oh hai root.<br />root@srv:~# hostname<br />srv.domain.be<br />root@srv:~# vzlist --all<br />CTID      NPROC   STATUS   ...
  Who’s this?<br />
  Quote<br />“<br />The weakest link in any security system, is the person holding <br />the information<br />
  Developers that care.<br />
  That don’t do stupid things.<br />
  With secure API’s.<br />
  And management.<br />
  No no. Real management.<br />
  Quote<br />“<br />Geeks don’t have interests.<br />They have passions.<br />
  So. Layers you said?<br />
 Q & A<br />
  Thank you.<br />root@mattias:~# logout<br />Twitter: @mattiasgeniar<br />www.nucleus.be<br />Mail: m@ttias.be<br />
Upcoming SlideShare
Loading in …5
×

Real security in a virtual environment - Infosecurity 2011

3,073 views

Published on

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Real security in a virtual environment - Infosecurity 2011

  1. 1. Real Security in a Virtual Environment<br />By Mattias GeniarSystem Engineer @Nucleus<br />
  2. 2. So ... Who am I?<br />Mattias Geniar576 𝑦𝑒𝑎𝑟𝑠 𝑜𝑙𝑑<br />System Engineer at Nucleus<br />(Cloud) Hosting provider<br />http://mattiasgeniar.be<br />@mattiasgeniar<br /> <br />
  3. 3. My comfort zone.<br />root@mattias:~# <br />
  4. 4. Not this.<br />
  5. 5. Now what’s this about?<br />
  6. 6. Preventing this cloud ...<br />
  7. 7. From becoming this one.<br />
  8. 8. Whatcha talking ‘bout fool?<br />
  9. 9. Quote<br />“<br />Every security system that has<br />ever been breached was once<br />thought infallible.<br />
  10. 10. It’s about layers. Many layers.<br />
  11. 11. A secure location.<br />
  12. 12. With sufficient power.<br />
  13. 13. And cooling.<br />
  14. 14. That is secure.<br />
  15. 15. But that’s just the bottom layer.<br />
  16. 16. Don’t forget this.<br />
  17. 17. How virtual is ‘virtual’?<br />
  18. 18. The heart: storage.<br />
  19. 19. Seperate network.<br />
  20. 20. But in a good way.<br />
  21. 21. Should it be encrypted?<br />
  22. 22. On your storage itself?<br />
  23. 23. Key management.<br />
  24. 24. Or within your VM?<br />
  25. 25. Redundant storage. Good x 2.<br />
  26. 26. RAIDs<br />
  27. 27. Have backups. Lots of them.<br />
  28. 28. The kidneys: connectivity.<br />
  29. 29. Walls of fire.<br />
  30. 30. Firewall your firewall?<br />
  31. 31. Secure connections.<br />
  32. 32. Know what goes on.<br />
  33. 33. Find intruders.<br />
  34. 34. IDS & IPS<br />
  35. 35. We like graphs. And IDS.<br />
  36. 36. And boxes. With info.<br />
  37. 37. Even when the cloud ‘moves’.<br />
  38. 38. # diff ‘os-virt’ ‘hardware-virt’<br />
  39. 39. Oh hai root.<br />root@srv:~# hostname<br />srv.domain.be<br />root@srv:~# vzlist --all<br />CTID NPROC STATUS IP_ADDR HOSTNAME <br />101 74 running 10.0.2.1 topsecret-srv<br />root@srv:~# vzctl enter 101<br />-bash-3.1# hostname<br />topsecret-srv.domain.be<br />-bash-3.1# id<br />uid=0(root) gid=0(root)<br />
  40. 40. Who’s this?<br />
  41. 41.
  42. 42. Quote<br />“<br />The weakest link in any security system, is the person holding <br />the information<br />
  43. 43. Developers that care.<br />
  44. 44. That don’t do stupid things.<br />
  45. 45. With secure API’s.<br />
  46. 46. And management.<br />
  47. 47. No no. Real management.<br />
  48. 48. Quote<br />“<br />Geeks don’t have interests.<br />They have passions.<br />
  49. 49. So. Layers you said?<br />
  50. 50. Q & A<br />
  51. 51. Thank you.<br />root@mattias:~# logout<br />Twitter: @mattiasgeniar<br />www.nucleus.be<br />Mail: m@ttias.be<br />

×