SlideShare a Scribd company logo

Dont break the glass

Download as PPTX, PDF
John Kinsella
John Kinsella

My talk on working with the CloudStack Database for data recovery and unintended manipulation. From CloudStack Collaboration Conference North America 2014

TechnologyBusiness
1 of 20
Don’t Break the Glass! In case of emergency…
Intro • Apache CloudStack committer, PMC member • Security Guy • Founder of Stratosec • …hacker, reverse-engineer • @johnlkinsella, #CCCNA14
Goal Provide bread crumbs for you to gain expertise on CloudStack’s data model so you can react quickly in an emergency situation.
TOC • What Should Production Look Like? • My Nightmare • My response • How to prepare • How we’re trying to make things better • Homework
What Should Production Look Like? • Briefly: – Redundant management servers – Redundant databases – Redundant storage (primary and secondary) – Redundant infrastructure – Data backups – encrypted – Pro tip: store backups outside CloudStack.
One Painful February Day… • Made a change in control panel prior to giving customer access • Control panel interpreted this as “Delete the Customer.” • More precisely: “Delete the Customer, VMs and all storage. Now.”
Wait, What?? • Took about 15 seconds to realize what happened • Looking in CloudStack Management UI, saw VM shutting down, then being expunged.
Periodic Table…
Emergency Steps • Shut down ACS management server immediately • Fire up your favorite SQL tool (I recommend Squirrel SQL)
With your Data Recovery Shrine of Choice Immediately Establish Contact Establish Contact With Data Shrine
Know how CloudStack Works • Steps to delete a VM: – Shut down – Destroy – Expunge volumes – Expunge VM
The “SQL API” • DB Tables: – vm_instance – volumes – nics – user – account • Common Fields: • account_id • instance_id • created/updated/removed • state • removed BACK UP DB BEFORE MAKING CHANGES!
Actual SQL
Make change in SQL.
Bonus: changing VM’s IPUPDATE user_ip_address SET allocated=(SELECT allocated FROM (SELECT allocated, public_ip_address FROM user_ip_address) AS oldip WHERE public_ip_address='184.172.14.194') WHERE public_ip_address='184.172.14.193'; UPDATE user_ip_address SET account_id=(SELECT account_id FROM (SELECT account_id, public_ip_address FROM user_ip_address) AS oldip WHERE public_ip_address='184.172.14.194') WHERE public_ip_address='184.172.14.193'; UPDATE user_ip_address SET domain_id=(SELECT domain_id FROM (SELECT allocated, public_ip_address FROM user_ip_address) AS oldip WHERE public_ip_address='184.172.14.194') WHERE public_ip_address='184.172.14.193'; UPDATE user_ip_address SET state='Allocated' WHERE public_ip_address='184.172.14.193'; UPDATE user_ip_address SET network_id=(SELECT network_id FROM (SELECT network_id, public_ip_address FROM user_ip_address) AS oldip WHERE public_ip_address='184.172.14.194') WHERE public_ip_address='184.172.14.193'; UPDATE nics SET ip4_address='184.172.14.193' WHERE instance_id=1797; UPDATE vm_instance SET private_ip_address='184.172.14.193' WHERE instance_name='i-2-1797- VM';
Move VM between accounts UPDATE user_ip_address SET account_id=10 WHERE id=29; UPDATE user_ip_address SET domain_id=8 WHERE id=29; UPDATE user_ip_address SET network_id=217 WHERE id=29; UPDATE vm_network_map SET network_id=217 WHERE vm_id=144; UPDATE vm_instance SET domain_id=8 WHERE id=29; UPDATE op_networks SET nics_count=nics_count+1 WHERE id=217; UPDATE op_networks SET mac_address_seq=mac_address_seq+1 WHERE id=217; UPDATE nics SET broadcast_uri='vlan://230' WHERE id=179; UPDATE nics SET network_id=217 WHERE id=179; UPDATE nics SET isolation_uri='vlan://230' WHERE id=179; UPDATE firewall_rules SET account_id=10 WHERE ip_address_id=29; UPDATE firewall_rules SET domain_id=8 WHERE ip_address_id=29; UPDATE firewall_rules SET network_id=217 WHERE ip_address_id=29;
How you can prepare • Create written cloud policy, audit production to match • Test your backups • Become familiar with CloudStack internals • Do you really need frequent data expunge processes?
Next: Production Lock • Feature: Allow our customers to ensure that no automations will modify or delete their compute or storage instances – Working for VM – Adding for storage, networks – Need to add to UI
Homework • Pick a user VM in your Cloud. Via the database: – Find the VM instance record – Find the VM’s nics in the database – Find the VM’s storage in the database – Try deleting a VM via normal means, then before expunge, restore via SQL
kthxbye! • http://cloudstack.apache.org jlk@stratosec.co @johnlkinsella http://theresnomon.co

Recommended

Ansible modules 101
Ansible modules 101Ansible modules 101
Ansible modules 101
Rainer Schuettengruber
 
Troubleshooting MySQL Performance
Troubleshooting MySQL PerformanceTroubleshooting MySQL Performance
Troubleshooting MySQL Performance
Sveta Smirnova
 
Execute sql query or sql command sql server using command prompt
Execute sql query or sql command sql server using command promptExecute sql query or sql command sql server using command prompt
Execute sql query or sql command sql server using command prompt
Ikhwan Krisnadi
 
New features in Performance Schema 5.7 in action
New features in Performance Schema 5.7 in actionNew features in Performance Schema 5.7 in action
New features in Performance Schema 5.7 in action
Sveta Smirnova
 
Remove php calls and scale your site like crazy !
Remove php calls and scale your site like crazy !Remove php calls and scale your site like crazy !
Remove php calls and scale your site like crazy !
Wim Godden
 
Troubleshooting MySQL Performance
Troubleshooting MySQL PerformanceTroubleshooting MySQL Performance
Troubleshooting MySQL Performance
Sveta Smirnova
 
Pycon 2012 Apache Cassandra
Pycon 2012 Apache CassandraPycon 2012 Apache Cassandra
Pycon 2012 Apache Cassandra
jeremiahdjordan
 
When dynamic becomes static: the next step in web caching techniques
When dynamic becomes static: the next step in web caching techniquesWhen dynamic becomes static: the next step in web caching techniques
When dynamic becomes static: the next step in web caching techniques
Wim Godden
 

Recommended

Ansible modules 101
Ansible modules 101Ansible modules 101
Ansible modules 101
Rainer Schuettengruber
 
Troubleshooting MySQL Performance
Troubleshooting MySQL PerformanceTroubleshooting MySQL Performance
Troubleshooting MySQL Performance
Sveta Smirnova
 
Execute sql query or sql command sql server using command prompt
Execute sql query or sql command sql server using command promptExecute sql query or sql command sql server using command prompt
Execute sql query or sql command sql server using command prompt
Ikhwan Krisnadi
 
New features in Performance Schema 5.7 in action
New features in Performance Schema 5.7 in actionNew features in Performance Schema 5.7 in action
New features in Performance Schema 5.7 in action
Sveta Smirnova
 
Remove php calls and scale your site like crazy !
Remove php calls and scale your site like crazy !Remove php calls and scale your site like crazy !
Remove php calls and scale your site like crazy !
Wim Godden
 
Troubleshooting MySQL Performance
Troubleshooting MySQL PerformanceTroubleshooting MySQL Performance
Troubleshooting MySQL Performance
Sveta Smirnova
 
Pycon 2012 Apache Cassandra
Pycon 2012 Apache CassandraPycon 2012 Apache Cassandra
Pycon 2012 Apache Cassandra
jeremiahdjordan
 
When dynamic becomes static: the next step in web caching techniques
When dynamic becomes static: the next step in web caching techniquesWhen dynamic becomes static: the next step in web caching techniques
When dynamic becomes static: the next step in web caching techniques
Wim Godden
 
How To Check and Delete a File via PowerShell
How To Check and Delete a File via PowerShellHow To Check and Delete a File via PowerShell
How To Check and Delete a File via PowerShell
VCP Muthukrishna
 
Flexviews materialized views for my sql
Flexviews materialized views for my sqlFlexviews materialized views for my sql
Flexviews materialized views for my sql
Justin Swanhart
 
DataStax NYC Java Meetup: Cassandra with Java
DataStax NYC Java Meetup: Cassandra with JavaDataStax NYC Java Meetup: Cassandra with Java
DataStax NYC Java Meetup: Cassandra with Java
carolinedatastax
 
CKAN 2.2 Installation
CKAN 2.2 InstallationCKAN 2.2 Installation
CKAN 2.2 Installation
Chun Cheng Lin
 
MySQL > YourSQL
MySQL > YourSQLMySQL > YourSQL
MySQL > YourSQL
cafuego
 
MySQL Performance Schema in Action
MySQL Performance Schema in ActionMySQL Performance Schema in Action
MySQL Performance Schema in Action
Sveta Smirnova
 
Why Use EXPLAIN FORMAT=JSON?
Why Use EXPLAIN FORMAT=JSON? Why Use EXPLAIN FORMAT=JSON?
Why Use EXPLAIN FORMAT=JSON?
Sveta Smirnova
 
Summary tables with flexviews
Summary tables with flexviewsSummary tables with flexviews
Summary tables with flexviews
Justin Swanhart
 
Odv oracle customer_demo
Odv oracle customer_demoOdv oracle customer_demo
Odv oracle customer_demo
Viaggio Italia
 
iCloud keychain
iCloud keychainiCloud keychain
iCloud keychain
Alexey Troshichev
 
Highload Perf Tuning
Highload Perf TuningHighload Perf Tuning
Highload Perf Tuning
HighLoad2009
 
DBA Commands and Concepts That Every Developer Should Know - Part 2
DBA Commands and Concepts That Every Developer Should Know - Part 2DBA Commands and Concepts That Every Developer Should Know - Part 2
DBA Commands and Concepts That Every Developer Should Know - Part 2
Alex Zaballa
 
Moving to the NoSQL side: MySQL JSON functions
Moving to the NoSQL side: MySQL JSON functions Moving to the NoSQL side: MySQL JSON functions
Moving to the NoSQL side: MySQL JSON functions
Sveta Smirnova
 
Oracle performance tuning
Oracle performance tuningOracle performance tuning
Oracle performance tuning
vksgarg
 
New features in Performance Schema 5.7 in action
New features in Performance Schema 5.7 in actionNew features in Performance Schema 5.7 in action
New features in Performance Schema 5.7 in action
Sveta Smirnova
 
Performance Schema for MySQL troubleshooting
Performance Schema for MySQL troubleshootingPerformance Schema for MySQL troubleshooting
Performance Schema for MySQL troubleshooting
Sveta Smirnova
 
11thingsabout11g 12659705398222 Phpapp01
11thingsabout11g 12659705398222 Phpapp0111thingsabout11g 12659705398222 Phpapp01
11thingsabout11g 12659705398222 Phpapp01
Karam Abuataya
 
11 Things About11g
11 Things About11g11 Things About11g
11 Things About11g
fcamachob
 
Migrate database to Exadata using RMAN duplicate
Migrate database to Exadata using RMAN duplicateMigrate database to Exadata using RMAN duplicate
Migrate database to Exadata using RMAN duplicate
Umair Mansoob
 
LVOUG meetup #4 - Case Study 10g to 11g
LVOUG meetup #4 - Case Study 10g to 11gLVOUG meetup #4 - Case Study 10g to 11g
LVOUG meetup #4 - Case Study 10g to 11g
Maris Elsins
 
Short Intro to PHP and MySQL
Short Intro to PHP and MySQLShort Intro to PHP and MySQL
Short Intro to PHP and MySQL
Jussi Pohjolainen
 
Développer avec un Simple Object Mapping Toolkit pour SQL Server
Développer avec un Simple Object Mapping Toolkit pour SQL ServerDévelopper avec un Simple Object Mapping Toolkit pour SQL Server
Développer avec un Simple Object Mapping Toolkit pour SQL Server
Denis Voituron
 

More Related Content

What's hot

How To Check and Delete a File via PowerShell
How To Check and Delete a File via PowerShellHow To Check and Delete a File via PowerShell
How To Check and Delete a File via PowerShell
VCP Muthukrishna
 
Flexviews materialized views for my sql
Flexviews materialized views for my sqlFlexviews materialized views for my sql
Flexviews materialized views for my sql
Justin Swanhart
 
DataStax NYC Java Meetup: Cassandra with Java
DataStax NYC Java Meetup: Cassandra with JavaDataStax NYC Java Meetup: Cassandra with Java
DataStax NYC Java Meetup: Cassandra with Java
carolinedatastax
 
CKAN 2.2 Installation
CKAN 2.2 InstallationCKAN 2.2 Installation
CKAN 2.2 Installation
Chun Cheng Lin
 
MySQL > YourSQL
MySQL > YourSQLMySQL > YourSQL
MySQL > YourSQL
cafuego
 
MySQL Performance Schema in Action
MySQL Performance Schema in ActionMySQL Performance Schema in Action
MySQL Performance Schema in Action
Sveta Smirnova
 
Why Use EXPLAIN FORMAT=JSON?
Why Use EXPLAIN FORMAT=JSON? Why Use EXPLAIN FORMAT=JSON?
Why Use EXPLAIN FORMAT=JSON?
Sveta Smirnova
 
Summary tables with flexviews
Summary tables with flexviewsSummary tables with flexviews
Summary tables with flexviews
Justin Swanhart
 
Odv oracle customer_demo
Odv oracle customer_demoOdv oracle customer_demo
Odv oracle customer_demo
Viaggio Italia
 
iCloud keychain
iCloud keychainiCloud keychain
iCloud keychain
Alexey Troshichev
 
Highload Perf Tuning
Highload Perf TuningHighload Perf Tuning
Highload Perf Tuning
HighLoad2009
 
DBA Commands and Concepts That Every Developer Should Know - Part 2
DBA Commands and Concepts That Every Developer Should Know - Part 2DBA Commands and Concepts That Every Developer Should Know - Part 2
DBA Commands and Concepts That Every Developer Should Know - Part 2
Alex Zaballa
 
Moving to the NoSQL side: MySQL JSON functions
Moving to the NoSQL side: MySQL JSON functions Moving to the NoSQL side: MySQL JSON functions
Moving to the NoSQL side: MySQL JSON functions
Sveta Smirnova
 
Oracle performance tuning
Oracle performance tuningOracle performance tuning
Oracle performance tuning
vksgarg
 
New features in Performance Schema 5.7 in action
New features in Performance Schema 5.7 in actionNew features in Performance Schema 5.7 in action
New features in Performance Schema 5.7 in action
Sveta Smirnova
 
Performance Schema for MySQL troubleshooting
Performance Schema for MySQL troubleshootingPerformance Schema for MySQL troubleshooting
Performance Schema for MySQL troubleshooting
Sveta Smirnova
 

What's hot (16)

How To Check and Delete a File via PowerShell
How To Check and Delete a File via PowerShellHow To Check and Delete a File via PowerShell
How To Check and Delete a File via PowerShell
 
Flexviews materialized views for my sql
Flexviews materialized views for my sqlFlexviews materialized views for my sql
Flexviews materialized views for my sql
 
DataStax NYC Java Meetup: Cassandra with Java
DataStax NYC Java Meetup: Cassandra with JavaDataStax NYC Java Meetup: Cassandra with Java
DataStax NYC Java Meetup: Cassandra with Java
 
CKAN 2.2 Installation
CKAN 2.2 InstallationCKAN 2.2 Installation
CKAN 2.2 Installation
 
MySQL > YourSQL
MySQL > YourSQLMySQL > YourSQL
MySQL > YourSQL
 
MySQL Performance Schema in Action
MySQL Performance Schema in ActionMySQL Performance Schema in Action
MySQL Performance Schema in Action
 
Why Use EXPLAIN FORMAT=JSON?
Why Use EXPLAIN FORMAT=JSON? Why Use EXPLAIN FORMAT=JSON?
Why Use EXPLAIN FORMAT=JSON?
 
Summary tables with flexviews
Summary tables with flexviewsSummary tables with flexviews
Summary tables with flexviews
 
Odv oracle customer_demo
Odv oracle customer_demoOdv oracle customer_demo
Odv oracle customer_demo
 
iCloud keychain
iCloud keychainiCloud keychain
iCloud keychain
 
Highload Perf Tuning
Highload Perf TuningHighload Perf Tuning
Highload Perf Tuning
 
DBA Commands and Concepts That Every Developer Should Know - Part 2
DBA Commands and Concepts That Every Developer Should Know - Part 2DBA Commands and Concepts That Every Developer Should Know - Part 2
DBA Commands and Concepts That Every Developer Should Know - Part 2
 
Moving to the NoSQL side: MySQL JSON functions
Moving to the NoSQL side: MySQL JSON functions Moving to the NoSQL side: MySQL JSON functions
Moving to the NoSQL side: MySQL JSON functions
 
Oracle performance tuning
Oracle performance tuningOracle performance tuning
Oracle performance tuning
 
New features in Performance Schema 5.7 in action
New features in Performance Schema 5.7 in actionNew features in Performance Schema 5.7 in action
New features in Performance Schema 5.7 in action
 
Performance Schema for MySQL troubleshooting
Performance Schema for MySQL troubleshootingPerformance Schema for MySQL troubleshooting
Performance Schema for MySQL troubleshooting
 

Similar to Dont break the glass

11thingsabout11g 12659705398222 Phpapp01
11thingsabout11g 12659705398222 Phpapp0111thingsabout11g 12659705398222 Phpapp01
11thingsabout11g 12659705398222 Phpapp01
Karam Abuataya
 
11 Things About11g
11 Things About11g11 Things About11g
11 Things About11g
fcamachob
 
Migrate database to Exadata using RMAN duplicate
Migrate database to Exadata using RMAN duplicateMigrate database to Exadata using RMAN duplicate
Migrate database to Exadata using RMAN duplicate
Umair Mansoob
 
LVOUG meetup #4 - Case Study 10g to 11g
LVOUG meetup #4 - Case Study 10g to 11gLVOUG meetup #4 - Case Study 10g to 11g
LVOUG meetup #4 - Case Study 10g to 11g
Maris Elsins
 
Short Intro to PHP and MySQL
Short Intro to PHP and MySQLShort Intro to PHP and MySQL
Short Intro to PHP and MySQL
Jussi Pohjolainen
 
Développer avec un Simple Object Mapping Toolkit pour SQL Server
Développer avec un Simple Object Mapping Toolkit pour SQL ServerDévelopper avec un Simple Object Mapping Toolkit pour SQL Server
Développer avec un Simple Object Mapping Toolkit pour SQL Server
Denis Voituron
 
Trouble shooting apachecloudstack
Trouble shooting apachecloudstackTrouble shooting apachecloudstack
Trouble shooting apachecloudstack
Sailaja Sunil
 
DNN Database Tips & Tricks
DNN Database Tips & TricksDNN Database Tips & Tricks
DNN Database Tips & Tricks
Will Strohl
 
OpenWorld Sep14 12c for_developers
OpenWorld Sep14 12c for_developersOpenWorld Sep14 12c for_developers
OpenWorld Sep14 12c for_developers
Connor McDonald
 
How the world gets its weather
How the world gets its weather How the world gets its weather
How the world gets its weather
Ravi Yadav
 
Formal Verification of Web Service Interaction Contracts
Formal Verification of Web Service Interaction ContractsFormal Verification of Web Service Interaction Contracts
Formal Verification of Web Service Interaction Contracts
Gera Shegalov
 
Proof of Concept with Real Application Testing 12c
Proof of Concept with Real Application Testing 12cProof of Concept with Real Application Testing 12c
Proof of Concept with Real Application Testing 12c
Luis Marques
 
Results cache
Results cacheResults cache
Results cache
Sage Computing Services
 
4Developers 2015: CQRS - Prosta architektura dla nieprostego systemu! - Mateu...
4Developers 2015: CQRS - Prosta architektura dla nieprostego systemu! - Mateu...4Developers 2015: CQRS - Prosta architektura dla nieprostego systemu! - Mateu...
4Developers 2015: CQRS - Prosta architektura dla nieprostego systemu! - Mateu...
PROIDEA
 
MySQL 8.0.18 - New Features Summary
MySQL 8.0.18 - New Features SummaryMySQL 8.0.18 - New Features Summary
MySQL 8.0.18 - New Features Summary
Olivier DASINI
 
Oracle 12c Automatic Data Optimization (ADO) - ILM
Oracle 12c Automatic Data Optimization (ADO) - ILMOracle 12c Automatic Data Optimization (ADO) - ILM
Oracle 12c Automatic Data Optimization (ADO) - ILM
Monowar Mukul
 
Owasp Indy Q2 2012 Advanced SQLi
Owasp Indy Q2 2012 Advanced SQLiOwasp Indy Q2 2012 Advanced SQLi
Owasp Indy Q2 2012 Advanced SQLi
owaspindy
 
smartdc by Ruby
smartdc by Rubysmartdc by Ruby
smartdc by Ruby
ogom_
 
Osol Pgsql
Osol PgsqlOsol Pgsql
Osol Pgsql
Emanuel Calvo
 
Optimizing applications and database performance
Optimizing applications and database performanceOptimizing applications and database performance
Optimizing applications and database performance
Inam Bukhary
 

Similar to Dont break the glass (20)

11thingsabout11g 12659705398222 Phpapp01
11thingsabout11g 12659705398222 Phpapp0111thingsabout11g 12659705398222 Phpapp01
11thingsabout11g 12659705398222 Phpapp01
 
11 Things About11g
11 Things About11g11 Things About11g
11 Things About11g
 
Migrate database to Exadata using RMAN duplicate
Migrate database to Exadata using RMAN duplicateMigrate database to Exadata using RMAN duplicate
Migrate database to Exadata using RMAN duplicate
 
LVOUG meetup #4 - Case Study 10g to 11g
LVOUG meetup #4 - Case Study 10g to 11gLVOUG meetup #4 - Case Study 10g to 11g
LVOUG meetup #4 - Case Study 10g to 11g
 
Short Intro to PHP and MySQL
Short Intro to PHP and MySQLShort Intro to PHP and MySQL
Short Intro to PHP and MySQL
 
Développer avec un Simple Object Mapping Toolkit pour SQL Server
Développer avec un Simple Object Mapping Toolkit pour SQL ServerDévelopper avec un Simple Object Mapping Toolkit pour SQL Server
Développer avec un Simple Object Mapping Toolkit pour SQL Server
 
Trouble shooting apachecloudstack
Trouble shooting apachecloudstackTrouble shooting apachecloudstack
Trouble shooting apachecloudstack
 
DNN Database Tips & Tricks
DNN Database Tips & TricksDNN Database Tips & Tricks
DNN Database Tips & Tricks
 
OpenWorld Sep14 12c for_developers
OpenWorld Sep14 12c for_developersOpenWorld Sep14 12c for_developers
OpenWorld Sep14 12c for_developers
 
How the world gets its weather
How the world gets its weather How the world gets its weather
How the world gets its weather
 
Formal Verification of Web Service Interaction Contracts
Formal Verification of Web Service Interaction ContractsFormal Verification of Web Service Interaction Contracts
Formal Verification of Web Service Interaction Contracts
 
Proof of Concept with Real Application Testing 12c
Proof of Concept with Real Application Testing 12cProof of Concept with Real Application Testing 12c
Proof of Concept with Real Application Testing 12c
 
Results cache
Results cacheResults cache
Results cache
 
4Developers 2015: CQRS - Prosta architektura dla nieprostego systemu! - Mateu...
4Developers 2015: CQRS - Prosta architektura dla nieprostego systemu! - Mateu...4Developers 2015: CQRS - Prosta architektura dla nieprostego systemu! - Mateu...
4Developers 2015: CQRS - Prosta architektura dla nieprostego systemu! - Mateu...
 
MySQL 8.0.18 - New Features Summary
MySQL 8.0.18 - New Features SummaryMySQL 8.0.18 - New Features Summary
MySQL 8.0.18 - New Features Summary
 
Oracle 12c Automatic Data Optimization (ADO) - ILM
Oracle 12c Automatic Data Optimization (ADO) - ILMOracle 12c Automatic Data Optimization (ADO) - ILM
Oracle 12c Automatic Data Optimization (ADO) - ILM
 
Owasp Indy Q2 2012 Advanced SQLi
Owasp Indy Q2 2012 Advanced SQLiOwasp Indy Q2 2012 Advanced SQLi
Owasp Indy Q2 2012 Advanced SQLi
 
smartdc by Ruby
smartdc by Rubysmartdc by Ruby
smartdc by Ruby
 
Osol Pgsql
Osol PgsqlOsol Pgsql
Osol Pgsql
 
Optimizing applications and database performance
Optimizing applications and database performanceOptimizing applications and database performance
Optimizing applications and database performance
 

More from John Kinsella

Removing the Burden of Securing Microservices Through Automation and Visibility
Removing the Burden of Securing Microservices Through Automation and VisibilityRemoving the Burden of Securing Microservices Through Automation and Visibility
Removing the Burden of Securing Microservices Through Automation and Visibility
John Kinsella
 
2019 Infosec World Keynote
2019 Infosec World Keynote2019 Infosec World Keynote
2019 Infosec World Keynote
John Kinsella
 
An In-depth look at application containers
An In-depth look at application containersAn In-depth look at application containers
An In-depth look at application containers
John Kinsella
 
Understanding container security
Understanding container securityUnderstanding container security
Understanding container security
John Kinsella
 
Docker security configuration
Docker security configurationDocker security configuration
Docker security configuration
John Kinsella
 
A (fun!) Comparison of Docker Vulnerability Scanners
A (fun!) Comparison of Docker Vulnerability ScannersA (fun!) Comparison of Docker Vulnerability Scanners
A (fun!) Comparison of Docker Vulnerability Scanners
John Kinsella
 
CloudStack and the HeartBleed vulnerability
CloudStack and the HeartBleed vulnerabilityCloudStack and the HeartBleed vulnerability
CloudStack and the HeartBleed vulnerability
John Kinsella
 
CloudStack Secured
CloudStack SecuredCloudStack Secured
CloudStack Secured
John Kinsella
 
Truly Secure: The Steps a Security Practitioner Took to Build a Secure Public...
Truly Secure: The Steps a Security Practitioner Took to Build a Secure Public...Truly Secure: The Steps a Security Practitioner Took to Build a Secure Public...
Truly Secure: The Steps a Security Practitioner Took to Build a Secure Public...
John Kinsella
 
Securing the Cloud
Securing the CloudSecuring the Cloud
Securing the Cloud
John Kinsella
 
What is Cloud Security, and Can I Have Some?
What is Cloud Security, and Can I Have Some?What is Cloud Security, and Can I Have Some?
What is Cloud Security, and Can I Have Some?
John Kinsella
 

More from John Kinsella (11)

Removing the Burden of Securing Microservices Through Automation and Visibility
Removing the Burden of Securing Microservices Through Automation and VisibilityRemoving the Burden of Securing Microservices Through Automation and Visibility
Removing the Burden of Securing Microservices Through Automation and Visibility
 
2019 Infosec World Keynote
2019 Infosec World Keynote2019 Infosec World Keynote
2019 Infosec World Keynote
 
An In-depth look at application containers
An In-depth look at application containersAn In-depth look at application containers
An In-depth look at application containers
 
Understanding container security
Understanding container securityUnderstanding container security
Understanding container security
 
Docker security configuration
Docker security configurationDocker security configuration
Docker security configuration
 
A (fun!) Comparison of Docker Vulnerability Scanners
A (fun!) Comparison of Docker Vulnerability ScannersA (fun!) Comparison of Docker Vulnerability Scanners
A (fun!) Comparison of Docker Vulnerability Scanners
 
CloudStack and the HeartBleed vulnerability
CloudStack and the HeartBleed vulnerabilityCloudStack and the HeartBleed vulnerability
CloudStack and the HeartBleed vulnerability
 
CloudStack Secured
CloudStack SecuredCloudStack Secured
CloudStack Secured
 
Truly Secure: The Steps a Security Practitioner Took to Build a Secure Public...
Truly Secure: The Steps a Security Practitioner Took to Build a Secure Public...Truly Secure: The Steps a Security Practitioner Took to Build a Secure Public...
Truly Secure: The Steps a Security Practitioner Took to Build a Secure Public...
 
Securing the Cloud
Securing the CloudSecuring the Cloud
Securing the Cloud
 
What is Cloud Security, and Can I Have Some?
What is Cloud Security, and Can I Have Some?What is Cloud Security, and Can I Have Some?
What is Cloud Security, and Can I Have Some?
 

Recently uploaded

National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
Quotidiano Piemontese
 
UI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentationUI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentation
Wouter Lemaire
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Malak Abu Hammad
 
GenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizationsGenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizations
kumardaparthi1024
 
Digital Marketing Trends in 2024 | Guide for Staying Ahead
Digital Marketing Trends in 2024 | Guide for Staying AheadDigital Marketing Trends in 2024 | Guide for Staying Ahead
Digital Marketing Trends in 2024 | Guide for Staying Ahead
Wask
 
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfHow to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
Chart Kalyan
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
名前 です男
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
Ivanti
 
Nordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptxNordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptx
MichaelKnudsen27
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
DianaGray10
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
Octavian Nadolu
 
Webinar: Designing a schema for a Data Warehouse
Webinar: Designing a schema for a Data WarehouseWebinar: Designing a schema for a Data Warehouse
Webinar: Designing a schema for a Data Warehouse
Federico Razzoli
 
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptxOcean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
SitimaJohn
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
Matthew Sinclair
 
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
Zilliz
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
panagenda
 
Recommendation System using RAG Architecture
Recommendation System using RAG ArchitectureRecommendation System using RAG Architecture
Recommendation System using RAG Architecture
fredae14
 
Mariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceXMariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceX
Mariano Tinti
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
Brandon Minnick, MBA
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
panagenda
 

Recently uploaded (20)

National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
 
UI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentationUI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentation
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
 
GenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizationsGenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizations
 
Digital Marketing Trends in 2024 | Guide for Staying Ahead
Digital Marketing Trends in 2024 | Guide for Staying AheadDigital Marketing Trends in 2024 | Guide for Staying Ahead
Digital Marketing Trends in 2024 | Guide for Staying Ahead
 
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfHow to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
 
Nordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptxNordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptx
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
 
Webinar: Designing a schema for a Data Warehouse
Webinar: Designing a schema for a Data WarehouseWebinar: Designing a schema for a Data Warehouse
Webinar: Designing a schema for a Data Warehouse
 
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptxOcean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
 
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
 
Recommendation System using RAG Architecture
Recommendation System using RAG ArchitectureRecommendation System using RAG Architecture
Recommendation System using RAG Architecture
 
Mariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceXMariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceX
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
 

Dont break the glass

  • 1. Don’t Break the Glass! In case of emergency…
  • 2. Intro • Apache CloudStack committer, PMC member • Security Guy • Founder of Stratosec • …hacker, reverse-engineer • @johnlkinsella, #CCCNA14
  • 3. Goal Provide bread crumbs for you to gain expertise on CloudStack’s data model so you can react quickly in an emergency situation.
  • 4. TOC • What Should Production Look Like? • My Nightmare • My response • How to prepare • How we’re trying to make things better • Homework
  • 5. What Should Production Look Like? • Briefly: – Redundant management servers – Redundant databases – Redundant storage (primary and secondary) – Redundant infrastructure – Data backups – encrypted – Pro tip: store backups outside CloudStack.
  • 6. One Painful February Day… • Made a change in control panel prior to giving customer access • Control panel interpreted this as “Delete the Customer.” • More precisely: “Delete the Customer, VMs and all storage. Now.”
  • 7. Wait, What?? • Took about 15 seconds to realize what happened • Looking in CloudStack Management UI, saw VM shutting down, then being expunged.
  • 9. Emergency Steps • Shut down ACS management server immediately • Fire up your favorite SQL tool (I recommend Squirrel SQL)
  • 10. With your Data Recovery Shrine of Choice Immediately Establish Contact Establish Contact With Data Shrine
  • 11. Know how CloudStack Works • Steps to delete a VM: – Shut down – Destroy – Expunge volumes – Expunge VM
  • 12. The “SQL API” • DB Tables: – vm_instance – volumes – nics – user – account • Common Fields: • account_id • instance_id • created/updated/removed • state • removed BACK UP DB BEFORE MAKING CHANGES!
  • 15. Bonus: changing VM’s IPUPDATE user_ip_address SET allocated=(SELECT allocated FROM (SELECT allocated, public_ip_address FROM user_ip_address) AS oldip WHERE public_ip_address='184.172.14.194') WHERE public_ip_address='184.172.14.193'; UPDATE user_ip_address SET account_id=(SELECT account_id FROM (SELECT account_id, public_ip_address FROM user_ip_address) AS oldip WHERE public_ip_address='184.172.14.194') WHERE public_ip_address='184.172.14.193'; UPDATE user_ip_address SET domain_id=(SELECT domain_id FROM (SELECT allocated, public_ip_address FROM user_ip_address) AS oldip WHERE public_ip_address='184.172.14.194') WHERE public_ip_address='184.172.14.193'; UPDATE user_ip_address SET state='Allocated' WHERE public_ip_address='184.172.14.193'; UPDATE user_ip_address SET network_id=(SELECT network_id FROM (SELECT network_id, public_ip_address FROM user_ip_address) AS oldip WHERE public_ip_address='184.172.14.194') WHERE public_ip_address='184.172.14.193'; UPDATE nics SET ip4_address='184.172.14.193' WHERE instance_id=1797; UPDATE vm_instance SET private_ip_address='184.172.14.193' WHERE instance_name='i-2-1797- VM';
  • 16. Move VM between accounts UPDATE user_ip_address SET account_id=10 WHERE id=29; UPDATE user_ip_address SET domain_id=8 WHERE id=29; UPDATE user_ip_address SET network_id=217 WHERE id=29; UPDATE vm_network_map SET network_id=217 WHERE vm_id=144; UPDATE vm_instance SET domain_id=8 WHERE id=29; UPDATE op_networks SET nics_count=nics_count+1 WHERE id=217; UPDATE op_networks SET mac_address_seq=mac_address_seq+1 WHERE id=217; UPDATE nics SET broadcast_uri='vlan://230' WHERE id=179; UPDATE nics SET network_id=217 WHERE id=179; UPDATE nics SET isolation_uri='vlan://230' WHERE id=179; UPDATE firewall_rules SET account_id=10 WHERE ip_address_id=29; UPDATE firewall_rules SET domain_id=8 WHERE ip_address_id=29; UPDATE firewall_rules SET network_id=217 WHERE ip_address_id=29;
  • 17. How you can prepare • Create written cloud policy, audit production to match • Test your backups • Become familiar with CloudStack internals • Do you really need frequent data expunge processes?
  • 18. Next: Production Lock • Feature: Allow our customers to ensure that no automations will modify or delete their compute or storage instances – Working for VM – Adding for storage, networks – Need to add to UI
  • 19. Homework • Pick a user VM in your Cloud. Via the database: – Find the VM instance record – Find the VM’s nics in the database – Find the VM’s storage in the database – Try deleting a VM via normal means, then before expunge, restore via SQL

Editor's Notes

  1. (I mean hacker in the developer sense, not TV bad guy)
  2. Kelvin Yang:“noticable transition period”
  3. Know how to do this stuff. In an emergency situation you must be able to react quickly.
  4. Images from:https://www.flickr.com/photos/theogeo/2768774330https://www.flickr.com/photos/raviahuja/9074994473https://www.flickr.com/photos/scoobymoo/76916282https://www.flickr.com/photos/cuppini/6008317955https://www.flickr.com/photos/jeffk/743193940
  5. We could create API calls to help with this, but not sure it’s worth the balance of ACS running and potentially doing more damage.
  6. Making the change in SQL gives you history
  7. This one’s not quite perfect
  8. Icons from http://webtreatsetc.deviantart.com/art/Silver-Button-Social-Media-123487830