SlideShare a Scribd company logo

Halo Installfest Slides

CloudPassage
CloudPassage

This document provides an overview of a CloudPassage Halo installfest event. It discusses security issues with infrastructure as a service (IaaS) cloud computing models including lack of firewall control, vulnerability management challenges, and difficulty detecting intrusions. It introduces CloudPassage Halo as a host-based security solution that can address these issues by providing firewall rules, vulnerability scanning, configuration monitoring, and event detection across virtual machines. The installfest will guide participants on installing and using CloudPassage Halo to gain security visibility and control over their cloud infrastructure.

Technology
1 of 38
Download to read offline
CloudPassage Halo Installfest 1
Quick Intro • Thanks for coming out! • Enjoy the free food ☺ • Focus on security issues with IaaS cloud • Interweave that with installing Halo • We’re here to help! – Ask questions – Staff will be handy if you need us – Any and all feedback greatly appreciated CloudPassage Halo Installfest 2
Where Can I Get These Slides? community.cloudpassage.com CloudPassage Halo Installfest 3
Tonight’s Focus • Infrastructure as a Service (IaaS) – Can apply to PaaS and SaaS from a provider’s perspective • Mostly geared to public cloud – Although applicable to private • Tenant security concerns – We’ll skip physical security CloudPassage Halo Installfest 4
What You Need For The Labs • Laptop or tablet • Root equiv access to a Linux VM – Local or public is fine – Spin up now if needed • Internet access – Wifi settings: As Posted CloudPassage Halo Installfest 5
Houston… We Have a Problem All network security benefits Lost in migration: • Firewall – Filter port level access • Firewall – Control rootkit transfer • Proxy – Control app level data • NIDS – Inspect stream for attacks • Sniffer – Audit trail of network traffic CloudPassage Halo Installfest 6
Delineation of Responsibility IaaS PaaS SaaS Interface Interface Interface Application Application Application Solution Stack Solution Stack Solution Stack Tenant Operating System Operating System Operating System Hypervisor Hypervisor Hypervisor Provider Compute & Storage Compute & Storage Compute & Storage Network Network Network Facility Facility Facility CloudPassage Halo Installfest 7
What Are My Options? CloudPassage Halo Installfest 8
Issues to Address • No firewall control • Vulnerability management • Provider image may not meet corporate standards – Configuration settings – Accounts • Detect intrusions CloudPassage Halo Installfest 9
Extending The LAN Into The Cloud CloudPassage Halo Installfest 10
LAN Extended Challenges • Increases load on corporate link – Today we’re mobile – Limits public cloud scaling • Increase load on perimeter infrastructure • Negates network benefits – Provider load balancing – Multi-peer points – Geo-location DNS – Higher latency • No protection within virtual infrastructure CloudPassage Halo Installfest 11
Virtual Appliance Management CloudPassage Halo Installfest 12
Virtual Appliance Architecture CloudPassage Halo Installfest 13
What About Introspection? • Hypervisor based security – Has visibility into all VMs • Single point of control – For a specific hypervisor deployment • Public - Do you want other tenants to have access to your hypervisor? • Do you want your provider to have non- auditable access to your VMs? • Can break segregation of duties CloudPassage Halo Installfest 14
Host-Based Architecture Consistent architecture (and risk abatement) regardless of deployment CloudPassage Halo Installfest 15
Why Host Based Firewalls? • Tenant controlled – Provider gains no additional access • Mitigate potential risks from vswitch or VLANs • Supported across all cloud infrastructures – Consistent management regardless of deployment • Security Is portable with the VM • This is the model supported by Halo CloudPassage Halo Installfest 16
Why restrict Admin Ports? Dshield.org data Green = # of IPs looking for open SSH ports Red = # of IPs hit by SSH scan CloudPassage Halo Installfest 17
Halo Firewall Interface Cloak the port till these users authenticate CloudPassage Halo Installfest 18
Issues to Address • No firewall control • Vulnerability management • Provider image may not meet corporate standards – Configuration settings – Accounts • Detect intrusions CloudPassage Halo Installfest 19
Image Deployment • Provider images usually not patched • Some 3rd party images are pre-patched – To the time of the image's release – Which 3rd parties can you trust? • Auto-patching usually disabled • Some known vulnerabilities may not yet be patched – But it may be possible to mitigate risk is known CloudPassage Halo Installfest 20
Vulnerability Wire Testing • Some providers have restrictions – May be limited by terms of service – May be limited to specific products • Targeting concerns – What if your IP’s are not continuous? – What if the IP changes? • Does not detect local exploits CloudPassage Halo Installfest 21
Host Based Vulnerability Checking • Validate compliances within the VM itself • Can check remote and local vulnerabilities • Typically lower cost to deploy – Less billable utilization • Can false negative if patch not loaded – Kernel updates • This is the model Halo uses CloudPassage Halo Installfest 22
Halo Software Risks CloudPassage Halo Installfest 23
Issues to Address • No firewall control • Vulnerability management • Provider image may not meet corporate standards – Configuration settings – Accounts • Detect intrusions CloudPassage Halo Installfest 24
Configuration Settings • Are only required processes running? – Are they securely configured? • Is password aging enforced? • Is root permitted direct SSH access? • Proper permissions on critical files? • Is sudo or wheel properly configured? • Any changes since deployment? CloudPassage Halo Installfest 25
Creating A Halo Check CloudPassage Halo Installfest 26
Halo Check Results CloudPassage Halo Installfest 27
System Accounts • What accounts are on the system? • Did the provider modify the default accounts? – ec2-user • Which accounts have root level access? • Who has accounts on which servers? • How do you add/delete accounts for many servers simultaneously? CloudPassage Halo Installfest 28
Halo Server Access CloudPassage Halo Installfest 29
Expanded Details CloudPassage Halo Installfest 30
Issues to Address • No firewall control • Vulnerability management • Provider image may not meet corporate standards – Configuration settings – Accounts • Detect intrusions CloudPassage Halo Installfest 31
Clues To An Attack • Some file changes indicate a compromise • Static Web server files • /etc/passwd has new account • /etc/sudoers has new entries • ssh_known_hosts has new entries • authorized_keys has new entries • Halo uses SHA-256 to detect changes CloudPassage Halo Installfest 32
Define Files to Check CloudPassage Halo Installfest 33
Halo FIM Reporting CloudPassage Halo Installfest 34
Event Reporting CloudPassage Halo Installfest 35
Alert Reporting CloudPassage Halo Installfest 36
Lab Time Let’s Install Halo! CloudPassage Halo Installfest 37
Start Here to Create an Account CloudPassage Halo Installfest 38

Recommended

F5 Meetup presentation automation 2017
F5 Meetup presentation automation 2017F5 Meetup presentation automation 2017
F5 Meetup presentation automation 2017
Guy Brown
 
Latest Trends in Web Application Security
Latest Trends in Web Application SecurityLatest Trends in Web Application Security
Latest Trends in Web Application Security
Cloudflare
 
F5 Web Application Security
F5 Web Application SecurityF5 Web Application Security
F5 Web Application Security
MarketingArrowECS_CZ
 
Migrating from Akamai to Incapsula: What You Need to Know
Migrating from Akamai to Incapsula: What You Need to KnowMigrating from Akamai to Incapsula: What You Need to Know
Migrating from Akamai to Incapsula: What You Need to Know
Imperva Incapsula
 
Cloudflare Load Balancing for Monitoring Origin Server Health and Automatic F...
Cloudflare Load Balancing for Monitoring Origin Server Health and Automatic F...Cloudflare Load Balancing for Monitoring Origin Server Health and Automatic F...
Cloudflare Load Balancing for Monitoring Origin Server Health and Automatic F...
Cloudflare
 
An Inside Look at a Sophisticated Multi-Vector DDoS Attack
An Inside Look at a Sophisticated Multi-Vector DDoS AttackAn Inside Look at a Sophisticated Multi-Vector DDoS Attack
An Inside Look at a Sophisticated Multi-Vector DDoS Attack
Imperva Incapsula
 
New Products Overview: Use Cases and Demos
New Products Overview: Use Cases and DemosNew Products Overview: Use Cases and Demos
New Products Overview: Use Cases and Demos
Caitlin Magat
 
Azure F5 Solutions
Azure F5 SolutionsAzure F5 Solutions
Azure F5 Solutions
MarketingArrowECS_CZ
 

Recommended

F5 Meetup presentation automation 2017
F5 Meetup presentation automation 2017F5 Meetup presentation automation 2017
F5 Meetup presentation automation 2017
Guy Brown
 
Latest Trends in Web Application Security
Latest Trends in Web Application SecurityLatest Trends in Web Application Security
Latest Trends in Web Application Security
Cloudflare
 
F5 Web Application Security
F5 Web Application SecurityF5 Web Application Security
F5 Web Application Security
MarketingArrowECS_CZ
 
Migrating from Akamai to Incapsula: What You Need to Know
Migrating from Akamai to Incapsula: What You Need to KnowMigrating from Akamai to Incapsula: What You Need to Know
Migrating from Akamai to Incapsula: What You Need to Know
Imperva Incapsula
 
Cloudflare Load Balancing for Monitoring Origin Server Health and Automatic F...
Cloudflare Load Balancing for Monitoring Origin Server Health and Automatic F...Cloudflare Load Balancing for Monitoring Origin Server Health and Automatic F...
Cloudflare Load Balancing for Monitoring Origin Server Health and Automatic F...
Cloudflare
 
An Inside Look at a Sophisticated Multi-Vector DDoS Attack
An Inside Look at a Sophisticated Multi-Vector DDoS AttackAn Inside Look at a Sophisticated Multi-Vector DDoS Attack
An Inside Look at a Sophisticated Multi-Vector DDoS Attack
Imperva Incapsula
 
New Products Overview: Use Cases and Demos
New Products Overview: Use Cases and DemosNew Products Overview: Use Cases and Demos
New Products Overview: Use Cases and Demos
Caitlin Magat
 
Azure F5 Solutions
Azure F5 SolutionsAzure F5 Solutions
Azure F5 Solutions
MarketingArrowECS_CZ
 
CENTRAL MANAGEMENT OF NETWORK AND CALL SERVICES
CENTRAL MANAGEMENT OF NETWORK AND CALL SERVICESCENTRAL MANAGEMENT OF NETWORK AND CALL SERVICES
CENTRAL MANAGEMENT OF NETWORK AND CALL SERVICES
Nazmul Hossain Rakib
 
Cloud Application Security: Lessons Learned
Cloud Application Security: Lessons LearnedCloud Application Security: Lessons Learned
Cloud Application Security: Lessons Learned
Jason Chan
 
Securing your telco cloud
Securing your telco cloud Securing your telco cloud
Securing your telco cloud
OPNFV
 
F5 TMOS v13.0
F5 TMOS v13.0F5 TMOS v13.0
F5 TMOS v13.0
MarketingArrowECS_CZ
 
Reston Virtualization Group 9-18-2014
Reston Virtualization Group 9-18-2014 Reston Virtualization Group 9-18-2014
Reston Virtualization Group 9-18-2014
VMwareJenn
 
Self service it with v realizeautomation and nsx
Self service it with v realizeautomation and nsxSelf service it with v realizeautomation and nsx
Self service it with v realizeautomation and nsx
solarisyougood
 
The Top 10 Most Common Weaknesses in Serverless Applications 2018
The Top 10 Most Common Weaknesses in Serverless Applications 2018The Top 10 Most Common Weaknesses in Serverless Applications 2018
The Top 10 Most Common Weaknesses in Serverless Applications 2018
PureSec
 
Protecting Your IP with Perforce Helix and Interset
Protecting Your IP with Perforce Helix and IntersetProtecting Your IP with Perforce Helix and Interset
Protecting Your IP with Perforce Helix and Interset
Perforce
 
Sullivan heartbleed-defcon22 2014
Sullivan heartbleed-defcon22 2014Sullivan heartbleed-defcon22 2014
Sullivan heartbleed-defcon22 2014
Cloudflare
 
WebGoat.SDWAN.Net in Depth: SD-WAN Security Assessment
WebGoat.SDWAN.Net in Depth: SD-WAN Security Assessment WebGoat.SDWAN.Net in Depth: SD-WAN Security Assessment
WebGoat.SDWAN.Net in Depth: SD-WAN Security Assessment
Sergey Gordeychik
 
UCS Management APIs A Technical Deep Dive
UCS Management APIs A Technical Deep DiveUCS Management APIs A Technical Deep Dive
UCS Management APIs A Technical Deep Dive
Cisco DevNet
 
VMworld 2013: Technical Deep Dive: Build a Collapsed DMZ Architecture for Opt...
VMworld 2013: Technical Deep Dive: Build a Collapsed DMZ Architecture for Opt...VMworld 2013: Technical Deep Dive: Build a Collapsed DMZ Architecture for Opt...
VMworld 2013: Technical Deep Dive: Build a Collapsed DMZ Architecture for Opt...
VMworld
 
Cloud Security at Netflix
Cloud Security at NetflixCloud Security at Netflix
Cloud Security at Netflix
Jason Chan
 
Introduction to Zabbix - Company, Product, Services and Use Cases
Introduction to Zabbix - Company, Product, Services and Use CasesIntroduction to Zabbix - Company, Product, Services and Use Cases
Introduction to Zabbix - Company, Product, Services and Use Cases
Zabbix
 
Achieve Full API Lifecycle Management Using NGINX Controller – EMEA
Achieve Full API Lifecycle Management Using NGINX Controller – EMEAAchieve Full API Lifecycle Management Using NGINX Controller – EMEA
Achieve Full API Lifecycle Management Using NGINX Controller – EMEA
NGINX, Inc.
 
Extracting Credentials From Windows
Extracting Credentials From WindowsExtracting Credentials From Windows
Extracting Credentials From Windows
NetSPI
 
Perforce on Tour 2015 - Securing the Helix Platform at Citrix
Perforce on Tour 2015 - Securing the Helix Platform at CitrixPerforce on Tour 2015 - Securing the Helix Platform at Citrix
Perforce on Tour 2015 - Securing the Helix Platform at Citrix
Perforce
 
Nsx security deep dive
Nsx security deep diveNsx security deep dive
Nsx security deep dive
solarisyougood
 
ModSecurity and NGINX: Tuning the OWASP Core Rule Set (Updated)
ModSecurity and NGINX: Tuning the OWASP Core Rule Set (Updated)ModSecurity and NGINX: Tuning the OWASP Core Rule Set (Updated)
ModSecurity and NGINX: Tuning the OWASP Core Rule Set (Updated)
NGINX, Inc.
 
Going outside the application
Going outside the applicationGoing outside the application
Going outside the application
Matthew Saltzman
 
Yes, you can be pci compliant using a public iaas cloud a case study by phi...
Yes, you can be pci compliant using a public iaas cloud a case study by phi...Yes, you can be pci compliant using a public iaas cloud a case study by phi...
Yes, you can be pci compliant using a public iaas cloud a case study by phi...
Khazret Sapenov
 
Checkpoint Firewall for Dummies
Checkpoint Firewall for Dummies Checkpoint Firewall for Dummies
Checkpoint Firewall for Dummies
sushmil123
 

More Related Content

What's hot

CENTRAL MANAGEMENT OF NETWORK AND CALL SERVICES
CENTRAL MANAGEMENT OF NETWORK AND CALL SERVICESCENTRAL MANAGEMENT OF NETWORK AND CALL SERVICES
CENTRAL MANAGEMENT OF NETWORK AND CALL SERVICES
Nazmul Hossain Rakib
 
Cloud Application Security: Lessons Learned
Cloud Application Security: Lessons LearnedCloud Application Security: Lessons Learned
Cloud Application Security: Lessons Learned
Jason Chan
 
Securing your telco cloud
Securing your telco cloud Securing your telco cloud
Securing your telco cloud
OPNFV
 
F5 TMOS v13.0
F5 TMOS v13.0F5 TMOS v13.0
F5 TMOS v13.0
MarketingArrowECS_CZ
 
Reston Virtualization Group 9-18-2014
Reston Virtualization Group 9-18-2014 Reston Virtualization Group 9-18-2014
Reston Virtualization Group 9-18-2014
VMwareJenn
 
Self service it with v realizeautomation and nsx
Self service it with v realizeautomation and nsxSelf service it with v realizeautomation and nsx
Self service it with v realizeautomation and nsx
solarisyougood
 
The Top 10 Most Common Weaknesses in Serverless Applications 2018
The Top 10 Most Common Weaknesses in Serverless Applications 2018The Top 10 Most Common Weaknesses in Serverless Applications 2018
The Top 10 Most Common Weaknesses in Serverless Applications 2018
PureSec
 
Protecting Your IP with Perforce Helix and Interset
Protecting Your IP with Perforce Helix and IntersetProtecting Your IP with Perforce Helix and Interset
Protecting Your IP with Perforce Helix and Interset
Perforce
 
Sullivan heartbleed-defcon22 2014
Sullivan heartbleed-defcon22 2014Sullivan heartbleed-defcon22 2014
Sullivan heartbleed-defcon22 2014
Cloudflare
 
WebGoat.SDWAN.Net in Depth: SD-WAN Security Assessment
WebGoat.SDWAN.Net in Depth: SD-WAN Security Assessment WebGoat.SDWAN.Net in Depth: SD-WAN Security Assessment
WebGoat.SDWAN.Net in Depth: SD-WAN Security Assessment
Sergey Gordeychik
 
UCS Management APIs A Technical Deep Dive
UCS Management APIs A Technical Deep DiveUCS Management APIs A Technical Deep Dive
UCS Management APIs A Technical Deep Dive
Cisco DevNet
 
VMworld 2013: Technical Deep Dive: Build a Collapsed DMZ Architecture for Opt...
VMworld 2013: Technical Deep Dive: Build a Collapsed DMZ Architecture for Opt...VMworld 2013: Technical Deep Dive: Build a Collapsed DMZ Architecture for Opt...
VMworld 2013: Technical Deep Dive: Build a Collapsed DMZ Architecture for Opt...
VMworld
 
Cloud Security at Netflix
Cloud Security at NetflixCloud Security at Netflix
Cloud Security at Netflix
Jason Chan
 
Introduction to Zabbix - Company, Product, Services and Use Cases
Introduction to Zabbix - Company, Product, Services and Use CasesIntroduction to Zabbix - Company, Product, Services and Use Cases
Introduction to Zabbix - Company, Product, Services and Use Cases
Zabbix
 
Achieve Full API Lifecycle Management Using NGINX Controller – EMEA
Achieve Full API Lifecycle Management Using NGINX Controller – EMEAAchieve Full API Lifecycle Management Using NGINX Controller – EMEA
Achieve Full API Lifecycle Management Using NGINX Controller – EMEA
NGINX, Inc.
 
Extracting Credentials From Windows
Extracting Credentials From WindowsExtracting Credentials From Windows
Extracting Credentials From Windows
NetSPI
 
Perforce on Tour 2015 - Securing the Helix Platform at Citrix
Perforce on Tour 2015 - Securing the Helix Platform at CitrixPerforce on Tour 2015 - Securing the Helix Platform at Citrix
Perforce on Tour 2015 - Securing the Helix Platform at Citrix
Perforce
 
Nsx security deep dive
Nsx security deep diveNsx security deep dive
Nsx security deep dive
solarisyougood
 
ModSecurity and NGINX: Tuning the OWASP Core Rule Set (Updated)
ModSecurity and NGINX: Tuning the OWASP Core Rule Set (Updated)ModSecurity and NGINX: Tuning the OWASP Core Rule Set (Updated)
ModSecurity and NGINX: Tuning the OWASP Core Rule Set (Updated)
NGINX, Inc.
 
Going outside the application
Going outside the applicationGoing outside the application
Going outside the application
Matthew Saltzman
 

What's hot (20)

CENTRAL MANAGEMENT OF NETWORK AND CALL SERVICES
CENTRAL MANAGEMENT OF NETWORK AND CALL SERVICESCENTRAL MANAGEMENT OF NETWORK AND CALL SERVICES
CENTRAL MANAGEMENT OF NETWORK AND CALL SERVICES
 
Cloud Application Security: Lessons Learned
Cloud Application Security: Lessons LearnedCloud Application Security: Lessons Learned
Cloud Application Security: Lessons Learned
 
Securing your telco cloud
Securing your telco cloud Securing your telco cloud
Securing your telco cloud
 
F5 TMOS v13.0
F5 TMOS v13.0F5 TMOS v13.0
F5 TMOS v13.0
 
Reston Virtualization Group 9-18-2014
Reston Virtualization Group 9-18-2014 Reston Virtualization Group 9-18-2014
Reston Virtualization Group 9-18-2014
 
Self service it with v realizeautomation and nsx
Self service it with v realizeautomation and nsxSelf service it with v realizeautomation and nsx
Self service it with v realizeautomation and nsx
 
The Top 10 Most Common Weaknesses in Serverless Applications 2018
The Top 10 Most Common Weaknesses in Serverless Applications 2018The Top 10 Most Common Weaknesses in Serverless Applications 2018
The Top 10 Most Common Weaknesses in Serverless Applications 2018
 
Protecting Your IP with Perforce Helix and Interset
Protecting Your IP with Perforce Helix and IntersetProtecting Your IP with Perforce Helix and Interset
Protecting Your IP with Perforce Helix and Interset
 
Sullivan heartbleed-defcon22 2014
Sullivan heartbleed-defcon22 2014Sullivan heartbleed-defcon22 2014
Sullivan heartbleed-defcon22 2014
 
WebGoat.SDWAN.Net in Depth: SD-WAN Security Assessment
WebGoat.SDWAN.Net in Depth: SD-WAN Security Assessment WebGoat.SDWAN.Net in Depth: SD-WAN Security Assessment
WebGoat.SDWAN.Net in Depth: SD-WAN Security Assessment
 
UCS Management APIs A Technical Deep Dive
UCS Management APIs A Technical Deep DiveUCS Management APIs A Technical Deep Dive
UCS Management APIs A Technical Deep Dive
 
VMworld 2013: Technical Deep Dive: Build a Collapsed DMZ Architecture for Opt...
VMworld 2013: Technical Deep Dive: Build a Collapsed DMZ Architecture for Opt...VMworld 2013: Technical Deep Dive: Build a Collapsed DMZ Architecture for Opt...
VMworld 2013: Technical Deep Dive: Build a Collapsed DMZ Architecture for Opt...
 
Cloud Security at Netflix
Cloud Security at NetflixCloud Security at Netflix
Cloud Security at Netflix
 
Introduction to Zabbix - Company, Product, Services and Use Cases
Introduction to Zabbix - Company, Product, Services and Use CasesIntroduction to Zabbix - Company, Product, Services and Use Cases
Introduction to Zabbix - Company, Product, Services and Use Cases
 
Achieve Full API Lifecycle Management Using NGINX Controller – EMEA
Achieve Full API Lifecycle Management Using NGINX Controller – EMEAAchieve Full API Lifecycle Management Using NGINX Controller – EMEA
Achieve Full API Lifecycle Management Using NGINX Controller – EMEA
 
Extracting Credentials From Windows
Extracting Credentials From WindowsExtracting Credentials From Windows
Extracting Credentials From Windows
 
Perforce on Tour 2015 - Securing the Helix Platform at Citrix
Perforce on Tour 2015 - Securing the Helix Platform at CitrixPerforce on Tour 2015 - Securing the Helix Platform at Citrix
Perforce on Tour 2015 - Securing the Helix Platform at Citrix
 
Nsx security deep dive
Nsx security deep diveNsx security deep dive
Nsx security deep dive
 
ModSecurity and NGINX: Tuning the OWASP Core Rule Set (Updated)
ModSecurity and NGINX: Tuning the OWASP Core Rule Set (Updated)ModSecurity and NGINX: Tuning the OWASP Core Rule Set (Updated)
ModSecurity and NGINX: Tuning the OWASP Core Rule Set (Updated)
 
Going outside the application
Going outside the applicationGoing outside the application
Going outside the application
 

Similar to Halo Installfest Slides

Yes, you can be pci compliant using a public iaas cloud a case study by phi...
Yes, you can be pci compliant using a public iaas cloud a case study by phi...Yes, you can be pci compliant using a public iaas cloud a case study by phi...
Yes, you can be pci compliant using a public iaas cloud a case study by phi...
Khazret Sapenov
 
Checkpoint Firewall for Dummies
Checkpoint Firewall for Dummies Checkpoint Firewall for Dummies
Checkpoint Firewall for Dummies
sushmil123
 
Security and Compliance for Enterprise Cloud Infrastructure
Security and Compliance for Enterprise Cloud InfrastructureSecurity and Compliance for Enterprise Cloud Infrastructure
Security and Compliance for Enterprise Cloud Infrastructure
CloudPassage
 
Security in the cloud Workshop HSTC 2014
Security in the cloud Workshop HSTC 2014Security in the cloud Workshop HSTC 2014
Security in the cloud Workshop HSTC 2014
Akash Mahajan
 
RightScale Webinar: Security and Compliance in the Cloud
RightScale Webinar: Security and Compliance in the CloudRightScale Webinar: Security and Compliance in the Cloud
RightScale Webinar: Security and Compliance in the Cloud
RightScale
 
Cloud for agile_sw_projects-final
Cloud for agile_sw_projects-finalCloud for agile_sw_projects-final
Cloud for agile_sw_projects-final
Alain Delafosse
 
VMworld 2013: Three Advantages of Running Cloud Foundry in a VMware Private C...
VMworld 2013: Three Advantages of Running Cloud Foundry in a VMware Private C...VMworld 2013: Three Advantages of Running Cloud Foundry in a VMware Private C...
VMworld 2013: Three Advantages of Running Cloud Foundry in a VMware Private C...
VMworld
 
12-Factor Apps
12-Factor Apps12-Factor Apps
12-Factor Apps
Siva Rama Krishna Chunduru
 
Moving Windows Applications to the Cloud
Moving Windows Applications to the CloudMoving Windows Applications to the Cloud
Moving Windows Applications to the Cloud
RightScale
 
Cloud Hosting for Government Agencies: Drupal Platform as a Service
Cloud Hosting for Government Agencies: Drupal Platform as a ServiceCloud Hosting for Government Agencies: Drupal Platform as a Service
Cloud Hosting for Government Agencies: Drupal Platform as a Service
Acquia
 
Challenges Scaling DevOps
Challenges Scaling DevOpsChallenges Scaling DevOps
Challenges Scaling DevOps
Rachel Maxwell
 
Oracle IaaS including OCM and Ravello
Oracle IaaS including OCM and RavelloOracle IaaS including OCM and Ravello
Oracle IaaS including OCM and Ravello
Andrey Akulov
 
Integrating OpenStack To Existing Infrastructure
Integrating OpenStack To Existing InfrastructureIntegrating OpenStack To Existing Infrastructure
Integrating OpenStack To Existing Infrastructure
Hui Cheng
 
Migrating IBM i Systems to the Cloud: Exploring the Pros and Cons
Migrating IBM i Systems to the Cloud: Exploring the Pros and ConsMigrating IBM i Systems to the Cloud: Exploring the Pros and Cons
Migrating IBM i Systems to the Cloud: Exploring the Pros and Cons
Precisely
 
Securing Servers in Public and Hybrid Clouds
Securing Servers in Public and Hybrid CloudsSecuring Servers in Public and Hybrid Clouds
Securing Servers in Public and Hybrid Clouds
RightScale
 
RapidScale CloudServer
RapidScale CloudServerRapidScale CloudServer
RapidScale CloudServer
RapidScale
 
10052016115136.pptx
10052016115136.pptx10052016115136.pptx
10052016115136.pptx
dixitgangaiah
 
Process for joining to the FIWARE Lab
Process for joining to the FIWARE LabProcess for joining to the FIWARE Lab
Process for joining to the FIWARE Lab
Fernando Lopez Aguilar
 
Flintstones or Jetsons? Jump Start Your Virtual Test Lab
Flintstones or Jetsons? Jump Start Your Virtual Test LabFlintstones or Jetsons? Jump Start Your Virtual Test Lab
Flintstones or Jetsons? Jump Start Your Virtual Test Lab
TechWell
 
The Future of SDN in CloudStack by Chiradeep Vittal
The Future of SDN in CloudStack by Chiradeep VittalThe Future of SDN in CloudStack by Chiradeep Vittal
The Future of SDN in CloudStack by Chiradeep Vittal
buildacloud
 

Similar to Halo Installfest Slides (20)

Yes, you can be pci compliant using a public iaas cloud a case study by phi...
Yes, you can be pci compliant using a public iaas cloud a case study by phi...Yes, you can be pci compliant using a public iaas cloud a case study by phi...
Yes, you can be pci compliant using a public iaas cloud a case study by phi...
 
Checkpoint Firewall for Dummies
Checkpoint Firewall for Dummies Checkpoint Firewall for Dummies
Checkpoint Firewall for Dummies
 
Security and Compliance for Enterprise Cloud Infrastructure
Security and Compliance for Enterprise Cloud InfrastructureSecurity and Compliance for Enterprise Cloud Infrastructure
Security and Compliance for Enterprise Cloud Infrastructure
 
Security in the cloud Workshop HSTC 2014
Security in the cloud Workshop HSTC 2014Security in the cloud Workshop HSTC 2014
Security in the cloud Workshop HSTC 2014
 
RightScale Webinar: Security and Compliance in the Cloud
RightScale Webinar: Security and Compliance in the CloudRightScale Webinar: Security and Compliance in the Cloud
RightScale Webinar: Security and Compliance in the Cloud
 
Cloud for agile_sw_projects-final
Cloud for agile_sw_projects-finalCloud for agile_sw_projects-final
Cloud for agile_sw_projects-final
 
VMworld 2013: Three Advantages of Running Cloud Foundry in a VMware Private C...
VMworld 2013: Three Advantages of Running Cloud Foundry in a VMware Private C...VMworld 2013: Three Advantages of Running Cloud Foundry in a VMware Private C...
VMworld 2013: Three Advantages of Running Cloud Foundry in a VMware Private C...
 
12-Factor Apps
12-Factor Apps12-Factor Apps
12-Factor Apps
 
Moving Windows Applications to the Cloud
Moving Windows Applications to the CloudMoving Windows Applications to the Cloud
Moving Windows Applications to the Cloud
 
Cloud Hosting for Government Agencies: Drupal Platform as a Service
Cloud Hosting for Government Agencies: Drupal Platform as a ServiceCloud Hosting for Government Agencies: Drupal Platform as a Service
Cloud Hosting for Government Agencies: Drupal Platform as a Service
 
Challenges Scaling DevOps
Challenges Scaling DevOpsChallenges Scaling DevOps
Challenges Scaling DevOps
 
Oracle IaaS including OCM and Ravello
Oracle IaaS including OCM and RavelloOracle IaaS including OCM and Ravello
Oracle IaaS including OCM and Ravello
 
Integrating OpenStack To Existing Infrastructure
Integrating OpenStack To Existing InfrastructureIntegrating OpenStack To Existing Infrastructure
Integrating OpenStack To Existing Infrastructure
 
Migrating IBM i Systems to the Cloud: Exploring the Pros and Cons
Migrating IBM i Systems to the Cloud: Exploring the Pros and ConsMigrating IBM i Systems to the Cloud: Exploring the Pros and Cons
Migrating IBM i Systems to the Cloud: Exploring the Pros and Cons
 
Securing Servers in Public and Hybrid Clouds
Securing Servers in Public and Hybrid CloudsSecuring Servers in Public and Hybrid Clouds
Securing Servers in Public and Hybrid Clouds
 
RapidScale CloudServer
RapidScale CloudServerRapidScale CloudServer
RapidScale CloudServer
 
10052016115136.pptx
10052016115136.pptx10052016115136.pptx
10052016115136.pptx
 
Process for joining to the FIWARE Lab
Process for joining to the FIWARE LabProcess for joining to the FIWARE Lab
Process for joining to the FIWARE Lab
 
Flintstones or Jetsons? Jump Start Your Virtual Test Lab
Flintstones or Jetsons? Jump Start Your Virtual Test LabFlintstones or Jetsons? Jump Start Your Virtual Test Lab
Flintstones or Jetsons? Jump Start Your Virtual Test Lab
 
The Future of SDN in CloudStack by Chiradeep Vittal
The Future of SDN in CloudStack by Chiradeep VittalThe Future of SDN in CloudStack by Chiradeep Vittal
The Future of SDN in CloudStack by Chiradeep Vittal
 

More from CloudPassage

Best Practices for Workload Security: Securing Servers in Modern Data Center ...
Best Practices for Workload Security: Securing Servers in Modern Data Center ...Best Practices for Workload Security: Securing Servers in Modern Data Center ...
Best Practices for Workload Security: Securing Servers in Modern Data Center ...
CloudPassage
 
CloudPassage Careers
CloudPassage CareersCloudPassage Careers
CloudPassage Careers
CloudPassage
 
Transforming the CSO Role to Business Enabler
Transforming the CSO Role to Business EnablerTransforming the CSO Role to Business Enabler
Transforming the CSO Role to Business Enabler
CloudPassage
 
Rethinking Security: The Cloud Infrastructure Effect
Rethinking Security: The Cloud Infrastructure EffectRethinking Security: The Cloud Infrastructure Effect
Rethinking Security: The Cloud Infrastructure Effect
CloudPassage
 
Webinar compiled powerpoint
Webinar compiled powerpointWebinar compiled powerpoint
Webinar compiled powerpoint
CloudPassage
 
SecDevOps: The New Black of IT
SecDevOps: The New Black of ITSecDevOps: The New Black of IT
SecDevOps: The New Black of IT
CloudPassage
 
Technologies You Need to Safely Use the Cloud
Technologies You Need to Safely Use the CloudTechnologies You Need to Safely Use the Cloud
Technologies You Need to Safely Use the Cloud
CloudPassage
 
Cloud Security: Make Your CISO Successful
Cloud Security: Make Your CISO SuccessfulCloud Security: Make Your CISO Successful
Cloud Security: Make Your CISO Successful
CloudPassage
 
Secure Cloud Development Resources with DevOps
Secure Cloud Development Resources with DevOpsSecure Cloud Development Resources with DevOps
Secure Cloud Development Resources with DevOps
CloudPassage
 
45 Minutes to PCI Compliance in the Cloud
45 Minutes to PCI Compliance in the Cloud45 Minutes to PCI Compliance in the Cloud
45 Minutes to PCI Compliance in the Cloud
CloudPassage
 
Comprehensive Cloud Security Requires an Automated Approach
Comprehensive Cloud Security Requires an Automated ApproachComprehensive Cloud Security Requires an Automated Approach
Comprehensive Cloud Security Requires an Automated Approach
CloudPassage
 
Security that works with, not against, your SaaS business
Security that works with, not against, your SaaS businessSecurity that works with, not against, your SaaS business
Security that works with, not against, your SaaS business
CloudPassage
 
Integrating Security into DevOps
Integrating Security into DevOpsIntegrating Security into DevOps
Integrating Security into DevOps
CloudPassage
 
What You Need To Know About The New PCI Cloud Guidelines
What You Need To Know About The New PCI Cloud GuidelinesWhat You Need To Know About The New PCI Cloud Guidelines
What You Need To Know About The New PCI Cloud Guidelines
CloudPassage
 
What You Haven't Heard (Yet) About Cloud Security
What You Haven't Heard (Yet) About Cloud SecurityWhat You Haven't Heard (Yet) About Cloud Security
What You Haven't Heard (Yet) About Cloud Security
CloudPassage
 
Meeting PCI DSS Requirements with AWS and CloudPassage
Meeting PCI DSS Requirements with AWS and CloudPassageMeeting PCI DSS Requirements with AWS and CloudPassage
Meeting PCI DSS Requirements with AWS and CloudPassage
CloudPassage
 
Delivering Secure OpenStack IaaS for SaaS Products
Delivering Secure OpenStack IaaS for SaaS ProductsDelivering Secure OpenStack IaaS for SaaS Products
Delivering Secure OpenStack IaaS for SaaS Products
CloudPassage
 
CloudPassage Overview
CloudPassage OverviewCloudPassage Overview
CloudPassage Overview
CloudPassage
 
PCI and the Cloud
PCI and the CloudPCI and the Cloud
PCI and the Cloud
CloudPassage
 
Automating Security for the Cloud - Make it Easy, Make it Safe
Automating Security for the Cloud - Make it Easy, Make it SafeAutomating Security for the Cloud - Make it Easy, Make it Safe
Automating Security for the Cloud - Make it Easy, Make it Safe
CloudPassage
 

More from CloudPassage (20)

Best Practices for Workload Security: Securing Servers in Modern Data Center ...
Best Practices for Workload Security: Securing Servers in Modern Data Center ...Best Practices for Workload Security: Securing Servers in Modern Data Center ...
Best Practices for Workload Security: Securing Servers in Modern Data Center ...
 
CloudPassage Careers
CloudPassage CareersCloudPassage Careers
CloudPassage Careers
 
Transforming the CSO Role to Business Enabler
Transforming the CSO Role to Business EnablerTransforming the CSO Role to Business Enabler
Transforming the CSO Role to Business Enabler
 
Rethinking Security: The Cloud Infrastructure Effect
Rethinking Security: The Cloud Infrastructure EffectRethinking Security: The Cloud Infrastructure Effect
Rethinking Security: The Cloud Infrastructure Effect
 
Webinar compiled powerpoint
Webinar compiled powerpointWebinar compiled powerpoint
Webinar compiled powerpoint
 
SecDevOps: The New Black of IT
SecDevOps: The New Black of ITSecDevOps: The New Black of IT
SecDevOps: The New Black of IT
 
Technologies You Need to Safely Use the Cloud
Technologies You Need to Safely Use the CloudTechnologies You Need to Safely Use the Cloud
Technologies You Need to Safely Use the Cloud
 
Cloud Security: Make Your CISO Successful
Cloud Security: Make Your CISO SuccessfulCloud Security: Make Your CISO Successful
Cloud Security: Make Your CISO Successful
 
Secure Cloud Development Resources with DevOps
Secure Cloud Development Resources with DevOpsSecure Cloud Development Resources with DevOps
Secure Cloud Development Resources with DevOps
 
45 Minutes to PCI Compliance in the Cloud
45 Minutes to PCI Compliance in the Cloud45 Minutes to PCI Compliance in the Cloud
45 Minutes to PCI Compliance in the Cloud
 
Comprehensive Cloud Security Requires an Automated Approach
Comprehensive Cloud Security Requires an Automated ApproachComprehensive Cloud Security Requires an Automated Approach
Comprehensive Cloud Security Requires an Automated Approach
 
Security that works with, not against, your SaaS business
Security that works with, not against, your SaaS businessSecurity that works with, not against, your SaaS business
Security that works with, not against, your SaaS business
 
Integrating Security into DevOps
Integrating Security into DevOpsIntegrating Security into DevOps
Integrating Security into DevOps
 
What You Need To Know About The New PCI Cloud Guidelines
What You Need To Know About The New PCI Cloud GuidelinesWhat You Need To Know About The New PCI Cloud Guidelines
What You Need To Know About The New PCI Cloud Guidelines
 
What You Haven't Heard (Yet) About Cloud Security
What You Haven't Heard (Yet) About Cloud SecurityWhat You Haven't Heard (Yet) About Cloud Security
What You Haven't Heard (Yet) About Cloud Security
 
Meeting PCI DSS Requirements with AWS and CloudPassage
Meeting PCI DSS Requirements with AWS and CloudPassageMeeting PCI DSS Requirements with AWS and CloudPassage
Meeting PCI DSS Requirements with AWS and CloudPassage
 
Delivering Secure OpenStack IaaS for SaaS Products
Delivering Secure OpenStack IaaS for SaaS ProductsDelivering Secure OpenStack IaaS for SaaS Products
Delivering Secure OpenStack IaaS for SaaS Products
 
CloudPassage Overview
CloudPassage OverviewCloudPassage Overview
CloudPassage Overview
 
PCI and the Cloud
PCI and the CloudPCI and the Cloud
PCI and the Cloud
 
Automating Security for the Cloud - Make it Easy, Make it Safe
Automating Security for the Cloud - Make it Easy, Make it SafeAutomating Security for the Cloud - Make it Easy, Make it Safe
Automating Security for the Cloud - Make it Easy, Make it Safe
 

Recently uploaded

Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
Zilliz
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
danishmna97
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Malak Abu Hammad
 
Skybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoptionSkybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoption
Tatiana Kojar
 
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Speck&Tech
 
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing InstancesEnergy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Alpen-Adria-Universität
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
名前 です男
 
Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERPBest 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
Pixlogix Infotech
 
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptxOcean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
SitimaJohn
 
GenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizationsGenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizations
kumardaparthi1024
 
OpenID AuthZEN Interop Read Out - Authorization
OpenID AuthZEN Interop Read Out - AuthorizationOpenID AuthZEN Interop Read Out - Authorization
OpenID AuthZEN Interop Read Out - Authorization
David Brossard
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
panagenda
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
Zilliz
 
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
Jason Packer
 
5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides
DanBrown980551
 
WeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation TechniquesWeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation Techniques
Postman
 
Serial Arm Control in Real Time Presentation
Serial Arm Control in Real Time PresentationSerial Arm Control in Real Time Presentation
Serial Arm Control in Real Time Presentation
tolgahangng
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Safe Software
 
Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and MilvusGenerating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
Zilliz
 
Digital Marketing Trends in 2024 | Guide for Staying Ahead
Digital Marketing Trends in 2024 | Guide for Staying AheadDigital Marketing Trends in 2024 | Guide for Staying Ahead
Digital Marketing Trends in 2024 | Guide for Staying Ahead
Wask
 

Recently uploaded (20)

Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
 
Skybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoptionSkybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoption
 
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
 
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing InstancesEnergy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
 
Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERPBest 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
 
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptxOcean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
 
GenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizationsGenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizations
 
OpenID AuthZEN Interop Read Out - Authorization
OpenID AuthZEN Interop Read Out - AuthorizationOpenID AuthZEN Interop Read Out - Authorization
OpenID AuthZEN Interop Read Out - Authorization
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
 
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
 
5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides
 
WeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation TechniquesWeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation Techniques
 
Serial Arm Control in Real Time Presentation
Serial Arm Control in Real Time PresentationSerial Arm Control in Real Time Presentation
Serial Arm Control in Real Time Presentation
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
 
Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and MilvusGenerating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
 
Digital Marketing Trends in 2024 | Guide for Staying Ahead
Digital Marketing Trends in 2024 | Guide for Staying AheadDigital Marketing Trends in 2024 | Guide for Staying Ahead
Digital Marketing Trends in 2024 | Guide for Staying Ahead
 

Halo Installfest Slides

  • 1. CloudPassage Halo Installfest 1
  • 2. Quick Intro • Thanks for coming out! • Enjoy the free food ☺ • Focus on security issues with IaaS cloud • Interweave that with installing Halo • We’re here to help! – Ask questions – Staff will be handy if you need us – Any and all feedback greatly appreciated CloudPassage Halo Installfest 2
  • 3. Where Can I Get These Slides? community.cloudpassage.com CloudPassage Halo Installfest 3
  • 4. Tonight’s Focus • Infrastructure as a Service (IaaS) – Can apply to PaaS and SaaS from a provider’s perspective • Mostly geared to public cloud – Although applicable to private • Tenant security concerns – We’ll skip physical security CloudPassage Halo Installfest 4
  • 5. What You Need For The Labs • Laptop or tablet • Root equiv access to a Linux VM – Local or public is fine – Spin up now if needed • Internet access – Wifi settings: As Posted CloudPassage Halo Installfest 5
  • 6. Houston… We Have a Problem All network security benefits Lost in migration: • Firewall – Filter port level access • Firewall – Control rootkit transfer • Proxy – Control app level data • NIDS – Inspect stream for attacks • Sniffer – Audit trail of network traffic CloudPassage Halo Installfest 6
  • 7. Delineation of Responsibility IaaS PaaS SaaS Interface Interface Interface Application Application Application Solution Stack Solution Stack Solution Stack Tenant Operating System Operating System Operating System Hypervisor Hypervisor Hypervisor Provider Compute & Storage Compute & Storage Compute & Storage Network Network Network Facility Facility Facility CloudPassage Halo Installfest 7
  • 8. What Are My Options? CloudPassage Halo Installfest 8
  • 9. Issues to Address • No firewall control • Vulnerability management • Provider image may not meet corporate standards – Configuration settings – Accounts • Detect intrusions CloudPassage Halo Installfest 9
  • 10. Extending The LAN Into The Cloud CloudPassage Halo Installfest 10
  • 11. LAN Extended Challenges • Increases load on corporate link – Today we’re mobile – Limits public cloud scaling • Increase load on perimeter infrastructure • Negates network benefits – Provider load balancing – Multi-peer points – Geo-location DNS – Higher latency • No protection within virtual infrastructure CloudPassage Halo Installfest 11
  • 12. Virtual Appliance Management CloudPassage Halo Installfest 12
  • 13. Virtual Appliance Architecture CloudPassage Halo Installfest 13
  • 14. What About Introspection? • Hypervisor based security – Has visibility into all VMs • Single point of control – For a specific hypervisor deployment • Public - Do you want other tenants to have access to your hypervisor? • Do you want your provider to have non- auditable access to your VMs? • Can break segregation of duties CloudPassage Halo Installfest 14
  • 15. Host-Based Architecture Consistent architecture (and risk abatement) regardless of deployment CloudPassage Halo Installfest 15
  • 16. Why Host Based Firewalls? • Tenant controlled – Provider gains no additional access • Mitigate potential risks from vswitch or VLANs • Supported across all cloud infrastructures – Consistent management regardless of deployment • Security Is portable with the VM • This is the model supported by Halo CloudPassage Halo Installfest 16
  • 17. Why restrict Admin Ports? Dshield.org data Green = # of IPs looking for open SSH ports Red = # of IPs hit by SSH scan CloudPassage Halo Installfest 17
  • 18. Halo Firewall Interface Cloak the port till these users authenticate CloudPassage Halo Installfest 18
  • 19. Issues to Address • No firewall control • Vulnerability management • Provider image may not meet corporate standards – Configuration settings – Accounts • Detect intrusions CloudPassage Halo Installfest 19
  • 20. Image Deployment • Provider images usually not patched • Some 3rd party images are pre-patched – To the time of the image's release – Which 3rd parties can you trust? • Auto-patching usually disabled • Some known vulnerabilities may not yet be patched – But it may be possible to mitigate risk is known CloudPassage Halo Installfest 20
  • 21. Vulnerability Wire Testing • Some providers have restrictions – May be limited by terms of service – May be limited to specific products • Targeting concerns – What if your IP’s are not continuous? – What if the IP changes? • Does not detect local exploits CloudPassage Halo Installfest 21
  • 22. Host Based Vulnerability Checking • Validate compliances within the VM itself • Can check remote and local vulnerabilities • Typically lower cost to deploy – Less billable utilization • Can false negative if patch not loaded – Kernel updates • This is the model Halo uses CloudPassage Halo Installfest 22
  • 23. Halo Software Risks CloudPassage Halo Installfest 23
  • 24. Issues to Address • No firewall control • Vulnerability management • Provider image may not meet corporate standards – Configuration settings – Accounts • Detect intrusions CloudPassage Halo Installfest 24
  • 25. Configuration Settings • Are only required processes running? – Are they securely configured? • Is password aging enforced? • Is root permitted direct SSH access? • Proper permissions on critical files? • Is sudo or wheel properly configured? • Any changes since deployment? CloudPassage Halo Installfest 25
  • 26. Creating A Halo Check CloudPassage Halo Installfest 26
  • 27. Halo Check Results CloudPassage Halo Installfest 27
  • 28. System Accounts • What accounts are on the system? • Did the provider modify the default accounts? – ec2-user • Which accounts have root level access? • Who has accounts on which servers? • How do you add/delete accounts for many servers simultaneously? CloudPassage Halo Installfest 28
  • 29. Halo Server Access CloudPassage Halo Installfest 29
  • 30. Expanded Details CloudPassage Halo Installfest 30
  • 31. Issues to Address • No firewall control • Vulnerability management • Provider image may not meet corporate standards – Configuration settings – Accounts • Detect intrusions CloudPassage Halo Installfest 31
  • 32. Clues To An Attack • Some file changes indicate a compromise • Static Web server files • /etc/passwd has new account • /etc/sudoers has new entries • ssh_known_hosts has new entries • authorized_keys has new entries • Halo uses SHA-256 to detect changes CloudPassage Halo Installfest 32
  • 33. Define Files to Check CloudPassage Halo Installfest 33
  • 34. Halo FIM Reporting CloudPassage Halo Installfest 34
  • 37. Lab Time Let’s Install Halo! CloudPassage Halo Installfest 37
  • 38. Start Here to Create an Account CloudPassage Halo Installfest 38