This document provides an overview of OpenStack security best practices. It discusses the three pillars of security - confidentiality, integrity, and availability. It emphasizes building security using a "defense in depth" approach across all layers of the OSI model from physical to application. Specific recommendations include controlling system access, continuous monitoring, logging, and assuming breaches will occur so systems can be forensically analyzed without impacting other users. Automation and "chaos monkey" testing are presented as ways to strengthen security.

1. OpenStack SecurityA Primer

2. Me: Joshua McKentyTwitter: @jmckentyEmail: joshua@pistoncloud.comFormer Chief Architect, NASA NebulaFounding Member, OpenStackOpenStack Project Policy Board

3. “If you think technology can solve your security problems, then you don’t understand the problems and you don’t understand the technology.” – Bruce Schneier

5. The Three Pillars of Security

6. “Bonus” Security PillarForensics

7. Real SecurityAssume everything goes wrong, even impossible things.

8. FIPS 199 Definition:ConfidentialityIntegrityAvailabilityDefining Security

9. Defining Vulnerability

10. Build on “Shared Nothing” to achieve “Trust No One”Also known as “Defense in Depth”AUTOMATE EVERYTHING“Fat Fingers” == Plausible DeniabilityAutomated == non-repudiable change control Build to the OSI 7-layer model

11. Layer 1

12. Lock your doorsDo your background checksUse separate physical networks for adminNetwork model and managementUse RFC 1918 address space when appropriateUse VLANs if necessaryFirewall every machine (ebtables, iptables)Border firewalls (port and protocol level)Layer 1, 2 and 3

13. Never assume it’s bilateral

14. Control system accessBest case: no host-based shell access AT ALL.Second-best: federated AUTH with 2-factor, keys onlyWorstcase: Host-level root login with passwordsRun IDS – on hosts and guestsScan Continuously – hosts and guests, on all networksProactively defend – Fail2Ban, etc. ( F2B-a-a-S)Layer 4, 5, 6 and 7

15. Don't trust the hypervisor (TXT / TPM)Conversely, don't trust the VM (blue-pill exploits, etc.)Host-based FW within the VM (CloudPassage "Halo")Access-control for VMs – same approaches apply (Auth-as-a-Service)Layer ‘V’

16. “Proof” and PolicyIn God We Trust – All Others, Bring Data.

18. Classic best practices – redundant, off-site log serversLog aggregation and analysis / event detectionLogging-as-a-ServiceLog early, log often

19. Make and verify your assertions(Coming soon…)CloudAudit

20. Did you remember to delete his account?

21. Security Theatre“Given enough hand-waving, all systems are secure.”

23. Crypto is useless – if keys are stored with the dataPrivate networks are useless – if doors aren’t lockedCertification only proves that you’re doing, what you said you were going to do. You can still be wrong.Forget “Trust, but verify”. Just don’t trust.Don’t get confused!

24. Bonus: ForensicsIt’s not an “If” – it’s a “When”

25. Have a chaos-monkey of compromiseCan you perform forensics and remediation, without impacting other users of your cloud?Spanning ports and extra storage“Graveyard” for recently deleted images, instancesBonus Section: Forensics

26. What’s in the CloudPipe?“We can only see a short distance ahead, but we can see plenty there that needs to be done.” – Alan Turing

27. The MachineAka “Sneaky Monkey”Continuous Integration of penetration and vulnerability testing.

28. We’re doing “stuff”No… really.Hardening

29. Outfoxing the foxIntel is working with many companies within OpenStack, including Piston.Trusted Execution

30. Questions?

31. Matt Linton – Nebula CSOJesse Andrews – AnsoLabs FounderSoo Choi – 7120.7 NaziMatt Chew- Spence – FIPS 199 GuruKeith Shackleford and James WilliamsChris KempBobby Cates, Dave Swagger, E. Lopez, Grace De Leon, Guy with Gun #1, Guy with Gun #2…Credits