real security in a virtual environment

Report

Tags:

Post on 23-Jun-2015

396 Views

Category:

Technology

3 Downloads

Preview:

Click to see full reader

DESCRIPTION

A general overview on the pitfalls in cloud security and everything that surrounds it.

TRANSCRIPT

Real Security in a Virtual EnvironmentBy Mattias GeniarSystem Engineer @Nucleus

Mattias Geniar

System Engineer at Nucleus(Cloud) Hosting provider

http://mattiasgeniar.be@mattiasgeniar

So ... Who am I?

root@mattias:~#

My comfort zone.

Not this.

Now what’s this about?

First: what is cloud computing?

Infrastructure-as-a-Service

Software-as-a-Service

Platform-as-a-Service

Hey dude, security?!

Preventing this cloud ...

From becoming this one.

Whatcha talking ‘bout fool?

Quote

Every security system that hasever been breached was oncethought infallible.

It’s about layers. Many layers.

A secure location.

With sufficient power.

And cooling.

That is secure.

But that’s just the bottom layer.

Don’t forget this.

How virtual is ‘virtual’?

The heart: storage.

Seperate network.

But in a good way.

Should it be encrypted?

On your storage itself?

Or within your VM?

Key management.

Redundant storage. Good x 2.

RAIDs

Have backups. Lots of them.

The kidneys: connectivity.

Walls of fire.

Subnet example

This is youIP: 10.0.0.100Subnet: 255.255.255.0Gateway: 10.0.0.1

This is evil meIP: 10.0.0.105Subnet: 255.255.255.0Gateway: 10.0.0.1

The firewall: 10.0.0.1

Firewall your firewall?

Secure connections.

Know what goes on.

Find intruders.

IDS & IPS

We like graphs. And IDS.

And boxes. With info.

Even when the cloud ‘moves’.

# diff ‘os-virt’ ‘hardware-virt’

Oh hai root.root@srv:~# hostnamesrv.domain.be

root@srv:~# vzlist --allCTID NPROC STATUS IP_ADDR HOSTNAME 101 74 running 10.0.2.1 topsecret-srv

root@srv:~# vzctl enter 101-bash-3.1# hostnametopsecret-srv.domain.be-bash-3.1# iduid=0(root) gid=0(root)

Who’s this?

Quote

The weakest link in any security system, is the person holding the information

Developers that care.

That don’t do stupid things.

With secure API’s.

And management.

No no. Real management.

Quote

Geeks don’t have interests.They have passions.

So. Layers you said?

Q & A

root@mattias:~# logout

Thank you.

Twitter: @mattiasgeniar www.nucleus.be Mail: m@ttias.be

top related

real security in a virtual environment by mattias geniar...
Documents
creating spatio-temporal contiguities between real and...
Documents
virtual it-systems in a gxp environment - gmp … ·...
Documents
wesketch: a 3d real time collaborative virtual environment...
Documents
squareland a virtual environment for investigating...
Documents
hp virtual server environment for hp-uxautomated, real-time
Documents
ac 2007-904: a virtual machine environment for real...
Documents
small group behaviour in a virtual and real environment: a
Documents
8086 emulation using virtual-8086 mode to execute real-mode...
Documents
virtual reality - cospaces · virtual reality, or vr, is a...
Documents
immersive virtual reality learning environment: …immersive...
Documents
interacting with dynamic real objects in a virtual...
Documents
from virtual demonstration to real-world manipulation...
Documents
designing and evaluating a workstation in real and virtual...
Documents
week 10 - university of oregon · virtual reality (vr) real...
Documents
stem exploratory real/virtual environment (ser/ve)
Education
manufacturing assembly simulations in virtual and ......
Documents
3d virtuality sketching: interactive 3d-sketching based on...
Documents
wesketch: a 3d real time collaborative virtual...
Documents
virtual reality gets real in healthcare - 365.himss.org ·...
Documents