SlideShare uma empresa Scribd logo

Standing on the clouds

Claudio Criscione
Claudio Criscione

The presentation I gave at SyScan 10 Singapore on Private Cloud Security in integral form excluding the exploit videos, outlining the security deltas between "classical" virtualization and private cloud security.

TecnologiaNegócios
1 de 34
A journey in Private Cloud Security Claudio Criscione - @paradoxengine SyScan 10
/me Claudio Criscione
There are a lot of clouds very Fluffy Clouds…
...And less fluffy
A Taxonomy of clouds Cloud by the book - NIST On-demand self-service Broad network access Resource pooling Rapid elasticity Measured Service Public Community Hybrid Private IaaS PaaS SaaS On-Premise Off-Premise
Who plays the game? XEN – XenCloud VMware [And the VMware Express players] Ubuntu – Eucalyptus Red Hat – DeltaCloud, RHVM Amazon – Virtual Private Cloud … and many others
The Road to the Clouds Market and the technology are both moving toward cloud oriented architectures Your (new) datacenter is (will be) cloud based The build that syndrome
Quick, go!
A trojan horse Private Clouds are the “Trojan horse” of the Cloud Industry It’s just like standard virtualization! In the meantime, you get used to those small deltas…
Security Deltas Management Semantics Integration Network
Management The “Old Virtualization” Way ,[object Object],[object Object],[object Object],[object Object],The Private Cloud Way ,[object Object],[object Object]
Blackberry strikes back Last year this guy was managing his XEN farm using a bugged Web Interface with his Blackberry Now the Blackberry is back on Xen Cloud Platform!
By the way… introducing VASTO The Virtualization ASsessment TOolkit It is an “exploit pack” for Metasploit focusing on virtualization security. Announcing Beta 0.2 SyScan10 Edition VASTO now knows some cloud tricks
Shortcuts Demo Time - 1
Security Deltas Management Semantics Integration Network
Integration Private cloud vendors push for integration with them “ Stock” virtual machines Management tools Updates This way they can make your cloud feel part of a common Sky. However, they should do it securely!
Eating the eucalyptus Demo Time - 2
Security Deltas Management Semantics Integration Network
Network ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Security Deltas Management Semantics Integration Network
Semantic of the cloud The Holy Roman Emperor Charles V was once asked which languages he typically used. "I speak Spanish to God," he explained, "Italian to women, French to men - and German to my horse.“ If you want to make it happen, you have to be able to state that what-the-cloud-undestands = what-the-cloud-can-do
Cloud Paradigm Thou shall not bypass the interface.
Security labeling We know that “escape from the VM attacks” will happen again To mitigate, we can define “zones” Even if virtualization solutions won’t let us do “host tagging”, admins can do it anyway. Not with Private cloud computing!
A possible solution Stating Security Requirements
Who has it, who has not Cloud Solution Version tested Result Eucalyptus 1.6.2 None DeltaCloud Portal 0.1.1 Could be RHEV NA – Public APIs None Abiquo 1.5 None XEN Cloud Platform 0.1.1 None Amazon Virtual Private Cloud NA – March None (redundancy) VMware vCloud Express NA – March None Svirt-LibVirt Library source Partial OpenNebula [Haizea] 1.0 Could be
“ The limits of your language are the limits of your world ” - Ludwig Wittgenstein
Time to make a stand As “the security community” it’s our role to make sure that new technologies are not simply taken for granted without a security debate. Private Cloud is a great risk and a great opportunity We need to make our voice heard!
 
Off-Premise solutions have to provide Trust and Security DO THEY?
Hate the Sin not the Sinner They’re not running in debug mode, are they?
Hate the Sin not the Sinner HTTP/1.1 200 OK Server: Apache/2.2.14 (Unix) mod_ssl/2.2.14 OpenSSL/0.9.8g mod_wsgi/2.6 Python/2.6.2 Vary: Accept-Language,Cookie,Accept-Encoding Expires: -1 Content-Language: en Pragma: no-cache Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=utf-8 Content-Length: 114 [["0", ["7810", “$ANYUSERNAME", "COMPLETED", "updateThumbs", "Task completed successfully", "2010/03/22 17:03:35"]]] What is everyone doing?
(re)Think about your Cloud strategy You need one! Check security of outsourcer Make your voice heard!
 
Claudio Criscione [email_address] Twitter @paradoxengine VASTO’s home is at nibblesec.org

Recomendados

CloudSec , don't forget Security in the Cloud !
CloudSec , don't forget Security in the Cloud !CloudSec , don't forget Security in the Cloud !
CloudSec , don't forget Security in the Cloud !
Kris Buytaert
 
Virtualizing the Cloud! NOW!
Virtualizing the Cloud! NOW!Virtualizing the Cloud! NOW!
Virtualizing the Cloud! NOW!
Marian Marinov
 
Cloud party 2014 - Deploy your infrastructure with Saltstack - Salt Cloud wit...
Cloud party 2014 - Deploy your infrastructure with Saltstack - Salt Cloud wit...Cloud party 2014 - Deploy your infrastructure with Saltstack - Salt Cloud wit...
Cloud party 2014 - Deploy your infrastructure with Saltstack - Salt Cloud wit...
Corley S.r.l.
 
In Cloud We Trust
In Cloud We TrustIn Cloud We Trust
In Cloud We Trust
Andy Harjanto
 
The weather ahead: Clouds
The weather ahead: CloudsThe weather ahead: Clouds
The weather ahead: Clouds
zoopster
 
Introduction to Spinnaker – Global Continuous Delivery
Introduction to Spinnaker – Global Continuous DeliveryIntroduction to Spinnaker – Global Continuous Delivery
Introduction to Spinnaker – Global Continuous Delivery
TO THE NEW Pvt. Ltd.
 
Real Security in a Virtual Environment
Real Security in a Virtual EnvironmentReal Security in a Virtual Environment
Real Security in a Virtual Environment
Mattias Geniar
 
N cryptedcloud
N cryptedcloudN cryptedcloud
N cryptedcloud
davish107
 

Recomendados

CloudSec , don't forget Security in the Cloud !
CloudSec , don't forget Security in the Cloud !CloudSec , don't forget Security in the Cloud !
CloudSec , don't forget Security in the Cloud !
Kris Buytaert
 
Virtualizing the Cloud! NOW!
Virtualizing the Cloud! NOW!Virtualizing the Cloud! NOW!
Virtualizing the Cloud! NOW!
Marian Marinov
 
Cloud party 2014 - Deploy your infrastructure with Saltstack - Salt Cloud wit...
Cloud party 2014 - Deploy your infrastructure with Saltstack - Salt Cloud wit...Cloud party 2014 - Deploy your infrastructure with Saltstack - Salt Cloud wit...
Cloud party 2014 - Deploy your infrastructure with Saltstack - Salt Cloud wit...
Corley S.r.l.
 
In Cloud We Trust
In Cloud We TrustIn Cloud We Trust
In Cloud We Trust
Andy Harjanto
 
The weather ahead: Clouds
The weather ahead: CloudsThe weather ahead: Clouds
The weather ahead: Clouds
zoopster
 
Introduction to Spinnaker – Global Continuous Delivery
Introduction to Spinnaker – Global Continuous DeliveryIntroduction to Spinnaker – Global Continuous Delivery
Introduction to Spinnaker – Global Continuous Delivery
TO THE NEW Pvt. Ltd.
 
Real Security in a Virtual Environment
Real Security in a Virtual EnvironmentReal Security in a Virtual Environment
Real Security in a Virtual Environment
Mattias Geniar
 
N cryptedcloud
N cryptedcloudN cryptedcloud
N cryptedcloud
davish107
 
Newt191 final project
Newt191 final projectNewt191 final project
Newt191 final project
BrianCooper73
 
Cloud computing- Introduction
Cloud computing- IntroductionCloud computing- Introduction
Cloud computing- Introduction
stevaaa
 
OSS Presentation by Stefano Maffulli
OSS Presentation by Stefano MaffulliOSS Presentation by Stefano Maffulli
OSS Presentation by Stefano Maffulli
OpenStorageSummit
 
The missing piece : when Docker networking and services finally unleashes so...
The missing piece : when Docker networking and services finally unleashes so... The missing piece : when Docker networking and services finally unleashes so...
The missing piece : when Docker networking and services finally unleashes so...
Adrien Blind
 
Top 10 Encryption Myths
Top 10 Encryption MythsTop 10 Encryption Myths
Top 10 Encryption Myths
HighCloud Security
 
FVCP 20191113
FVCP 20191113FVCP 20191113
FVCP 20191113
Lorin Olsen
 
Meetup Docker : From Zero to Hero
Meetup Docker : From Zero to HeroMeetup Docker : From Zero to Hero
Meetup Docker : From Zero to Hero
Laurent Grangeau
 
Web Werks Cloud Hosting FAQ
Web Werks Cloud Hosting FAQWeb Werks Cloud Hosting FAQ
Web Werks Cloud Hosting FAQ
Web Werks Data Centers
 
Zero to Nova: A VMware Admin's Month of Openstack
Zero to Nova: A VMware Admin's Month of OpenstackZero to Nova: A VMware Admin's Month of Openstack
Zero to Nova: A VMware Admin's Month of Openstack
Thom Greene
 
Enhance Virtual Machine Security in OpenStack Using Suricata IPS
Enhance Virtual Machine Security in OpenStack Using Suricata IPSEnhance Virtual Machine Security in OpenStack Using Suricata IPS
Enhance Virtual Machine Security in OpenStack Using Suricata IPS
Shila044184
 
Lessons Learned from an early Multi-Cloud journey
Lessons Learned from an early Multi-Cloud journeyLessons Learned from an early Multi-Cloud journey
Lessons Learned from an early Multi-Cloud journey
Hardway Hou
 
Journey to the cloud
Journey to the cloudJourney to the cloud
Journey to the cloud
Chris Avis
 
Data Centre Evolution: Securing Your Journey to the Cloud
Data Centre Evolution: Securing Your Journey to the CloudData Centre Evolution: Securing Your Journey to the Cloud
Data Centre Evolution: Securing Your Journey to the Cloud
Trend Micro (EMEA) Limited
 
soCloud: distributed multi-cloud platform for deploying, executing and managi...
soCloud: distributed multi-cloud platform for deploying, executing and managi...soCloud: distributed multi-cloud platform for deploying, executing and managi...
soCloud: distributed multi-cloud platform for deploying, executing and managi...
Fawaz Fernand PARAISO
 
Virtually Pwned
Virtually PwnedVirtually Pwned
Virtually Pwned
Claudio Criscione
 
[1] DOCTOR BOVE - HOME STAGING PROJECT - MARCH 2017
[1] DOCTOR BOVE - HOME STAGING PROJECT - MARCH 2017 [1] DOCTOR BOVE - HOME STAGING PROJECT - MARCH 2017
[1] DOCTOR BOVE - HOME STAGING PROJECT - MARCH 2017
Carolina Ruiz Amo
 
"INSTRUMENTOS FINANCIEROS PARA EMPRENDEDORES/AS"
"INSTRUMENTOS FINANCIEROS PARA EMPRENDEDORES/AS""INSTRUMENTOS FINANCIEROS PARA EMPRENDEDORES/AS"
"INSTRUMENTOS FINANCIEROS PARA EMPRENDEDORES/AS"
Carolina Ruiz Amo
 
Philip Hung Cao - Cloud security, the journey has begun
Philip Hung Cao - Cloud security, the journey has begunPhilip Hung Cao - Cloud security, the journey has begun
Philip Hung Cao - Cloud security, the journey has begun
Security Bootcamp
 
Security & Privacy in Cloud Computing
Security & Privacy in Cloud ComputingSecurity & Privacy in Cloud Computing
Security & Privacy in Cloud Computing
John D. Johnson
 
Privacy and security in the cloud Challenges and solutions for our future inf...
Privacy and security in the cloud Challenges and solutions for our future inf...Privacy and security in the cloud Challenges and solutions for our future inf...
Privacy and security in the cloud Challenges and solutions for our future inf...
PRISMACLOUD Project
 
EL SUMO PONTIFICE ROMANO
EL SUMO PONTIFICE ROMANOEL SUMO PONTIFICE ROMANO
EL SUMO PONTIFICE ROMANO
Franc.J. Vasquez.M
 
Controladores de tensión AC
Controladores de tensión ACControladores de tensión AC
Controladores de tensión AC
David Sanchez Tomaselli
 

Mais conteúdo relacionado

Mais procurados

OSS Presentation by Stefano Maffulli
OSS Presentation by Stefano MaffulliOSS Presentation by Stefano Maffulli
OSS Presentation by Stefano Maffulli
OpenStorageSummit
 
The missing piece : when Docker networking and services finally unleashes so...
The missing piece : when Docker networking and services finally unleashes so... The missing piece : when Docker networking and services finally unleashes so...
The missing piece : when Docker networking and services finally unleashes so...
Adrien Blind
 
FVCP 20191113
FVCP 20191113FVCP 20191113
FVCP 20191113
Lorin Olsen
 

Mais procurados (10)

Newt191 final project
Newt191 final projectNewt191 final project
Newt191 final project
 
Cloud computing- Introduction
Cloud computing- IntroductionCloud computing- Introduction
Cloud computing- Introduction
 
OSS Presentation by Stefano Maffulli
OSS Presentation by Stefano MaffulliOSS Presentation by Stefano Maffulli
OSS Presentation by Stefano Maffulli
 
The missing piece : when Docker networking and services finally unleashes so...
The missing piece : when Docker networking and services finally unleashes so... The missing piece : when Docker networking and services finally unleashes so...
The missing piece : when Docker networking and services finally unleashes so...
 
Top 10 Encryption Myths
Top 10 Encryption MythsTop 10 Encryption Myths
Top 10 Encryption Myths
 
FVCP 20191113
FVCP 20191113FVCP 20191113
FVCP 20191113
 
Meetup Docker : From Zero to Hero
Meetup Docker : From Zero to HeroMeetup Docker : From Zero to Hero
Meetup Docker : From Zero to Hero
 
Web Werks Cloud Hosting FAQ
Web Werks Cloud Hosting FAQWeb Werks Cloud Hosting FAQ
Web Werks Cloud Hosting FAQ
 
Zero to Nova: A VMware Admin's Month of Openstack
Zero to Nova: A VMware Admin's Month of OpenstackZero to Nova: A VMware Admin's Month of Openstack
Zero to Nova: A VMware Admin's Month of Openstack
 
Enhance Virtual Machine Security in OpenStack Using Suricata IPS
Enhance Virtual Machine Security in OpenStack Using Suricata IPSEnhance Virtual Machine Security in OpenStack Using Suricata IPS
Enhance Virtual Machine Security in OpenStack Using Suricata IPS
 

Destaque

Journey to the cloud
Journey to the cloudJourney to the cloud
Journey to the cloud
Chris Avis
 
Data Centre Evolution: Securing Your Journey to the Cloud
Data Centre Evolution: Securing Your Journey to the CloudData Centre Evolution: Securing Your Journey to the Cloud
Data Centre Evolution: Securing Your Journey to the Cloud
Trend Micro (EMEA) Limited
 
soCloud: distributed multi-cloud platform for deploying, executing and managi...
soCloud: distributed multi-cloud platform for deploying, executing and managi...soCloud: distributed multi-cloud platform for deploying, executing and managi...
soCloud: distributed multi-cloud platform for deploying, executing and managi...
Fawaz Fernand PARAISO
 
Security: Enabling the Journey to the Cloud
Security: Enabling the Journey to the CloudSecurity: Enabling the Journey to the Cloud
Security: Enabling the Journey to the Cloud
Capgemini
 

Destaque (20)

Lessons Learned from an early Multi-Cloud journey
Lessons Learned from an early Multi-Cloud journeyLessons Learned from an early Multi-Cloud journey
Lessons Learned from an early Multi-Cloud journey
 
Journey to the cloud
Journey to the cloudJourney to the cloud
Journey to the cloud
 
Data Centre Evolution: Securing Your Journey to the Cloud
Data Centre Evolution: Securing Your Journey to the CloudData Centre Evolution: Securing Your Journey to the Cloud
Data Centre Evolution: Securing Your Journey to the Cloud
 
soCloud: distributed multi-cloud platform for deploying, executing and managi...
soCloud: distributed multi-cloud platform for deploying, executing and managi...soCloud: distributed multi-cloud platform for deploying, executing and managi...
soCloud: distributed multi-cloud platform for deploying, executing and managi...
 
Virtually Pwned
Virtually PwnedVirtually Pwned
Virtually Pwned
 
[1] DOCTOR BOVE - HOME STAGING PROJECT - MARCH 2017
[1] DOCTOR BOVE - HOME STAGING PROJECT - MARCH 2017 [1] DOCTOR BOVE - HOME STAGING PROJECT - MARCH 2017
[1] DOCTOR BOVE - HOME STAGING PROJECT - MARCH 2017
 
"INSTRUMENTOS FINANCIEROS PARA EMPRENDEDORES/AS"
"INSTRUMENTOS FINANCIEROS PARA EMPRENDEDORES/AS""INSTRUMENTOS FINANCIEROS PARA EMPRENDEDORES/AS"
"INSTRUMENTOS FINANCIEROS PARA EMPRENDEDORES/AS"
 
Philip Hung Cao - Cloud security, the journey has begun
Philip Hung Cao - Cloud security, the journey has begunPhilip Hung Cao - Cloud security, the journey has begun
Philip Hung Cao - Cloud security, the journey has begun
 
Security & Privacy in Cloud Computing
Security & Privacy in Cloud ComputingSecurity & Privacy in Cloud Computing
Security & Privacy in Cloud Computing
 
Privacy and security in the cloud Challenges and solutions for our future inf...
Privacy and security in the cloud Challenges and solutions for our future inf...Privacy and security in the cloud Challenges and solutions for our future inf...
Privacy and security in the cloud Challenges and solutions for our future inf...
 
EL SUMO PONTIFICE ROMANO
EL SUMO PONTIFICE ROMANOEL SUMO PONTIFICE ROMANO
EL SUMO PONTIFICE ROMANO
 
Controladores de tensión AC
Controladores de tensión ACControladores de tensión AC
Controladores de tensión AC
 
135140 9th line
135140 9th line 135140 9th line
135140 9th line
 
Como hacer un libro
Como hacer un libroComo hacer un libro
Como hacer un libro
 
897 concession 10 & 11 cochrane
897 concession 10 & 11 cochrane897 concession 10 & 11 cochrane
897 concession 10 & 11 cochrane
 
Book presentation URBAN OASIS - DIARIO DE JEREZ
Book presentation URBAN OASIS - DIARIO DE JEREZ Book presentation URBAN OASIS - DIARIO DE JEREZ
Book presentation URBAN OASIS - DIARIO DE JEREZ
 
Journey to the Cloud, Hype or Opportunity
Journey to the Cloud, Hype or OpportunityJourney to the Cloud, Hype or Opportunity
Journey to the Cloud, Hype or Opportunity
 
Dimension Data – Enabling the Journey to the Cloud: Real Examples
Dimension Data – Enabling the Journey to the Cloud: Real ExamplesDimension Data – Enabling the Journey to the Cloud: Real Examples
Dimension Data – Enabling the Journey to the Cloud: Real Examples
 
результаты деятельности доо
результаты деятельности доорезультаты деятельности доо
результаты деятельности доо
 
Security: Enabling the Journey to the Cloud
Security: Enabling the Journey to the CloudSecurity: Enabling the Journey to the Cloud
Security: Enabling the Journey to the Cloud
 

Semelhante a Standing on the clouds

OpenCms Days 2012 - OpenCms on open clouds
OpenCms Days 2012 - OpenCms on open cloudsOpenCms Days 2012 - OpenCms on open clouds
OpenCms Days 2012 - OpenCms on open clouds
Alkacon Software GmbH & Co. KG
 
The Future of IT
The Future of ITThe Future of IT
The Future of IT
Simon May
 
Virtualization Techniques & Cloud Compting
Virtualization Techniques & Cloud ComptingVirtualization Techniques & Cloud Compting
Virtualization Techniques & Cloud Compting
Ahmed Mekkawy
 

Semelhante a Standing on the clouds (20)

Why the cloud is more secure than your existing systems
Why the cloud is more secure than your existing systemsWhy the cloud is more secure than your existing systems
Why the cloud is more secure than your existing systems
 
[Confidence0902] The Glass Cage - Virtualization Security
[Confidence0902] The Glass Cage - Virtualization Security[Confidence0902] The Glass Cage - Virtualization Security
[Confidence0902] The Glass Cage - Virtualization Security
 
Shmoocon 2013 - OpenStack Security Brief
Shmoocon 2013 - OpenStack Security BriefShmoocon 2013 - OpenStack Security Brief
Shmoocon 2013 - OpenStack Security Brief
 
OpenStack - Security Professionals Information Exchange
OpenStack - Security Professionals Information ExchangeOpenStack - Security Professionals Information Exchange
OpenStack - Security Professionals Information Exchange
 
Weave User Group Talk - DockerCon 2017 Recap
Weave User Group Talk - DockerCon 2017 RecapWeave User Group Talk - DockerCon 2017 Recap
Weave User Group Talk - DockerCon 2017 Recap
 
A Cloud Security Ghost Story Craig Balding
A Cloud Security Ghost Story Craig BaldingA Cloud Security Ghost Story Craig Balding
A Cloud Security Ghost Story Craig Balding
 
OpenCms Days 2012 - OpenCms on open clouds
OpenCms Days 2012 - OpenCms on open cloudsOpenCms Days 2012 - OpenCms on open clouds
OpenCms Days 2012 - OpenCms on open clouds
 
Keynote at Gluecon 2011 by Marten Mickos, CEO, Eucalyptus Systems
Keynote at Gluecon 2011 by Marten Mickos, CEO, Eucalyptus SystemsKeynote at Gluecon 2011 by Marten Mickos, CEO, Eucalyptus Systems
Keynote at Gluecon 2011 by Marten Mickos, CEO, Eucalyptus Systems
 
The Good The Bad The Virtual
The Good The Bad The VirtualThe Good The Bad The Virtual
The Good The Bad The Virtual
 
How to Think Multi-Cloud
How to Think Multi-CloudHow to Think Multi-Cloud
How to Think Multi-Cloud
 
VirtSec, and the Open Source impact
VirtSec, and the Open Source impactVirtSec, and the Open Source impact
VirtSec, and the Open Source impact
 
Cloud Computing Platform-CloudStack
Cloud Computing Platform-CloudStackCloud Computing Platform-CloudStack
Cloud Computing Platform-CloudStack
 
Confraria Security 17 June - Cloud Security
Confraria Security 17 June - Cloud SecurityConfraria Security 17 June - Cloud Security
Confraria Security 17 June - Cloud Security
 
The Enterprise Cloud
The Enterprise CloudThe Enterprise Cloud
The Enterprise Cloud
 
Future of Cloud is Open John Engates Rackspace
Future of Cloud is Open John Engates RackspaceFuture of Cloud is Open John Engates Rackspace
Future of Cloud is Open John Engates Rackspace
 
The Future of IT
The Future of ITThe Future of IT
The Future of IT
 
Hybrid Cloud and Hyper Cloud
Hybrid Cloud and Hyper CloudHybrid Cloud and Hyper Cloud
Hybrid Cloud and Hyper Cloud
 
Enterprise-Ready Private and Hybrid Cloud Computing Today
Enterprise-Ready Private and Hybrid Cloud Computing TodayEnterprise-Ready Private and Hybrid Cloud Computing Today
Enterprise-Ready Private and Hybrid Cloud Computing Today
 
TLS Interception considered harmful (Chaos Communication Camp 2015)
TLS Interception considered harmful (Chaos Communication Camp 2015)TLS Interception considered harmful (Chaos Communication Camp 2015)
TLS Interception considered harmful (Chaos Communication Camp 2015)
 
Virtualization Techniques & Cloud Compting
Virtualization Techniques & Cloud ComptingVirtualization Techniques & Cloud Compting
Virtualization Techniques & Cloud Compting
 

Último

Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
Overkill Security
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
Overkill Security
 

Último (20)

Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 

Standing on the clouds

  • 1. A journey in Private Cloud Security Claudio Criscione - @paradoxengine SyScan 10
  • 3. There are a lot of clouds very Fluffy Clouds…
  • 5. A Taxonomy of clouds Cloud by the book - NIST On-demand self-service Broad network access Resource pooling Rapid elasticity Measured Service Public Community Hybrid Private IaaS PaaS SaaS On-Premise Off-Premise
  • 6. Who plays the game? XEN – XenCloud VMware [And the VMware Express players] Ubuntu – Eucalyptus Red Hat – DeltaCloud, RHVM Amazon – Virtual Private Cloud … and many others
  • 7. The Road to the Clouds Market and the technology are both moving toward cloud oriented architectures Your (new) datacenter is (will be) cloud based The build that syndrome
  • 9. A trojan horse Private Clouds are the “Trojan horse” of the Cloud Industry It’s just like standard virtualization! In the meantime, you get used to those small deltas…
  • 10. Security Deltas Management Semantics Integration Network
  • 11.
  • 12. Blackberry strikes back Last year this guy was managing his XEN farm using a bugged Web Interface with his Blackberry Now the Blackberry is back on Xen Cloud Platform!
  • 13. By the way… introducing VASTO The Virtualization ASsessment TOolkit It is an “exploit pack” for Metasploit focusing on virtualization security. Announcing Beta 0.2 SyScan10 Edition VASTO now knows some cloud tricks
  • 15. Security Deltas Management Semantics Integration Network
  • 16. Integration Private cloud vendors push for integration with them “ Stock” virtual machines Management tools Updates This way they can make your cloud feel part of a common Sky. However, they should do it securely!
  • 17. Eating the eucalyptus Demo Time - 2
  • 18. Security Deltas Management Semantics Integration Network
  • 19.
  • 20. Security Deltas Management Semantics Integration Network
  • 21. Semantic of the cloud The Holy Roman Emperor Charles V was once asked which languages he typically used. "I speak Spanish to God," he explained, "Italian to women, French to men - and German to my horse.“ If you want to make it happen, you have to be able to state that what-the-cloud-undestands = what-the-cloud-can-do
  • 22. Cloud Paradigm Thou shall not bypass the interface.
  • 23. Security labeling We know that “escape from the VM attacks” will happen again To mitigate, we can define “zones” Even if virtualization solutions won’t let us do “host tagging”, admins can do it anyway. Not with Private cloud computing!
  • 24. A possible solution Stating Security Requirements
  • 25. Who has it, who has not Cloud Solution Version tested Result Eucalyptus 1.6.2 None DeltaCloud Portal 0.1.1 Could be RHEV NA – Public APIs None Abiquo 1.5 None XEN Cloud Platform 0.1.1 None Amazon Virtual Private Cloud NA – March None (redundancy) VMware vCloud Express NA – March None Svirt-LibVirt Library source Partial OpenNebula [Haizea] 1.0 Could be
  • 26. The limits of your language are the limits of your world ” - Ludwig Wittgenstein
  • 27. Time to make a stand As “the security community” it’s our role to make sure that new technologies are not simply taken for granted without a security debate. Private Cloud is a great risk and a great opportunity We need to make our voice heard!
  • 28.  
  • 29. Off-Premise solutions have to provide Trust and Security DO THEY?
  • 30. Hate the Sin not the Sinner They’re not running in debug mode, are they?
  • 31. Hate the Sin not the Sinner HTTP/1.1 200 OK Server: Apache/2.2.14 (Unix) mod_ssl/2.2.14 OpenSSL/0.9.8g mod_wsgi/2.6 Python/2.6.2 Vary: Accept-Language,Cookie,Accept-Encoding Expires: -1 Content-Language: en Pragma: no-cache Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=utf-8 Content-Length: 114 [["0", ["7810", “$ANYUSERNAME", "COMPLETED", "updateThumbs", "Task completed successfully", "2010/03/22 17:03:35"]]] What is everyone doing?
  • 32. (re)Think about your Cloud strategy You need one! Check security of outsourcer Make your voice heard!
  • 33.  
  • 34. Claudio Criscione [email_address] Twitter @paradoxengine VASTO’s home is at nibblesec.org