SlideShare a Scribd company logo

OpenNebulaConf 2013 - Top Ten Security Considerations when Setting up your OpenNebula Cloud by Nils Magnus

OpenNebula Project
OpenNebula Project

Creating new nodes in your cloud environment was never as easy. Just a few clicks away system engineers create new virtual machines, assign network environments for them and deploy software components. Viable security engineering has ever been a key task to ensure your data’s confidentiality, integrity, and availibity. While hardening your operating systems and wisely designing you applications, cloud computing introduced a new challenge for engineers who are responsible for security. A breach in the perimeters of one of your central components threatens the overall security of all systems in any environment. The talk discusses predominant attack patterns that system engineers and security officers should consider. The top 10 threats come together with practical suggestions to improve data center security in the cloud. Bio: Nils Magnus works as a senior system engineer at inovex GmbH, Germany and designs cloud infrastructure for data centers. In previous roles he wrote as a journalist for Linux Magazine and was senior consultant for high security environments. Nils also serves at the Board of Directory of LinuxTag Association. He speaks for 15+ years at conferences around the world on the advantages of free and open source software, as well as on cloud and security management issues.

TechnologySports
1 of 15
Download to read offline
Wir nutzen Technologien, um unsere Kunden glücklich zu machen. Und uns selbst. Security Considerations Securely Setting up your Open Nebula Cloud A top 10 Best Practise Guide OpenNebula Conf, September 25, 2013 in Berlin, Germany Nils Magnus inovex GmbH Senior System Engineer
25.09.13 Agenda and Preamble Protecting your Open Nebula Cloud I. Security is 90% architecture and 10% implementation. Apparently trivial suggestions form the base of your protection. II. Security is intrinsically understaffed. Management wants „quick wins“, team is looking to „get the job done“. Somehow. III. Security is not about checklists. If you are (or feel) responsible, you need to know your individual vulnerabilities. In this mode think like an attacker. Share my thoughts how to protect an Open Nebula cloud!
25.09.13 Security needs Ressources Don't underestimate the necessity of security. Assign proper ressources to adress this issue. Security is a costly investment in the future. It is a bargain compared to the loss of your main business processes. The possible damage scales to the same extend as your cloud itself.
25.09.13 Admin Account Protect access to the • ONE admin account, • the SunStone UI, and infrastructure. Once attackers gain unlawful access to your command bridge, your systems might be doomed. All of them.
25.09.13 VLAN Hopping Prevent VLAN hopping in the scope of your SDN and between physical hosts. Network virtualization with VLAN tagging comes very handy, but keep in mind that the very frames of all virtual segments may travel of a shared medium.
25.09.13 Environments Partition your cloud network segments into distinct security areas. Protect the different security environments and border them from each other. Actively separate maturity environments and different types of processed data.
25.09.13 Apply Classic Best Practises Anyway Despite in the cloud, nonetheless apply network security best practises like • firewalls, • intrusion detection, or • data leak prevention, based on the very requirements of your environment.
25.09.13 Host Protection Securing virtual machines is not enough. Make sure you also protect the access to all of your hosts, even if they are not designed to have users on them.
25.09.13 Key and User Management Set up a working SSH infrastructure and enforce it. Open Nebula heavily relies on a working and secured way to communicate with your hosts and virtual machines. Properly configured keys help both automating the system deployment process and restricting acess on a need-to-know basis.
25.09.13 Sensible Distrust Auto discovery and self registration to the inventory are powerful features that alleviate the system engineer's duties. But make sure that only known bare metal systems register into your cloud store and virtual ressources. Don't boot systems you don't have full control over.
25.09.13 Shared Storage Protect access to your shared storage. Several hosts have to access the images of all security environments. Rogue images injected in the right place might act as trojan horses in otherwise well-protected environments.
25.09.13 Availability Keep ressources in mind. One major advantage of virtualization is to share ressources like CPU or IO bandwidth. But some player in your cloud may or may not play fair. Those situations, both intended and unintended, threaten your availability. Enacting QoS measure could be helpful.
25.09.13 Wrap-up 1. assign proper ressources 2. protect your admin account 3. secure the networks 4. partition into environments 5. apply classic network security measures 6. protect your hosts 7. install a key infrastructure 8. authenticate all repositories 9. protect the shared storage 10. keep an eye on availability What did I say about lists, anyway?
25.09.13 Freedom is the brother of security. The great photos of this presentation are licensed under the free Creative Commons license (CC-BY SA) that allows use and redistribution (share alike) as long as you give proper attribution. A big thank you goes to: UCL Engineering for the chainmail: http://flickr.com/photos/uclengineering/6946862623 Jwalanta Shrestha for the multi lanes in Kathmandu: http://flickr.com/photos/jwalanta/4496289019/ Drgriz52 and the bears at the tent: http://flickr.com/photos/drbair_photography/3571049565/ Steve Tannock and his meadows of the Peak District: http://flickr.com/photos/stv/2586761094/ Chris McBrien for his photo of the blue keys: http://flickr.com/photos/cmcbrien/4715320000/ Sergio Morchon for the array of cannons: http://flickr.com/photos/smorchon/2951615532/ Simon Hooks for his shot of the Trojan Horse: http://flickr.com/photos/gogap/253649673/ Sam Greenhalgh took a photo of a rack in a data center: http://flickr.com/photos/80476901 Matt Peoples for the kegs: http://flickr.com/photos/leftymgp/7332282888/ Justin Ennis photographed the Swiss Guard in Rome: http://flickr.com/photos/averain/5307438963/ Schub@ took a photo a looking glass: http://flickr.com/photos/schubi74/5793584347 Maury Landsman for the applause: http://www.flickr.com/photos/mau3ry/3763640652 Sources and Acknowledgment
25.09.13 Thanks for listening! Questions? Contact Nils Magnus Senior System Engineer inovex GmbH Office Munich Valentin-Linhof-Str. 2 81829 Munich, Germany +49-173-3181-057 nils.magnus@inovex.de Agent L9 Oxycryocrypt

Recommended

Top Ten Security Considerations when Setting up your OpenNebula Cloud
Top Ten Security Considerations when Setting up your OpenNebula CloudTop Ten Security Considerations when Setting up your OpenNebula Cloud
Top Ten Security Considerations when Setting up your OpenNebula CloudNETWAYS
 
In Cloud We Trust
In Cloud We TrustIn Cloud We Trust
In Cloud We TrustAndy Harjanto
 
Real Security in a Virtual Environment
Real Security in a Virtual EnvironmentReal Security in a Virtual Environment
Real Security in a Virtual EnvironmentMattias Geniar
 
Surveillance Presentation
Surveillance PresentationSurveillance Presentation
Surveillance PresentationMichael Wieskamp
 
Ocra 2012
Ocra 2012Ocra 2012
Ocra 2012Margaret Mellinger
 
CLOUD STORAGE IS MUCH MORE SECURE THAN YOU THINK
CLOUD STORAGE IS MUCH MORE SECURE THAN YOU THINKCLOUD STORAGE IS MUCH MORE SECURE THAN YOU THINK
CLOUD STORAGE IS MUCH MORE SECURE THAN YOU THINKTyrone Systems
 
Top 6 Practices to Harden Docker Images to Enhance Security
Top 6 Practices to Harden Docker Images to Enhance SecurityTop 6 Practices to Harden Docker Images to Enhance Security
Top 6 Practices to Harden Docker Images to Enhance Security9 series
 
Make your OpenStack Cloud Self-Defending with VESPA!
Make your OpenStack Cloud Self-Defending with VESPA!Make your OpenStack Cloud Self-Defending with VESPA!
Make your OpenStack Cloud Self-Defending with VESPA!mlacostma
 

Recommended

Top Ten Security Considerations when Setting up your OpenNebula Cloud
Top Ten Security Considerations when Setting up your OpenNebula CloudTop Ten Security Considerations when Setting up your OpenNebula Cloud
Top Ten Security Considerations when Setting up your OpenNebula CloudNETWAYS
 
In Cloud We Trust
In Cloud We TrustIn Cloud We Trust
In Cloud We TrustAndy Harjanto
 
Real Security in a Virtual Environment
Real Security in a Virtual EnvironmentReal Security in a Virtual Environment
Real Security in a Virtual EnvironmentMattias Geniar
 
Surveillance Presentation
Surveillance PresentationSurveillance Presentation
Surveillance PresentationMichael Wieskamp
 
Ocra 2012
Ocra 2012Ocra 2012
Ocra 2012Margaret Mellinger
 
CLOUD STORAGE IS MUCH MORE SECURE THAN YOU THINK
CLOUD STORAGE IS MUCH MORE SECURE THAN YOU THINKCLOUD STORAGE IS MUCH MORE SECURE THAN YOU THINK
CLOUD STORAGE IS MUCH MORE SECURE THAN YOU THINKTyrone Systems
 
Top 6 Practices to Harden Docker Images to Enhance Security
Top 6 Practices to Harden Docker Images to Enhance SecurityTop 6 Practices to Harden Docker Images to Enhance Security
Top 6 Practices to Harden Docker Images to Enhance Security9 series
 
Make your OpenStack Cloud Self-Defending with VESPA!
Make your OpenStack Cloud Self-Defending with VESPA!Make your OpenStack Cloud Self-Defending with VESPA!
Make your OpenStack Cloud Self-Defending with VESPA!mlacostma
 
Enhance Virtual Machine Security in OpenStack Using Suricata IPS
Enhance Virtual Machine Security in OpenStack Using Suricata IPSEnhance Virtual Machine Security in OpenStack Using Suricata IPS
Enhance Virtual Machine Security in OpenStack Using Suricata IPSShila044184
 
Automated Security Hardening with OpenStack-Ansible
Automated Security Hardening with OpenStack-AnsibleAutomated Security Hardening with OpenStack-Ansible
Automated Security Hardening with OpenStack-AnsibleMajor Hayden
 
Real security in a virtual environment - Infosecurity 2011
Real security in a virtual environment - Infosecurity 2011Real security in a virtual environment - Infosecurity 2011
Real security in a virtual environment - Infosecurity 2011David Geens
 
AWS Security Ideas - re:Invent 2016
AWS Security Ideas - re:Invent 2016AWS Security Ideas - re:Invent 2016
AWS Security Ideas - re:Invent 2016Teri Radichel
 
Infographic: Whack Hackers Lightning Fast
Infographic: Whack Hackers Lightning FastInfographic: Whack Hackers Lightning Fast
Infographic: Whack Hackers Lightning FastJuniper Networks
 
vSRX Buyer’s Guide infographic - Juniper Networks
vSRX Buyer’s Guide infographic - Juniper Networks vSRX Buyer’s Guide infographic - Juniper Networks
vSRX Buyer’s Guide infographic - Juniper Networks Juniper Networks
 
[Confidence0902] The Glass Cage - Virtualization Security
[Confidence0902] The Glass Cage - Virtualization Security[Confidence0902] The Glass Cage - Virtualization Security
[Confidence0902] The Glass Cage - Virtualization SecurityClaudio Criscione
 
Cloudbusting insights #2 first steps of cloud security
Cloudbusting insights #2 first steps of cloud securityCloudbusting insights #2 first steps of cloud security
Cloudbusting insights #2 first steps of cloud securityDaniel Tovey
 
Virtual Networking Security - Network Security
Virtual Networking Security - Network SecurityVirtual Networking Security - Network Security
Virtual Networking Security - Network SecurityEng Teong Cheah
 
Acknowledging Boundaries: How to Bring Back Consistency to Your Microservice ...
Acknowledging Boundaries: How to Bring Back Consistency to Your Microservice ...Acknowledging Boundaries: How to Bring Back Consistency to Your Microservice ...
Acknowledging Boundaries: How to Bring Back Consistency to Your Microservice ...IT Arena
 
2020-12-21 ISC^2 Suisse Romande speech
2020-12-21 ISC^2 Suisse Romande speech2020-12-21 ISC^2 Suisse Romande speech
2020-12-21 ISC^2 Suisse Romande speechLuca Bertagnolio
 
Kevin wharram
Kevin wharramKevin wharram
Kevin wharramKevin Wharram
 
Network security
Network securityNetwork security
Network securitySibergen Technologies
 
Network security
Network securityNetwork security
Network securitySibergen Technologies
 
Propasal a private cloud in ubuntu
Propasal a private cloud in ubuntuPropasal a private cloud in ubuntu
Propasal a private cloud in ubuntuNadeer Abu Jraerr
 
3 Reasons Why The Host Rules Intrusion Detection in The Cloud
3 Reasons Why The Host Rules Intrusion Detection in The Cloud 3 Reasons Why The Host Rules Intrusion Detection in The Cloud
3 Reasons Why The Host Rules Intrusion Detection in The Cloud Threat Stack
 
A Migration Imperative With Windows 10 Enterprise-Grade Security
A Migration Imperative With Windows 10 Enterprise-Grade SecurityA Migration Imperative With Windows 10 Enterprise-Grade Security
A Migration Imperative With Windows 10 Enterprise-Grade SecurityInsight
 
PosterPresentations.com-36x48-Trifold-V5
PosterPresentations.com-36x48-Trifold-V5PosterPresentations.com-36x48-Trifold-V5
PosterPresentations.com-36x48-Trifold-V5Chatura Ahangama
 
SSL Protocol - R.D.Sivakumar
SSL Protocol - R.D.SivakumarSSL Protocol - R.D.Sivakumar
SSL Protocol - R.D.SivakumarSivakumar R D .
 
OpenNebulaConf 2013 - rOCCI – Providing Interoperability through OCCI 1.1 Sup...
OpenNebulaConf 2013 - rOCCI – Providing Interoperability through OCCI 1.1 Sup...OpenNebulaConf 2013 - rOCCI – Providing Interoperability through OCCI 1.1 Sup...
OpenNebulaConf 2013 - rOCCI – Providing Interoperability through OCCI 1.1 Sup...OpenNebula Project
 
OpenNebulaConf 2013 - Best Practices to Create Infrastructure Services in Ope...
OpenNebulaConf 2013 - Best Practices to Create Infrastructure Services in Ope...OpenNebulaConf 2013 - Best Practices to Create Infrastructure Services in Ope...
OpenNebulaConf 2013 - Best Practices to Create Infrastructure Services in Ope...OpenNebula Project
 
OpenNebulaConf 2014 - Lightning talk: Managing a Scientific Computing Facilit...
OpenNebulaConf 2014 - Lightning talk: Managing a Scientific Computing Facilit...OpenNebulaConf 2014 - Lightning talk: Managing a Scientific Computing Facilit...
OpenNebulaConf 2014 - Lightning talk: Managing a Scientific Computing Facilit...OpenNebula Project
 

More Related Content

What's hot

Enhance Virtual Machine Security in OpenStack Using Suricata IPS
Enhance Virtual Machine Security in OpenStack Using Suricata IPSEnhance Virtual Machine Security in OpenStack Using Suricata IPS
Enhance Virtual Machine Security in OpenStack Using Suricata IPSShila044184
 
Automated Security Hardening with OpenStack-Ansible
Automated Security Hardening with OpenStack-AnsibleAutomated Security Hardening with OpenStack-Ansible
Automated Security Hardening with OpenStack-AnsibleMajor Hayden
 
Real security in a virtual environment - Infosecurity 2011
Real security in a virtual environment - Infosecurity 2011Real security in a virtual environment - Infosecurity 2011
Real security in a virtual environment - Infosecurity 2011David Geens
 
AWS Security Ideas - re:Invent 2016
AWS Security Ideas - re:Invent 2016AWS Security Ideas - re:Invent 2016
AWS Security Ideas - re:Invent 2016Teri Radichel
 
Infographic: Whack Hackers Lightning Fast
Infographic: Whack Hackers Lightning FastInfographic: Whack Hackers Lightning Fast
Infographic: Whack Hackers Lightning FastJuniper Networks
 
vSRX Buyer’s Guide infographic - Juniper Networks
vSRX Buyer’s Guide infographic - Juniper Networks vSRX Buyer’s Guide infographic - Juniper Networks
vSRX Buyer’s Guide infographic - Juniper Networks Juniper Networks
 
[Confidence0902] The Glass Cage - Virtualization Security
[Confidence0902] The Glass Cage - Virtualization Security[Confidence0902] The Glass Cage - Virtualization Security
[Confidence0902] The Glass Cage - Virtualization SecurityClaudio Criscione
 
Cloudbusting insights #2 first steps of cloud security
Cloudbusting insights #2 first steps of cloud securityCloudbusting insights #2 first steps of cloud security
Cloudbusting insights #2 first steps of cloud securityDaniel Tovey
 
Virtual Networking Security - Network Security
Virtual Networking Security - Network SecurityVirtual Networking Security - Network Security
Virtual Networking Security - Network SecurityEng Teong Cheah
 
Acknowledging Boundaries: How to Bring Back Consistency to Your Microservice ...
Acknowledging Boundaries: How to Bring Back Consistency to Your Microservice ...Acknowledging Boundaries: How to Bring Back Consistency to Your Microservice ...
Acknowledging Boundaries: How to Bring Back Consistency to Your Microservice ...IT Arena
 
2020-12-21 ISC^2 Suisse Romande speech
2020-12-21 ISC^2 Suisse Romande speech2020-12-21 ISC^2 Suisse Romande speech
2020-12-21 ISC^2 Suisse Romande speechLuca Bertagnolio
 
Propasal a private cloud in ubuntu
Propasal a private cloud in ubuntuPropasal a private cloud in ubuntu
Propasal a private cloud in ubuntuNadeer Abu Jraerr
 
3 Reasons Why The Host Rules Intrusion Detection in The Cloud
3 Reasons Why The Host Rules Intrusion Detection in The Cloud 3 Reasons Why The Host Rules Intrusion Detection in The Cloud
3 Reasons Why The Host Rules Intrusion Detection in The Cloud Threat Stack
 
A Migration Imperative With Windows 10 Enterprise-Grade Security
A Migration Imperative With Windows 10 Enterprise-Grade SecurityA Migration Imperative With Windows 10 Enterprise-Grade Security
A Migration Imperative With Windows 10 Enterprise-Grade SecurityInsight
 
PosterPresentations.com-36x48-Trifold-V5
PosterPresentations.com-36x48-Trifold-V5PosterPresentations.com-36x48-Trifold-V5
PosterPresentations.com-36x48-Trifold-V5Chatura Ahangama
 
SSL Protocol - R.D.Sivakumar
SSL Protocol - R.D.SivakumarSSL Protocol - R.D.Sivakumar
SSL Protocol - R.D.SivakumarSivakumar R D .
 

What's hot (19)

Enhance Virtual Machine Security in OpenStack Using Suricata IPS
Enhance Virtual Machine Security in OpenStack Using Suricata IPSEnhance Virtual Machine Security in OpenStack Using Suricata IPS
Enhance Virtual Machine Security in OpenStack Using Suricata IPS
 
Automated Security Hardening with OpenStack-Ansible
Automated Security Hardening with OpenStack-AnsibleAutomated Security Hardening with OpenStack-Ansible
Automated Security Hardening with OpenStack-Ansible
 
Real security in a virtual environment - Infosecurity 2011
Real security in a virtual environment - Infosecurity 2011Real security in a virtual environment - Infosecurity 2011
Real security in a virtual environment - Infosecurity 2011
 
AWS Security Ideas - re:Invent 2016
AWS Security Ideas - re:Invent 2016AWS Security Ideas - re:Invent 2016
AWS Security Ideas - re:Invent 2016
 
Infographic: Whack Hackers Lightning Fast
Infographic: Whack Hackers Lightning FastInfographic: Whack Hackers Lightning Fast
Infographic: Whack Hackers Lightning Fast
 
vSRX Buyer’s Guide infographic - Juniper Networks
vSRX Buyer’s Guide infographic - Juniper Networks vSRX Buyer’s Guide infographic - Juniper Networks
vSRX Buyer’s Guide infographic - Juniper Networks
 
[Confidence0902] The Glass Cage - Virtualization Security
[Confidence0902] The Glass Cage - Virtualization Security[Confidence0902] The Glass Cage - Virtualization Security
[Confidence0902] The Glass Cage - Virtualization Security
 
Cloudbusting insights #2 first steps of cloud security
Cloudbusting insights #2 first steps of cloud securityCloudbusting insights #2 first steps of cloud security
Cloudbusting insights #2 first steps of cloud security
 
Virtual Networking Security - Network Security
Virtual Networking Security - Network SecurityVirtual Networking Security - Network Security
Virtual Networking Security - Network Security
 
Acknowledging Boundaries: How to Bring Back Consistency to Your Microservice ...
Acknowledging Boundaries: How to Bring Back Consistency to Your Microservice ...Acknowledging Boundaries: How to Bring Back Consistency to Your Microservice ...
Acknowledging Boundaries: How to Bring Back Consistency to Your Microservice ...
 
2020-12-21 ISC^2 Suisse Romande speech
2020-12-21 ISC^2 Suisse Romande speech2020-12-21 ISC^2 Suisse Romande speech
2020-12-21 ISC^2 Suisse Romande speech
 
Kevin wharram
Kevin wharramKevin wharram
Kevin wharram
 
Network security
Network securityNetwork security
Network security
 
Network security
Network securityNetwork security
Network security
 
Propasal a private cloud in ubuntu
Propasal a private cloud in ubuntuPropasal a private cloud in ubuntu
Propasal a private cloud in ubuntu
 
3 Reasons Why The Host Rules Intrusion Detection in The Cloud
3 Reasons Why The Host Rules Intrusion Detection in The Cloud 3 Reasons Why The Host Rules Intrusion Detection in The Cloud
3 Reasons Why The Host Rules Intrusion Detection in The Cloud
 
A Migration Imperative With Windows 10 Enterprise-Grade Security
A Migration Imperative With Windows 10 Enterprise-Grade SecurityA Migration Imperative With Windows 10 Enterprise-Grade Security
A Migration Imperative With Windows 10 Enterprise-Grade Security
 
PosterPresentations.com-36x48-Trifold-V5
PosterPresentations.com-36x48-Trifold-V5PosterPresentations.com-36x48-Trifold-V5
PosterPresentations.com-36x48-Trifold-V5
 
SSL Protocol - R.D.Sivakumar
SSL Protocol - R.D.SivakumarSSL Protocol - R.D.Sivakumar
SSL Protocol - R.D.Sivakumar
 

Viewers also liked

OpenNebulaConf 2013 - rOCCI – Providing Interoperability through OCCI 1.1 Sup...
OpenNebulaConf 2013 - rOCCI – Providing Interoperability through OCCI 1.1 Sup...OpenNebulaConf 2013 - rOCCI – Providing Interoperability through OCCI 1.1 Sup...
OpenNebulaConf 2013 - rOCCI – Providing Interoperability through OCCI 1.1 Sup...OpenNebula Project
 
OpenNebulaConf 2013 - Best Practices to Create Infrastructure Services in Ope...
OpenNebulaConf 2013 - Best Practices to Create Infrastructure Services in Ope...OpenNebulaConf 2013 - Best Practices to Create Infrastructure Services in Ope...
OpenNebulaConf 2013 - Best Practices to Create Infrastructure Services in Ope...OpenNebula Project
 
OpenNebulaConf 2014 - Lightning talk: Managing a Scientific Computing Facilit...
OpenNebulaConf 2014 - Lightning talk: Managing a Scientific Computing Facilit...OpenNebulaConf 2014 - Lightning talk: Managing a Scientific Computing Facilit...
OpenNebulaConf 2014 - Lightning talk: Managing a Scientific Computing Facilit...OpenNebula Project
 
OpenNebulaConf 2013 - Keynote: CentOS and OpenNebula, a Perfect Match by Kara...
OpenNebulaConf 2013 - Keynote: CentOS and OpenNebula, a Perfect Match by Kara...OpenNebulaConf 2013 - Keynote: CentOS and OpenNebula, a Perfect Match by Kara...
OpenNebulaConf 2013 - Keynote: CentOS and OpenNebula, a Perfect Match by Kara...OpenNebula Project
 
EGITF 2013 - Bringing Private Cloud Computing to HPC and Science with OpenNebula
EGITF 2013 - Bringing Private Cloud Computing to HPC and Science with OpenNebulaEGITF 2013 - Bringing Private Cloud Computing to HPC and Science with OpenNebula
EGITF 2013 - Bringing Private Cloud Computing to HPC and Science with OpenNebulaOpenNebula Project
 
OpenNebulaConf 2014 - OpenNebula at Cenatic - Jose Angel Diaz Diaz
OpenNebulaConf 2014 - OpenNebula at Cenatic - Jose Angel Diaz DiazOpenNebulaConf 2014 - OpenNebula at Cenatic - Jose Angel Diaz Diaz
OpenNebulaConf 2014 - OpenNebula at Cenatic - Jose Angel Diaz DiazOpenNebula Project
 
OpenNebulaConf 2013 - Welcome: Unleashing the Future of Open-source Enterpris...
OpenNebulaConf 2013 - Welcome: Unleashing the Future of Open-source Enterpris...OpenNebulaConf 2013 - Welcome: Unleashing the Future of Open-source Enterpris...
OpenNebulaConf 2013 - Welcome: Unleashing the Future of Open-source Enterpris...OpenNebula Project
 

Viewers also liked (7)

OpenNebulaConf 2013 - rOCCI – Providing Interoperability through OCCI 1.1 Sup...
OpenNebulaConf 2013 - rOCCI – Providing Interoperability through OCCI 1.1 Sup...OpenNebulaConf 2013 - rOCCI – Providing Interoperability through OCCI 1.1 Sup...
OpenNebulaConf 2013 - rOCCI – Providing Interoperability through OCCI 1.1 Sup...
 
OpenNebulaConf 2013 - Best Practices to Create Infrastructure Services in Ope...
OpenNebulaConf 2013 - Best Practices to Create Infrastructure Services in Ope...OpenNebulaConf 2013 - Best Practices to Create Infrastructure Services in Ope...
OpenNebulaConf 2013 - Best Practices to Create Infrastructure Services in Ope...
 
OpenNebulaConf 2014 - Lightning talk: Managing a Scientific Computing Facilit...
OpenNebulaConf 2014 - Lightning talk: Managing a Scientific Computing Facilit...OpenNebulaConf 2014 - Lightning talk: Managing a Scientific Computing Facilit...
OpenNebulaConf 2014 - Lightning talk: Managing a Scientific Computing Facilit...
 
OpenNebulaConf 2013 - Keynote: CentOS and OpenNebula, a Perfect Match by Kara...
OpenNebulaConf 2013 - Keynote: CentOS and OpenNebula, a Perfect Match by Kara...OpenNebulaConf 2013 - Keynote: CentOS and OpenNebula, a Perfect Match by Kara...
OpenNebulaConf 2013 - Keynote: CentOS and OpenNebula, a Perfect Match by Kara...
 
EGITF 2013 - Bringing Private Cloud Computing to HPC and Science with OpenNebula
EGITF 2013 - Bringing Private Cloud Computing to HPC and Science with OpenNebulaEGITF 2013 - Bringing Private Cloud Computing to HPC and Science with OpenNebula
EGITF 2013 - Bringing Private Cloud Computing to HPC and Science with OpenNebula
 
OpenNebulaConf 2014 - OpenNebula at Cenatic - Jose Angel Diaz Diaz
OpenNebulaConf 2014 - OpenNebula at Cenatic - Jose Angel Diaz DiazOpenNebulaConf 2014 - OpenNebula at Cenatic - Jose Angel Diaz Diaz
OpenNebulaConf 2014 - OpenNebula at Cenatic - Jose Angel Diaz Diaz
 
OpenNebulaConf 2013 - Welcome: Unleashing the Future of Open-source Enterpris...
OpenNebulaConf 2013 - Welcome: Unleashing the Future of Open-source Enterpris...OpenNebulaConf 2013 - Welcome: Unleashing the Future of Open-source Enterpris...
OpenNebulaConf 2013 - Welcome: Unleashing the Future of Open-source Enterpris...
 

Similar to OpenNebulaConf 2013 - Top Ten Security Considerations when Setting up your OpenNebula Cloud by Nils Magnus

Top ten security considerations when setting up your open nebula cloud
Top ten security considerations when setting up your open nebula cloudTop ten security considerations when setting up your open nebula cloud
Top ten security considerations when setting up your open nebula cloudinovex GmbH
 
Encryption in the Public Cloud: 16 Bits of Advice for Security Techniques
Encryption in the Public Cloud: 16 Bits of Advice for Security TechniquesEncryption in the Public Cloud: 16 Bits of Advice for Security Techniques
Encryption in the Public Cloud: 16 Bits of Advice for Security TechniquesTrend Micro
 
Interview Questions for Azure Security.pdf
Interview Questions for Azure Security.pdfInterview Questions for Azure Security.pdf
Interview Questions for Azure Security.pdfInfosec Train
 
Security in the Cloud: Tips on How to Protect Your Data
Security in the Cloud: Tips on How to Protect Your DataSecurity in the Cloud: Tips on How to Protect Your Data
Security in the Cloud: Tips on How to Protect Your DataProcore Technologies
 
A Secure Framework for Cloud Computing With Multi-cloud Service Providers
A Secure Framework for Cloud Computing With Multi-cloud Service ProvidersA Secure Framework for Cloud Computing With Multi-cloud Service Providers
A Secure Framework for Cloud Computing With Multi-cloud Service Providersiosrjce
 
A Study of Data Storage Security Issues in Cloud Computing
A Study of Data Storage Security Issues in Cloud ComputingA Study of Data Storage Security Issues in Cloud Computing
A Study of Data Storage Security Issues in Cloud Computingvivatechijri
 
Cloudsecurity
CloudsecurityCloudsecurity
Cloudsecuritydrewz lin
 
AWS Cloud Security From the Point of View of the Compliance
AWS Cloud Security From the Point of View of the ComplianceAWS Cloud Security From the Point of View of the Compliance
AWS Cloud Security From the Point of View of the ComplianceYury Chemerkin
 
AWS Security Challenges
AWS Security ChallengesAWS Security Challenges
AWS Security ChallengesSTO STRATEGY
 
Architecting Data Services for the Cloud: Security Considerations and Best Pr...
Architecting Data Services for the Cloud: Security Considerations and Best Pr...Architecting Data Services for the Cloud: Security Considerations and Best Pr...
Architecting Data Services for the Cloud: Security Considerations and Best Pr...Adnene Guabtni
 
Avoiding Container Vulnerabilities
Avoiding Container VulnerabilitiesAvoiding Container Vulnerabilities
Avoiding Container VulnerabilitiesMighty Guides, Inc.
 
O C T O B E R 2 0 1 4 V O L . 5 7 N O . 1 0 .docx
O C T O B E R 2 0 1 4 V O L . 5 7 N O . 1 0 .docxO C T O B E R 2 0 1 4 V O L . 5 7 N O . 1 0 .docx
O C T O B E R 2 0 1 4 V O L . 5 7 N O . 1 0 .docxvannagoforth
 

Similar to OpenNebulaConf 2013 - Top Ten Security Considerations when Setting up your OpenNebula Cloud by Nils Magnus (20)

Top ten security considerations when setting up your open nebula cloud
Top ten security considerations when setting up your open nebula cloudTop ten security considerations when setting up your open nebula cloud
Top ten security considerations when setting up your open nebula cloud
 
Encryption in the Public Cloud: 16 Bits of Advice for Security Techniques
Encryption in the Public Cloud: 16 Bits of Advice for Security TechniquesEncryption in the Public Cloud: 16 Bits of Advice for Security Techniques
Encryption in the Public Cloud: 16 Bits of Advice for Security Techniques
 
7 cloud security tips
7 cloud security tips7 cloud security tips
7 cloud security tips
 
Cloud security risks
Cloud security risksCloud security risks
Cloud security risks
 
Cloud security risks
Cloud security risksCloud security risks
Cloud security risks
 
Interview Questions for Azure Security.pdf
Interview Questions for Azure Security.pdfInterview Questions for Azure Security.pdf
Interview Questions for Azure Security.pdf
 
Security in the Cloud: Tips on How to Protect Your Data
Security in the Cloud: Tips on How to Protect Your DataSecurity in the Cloud: Tips on How to Protect Your Data
Security in the Cloud: Tips on How to Protect Your Data
 
Encryption in the Cloud
Encryption in the CloudEncryption in the Cloud
Encryption in the Cloud
 
I017225966
I017225966I017225966
I017225966
 
A Secure Framework for Cloud Computing With Multi-cloud Service Providers
A Secure Framework for Cloud Computing With Multi-cloud Service ProvidersA Secure Framework for Cloud Computing With Multi-cloud Service Providers
A Secure Framework for Cloud Computing With Multi-cloud Service Providers
 
A Study of Data Storage Security Issues in Cloud Computing
A Study of Data Storage Security Issues in Cloud ComputingA Study of Data Storage Security Issues in Cloud Computing
A Study of Data Storage Security Issues in Cloud Computing
 
Cloudsecurity
CloudsecurityCloudsecurity
Cloudsecurity
 
AWS Cloud Security From the Point of View of the Compliance
AWS Cloud Security From the Point of View of the ComplianceAWS Cloud Security From the Point of View of the Compliance
AWS Cloud Security From the Point of View of the Compliance
 
AWS Security Challenges
AWS Security ChallengesAWS Security Challenges
AWS Security Challenges
 
Architecting Data Services for the Cloud: Security Considerations and Best Pr...
Architecting Data Services for the Cloud: Security Considerations and Best Pr...Architecting Data Services for the Cloud: Security Considerations and Best Pr...
Architecting Data Services for the Cloud: Security Considerations and Best Pr...
 
Cloud Security_ Unit 4
Cloud Security_ Unit 4Cloud Security_ Unit 4
Cloud Security_ Unit 4
 
Avoiding Container Vulnerabilities
Avoiding Container VulnerabilitiesAvoiding Container Vulnerabilities
Avoiding Container Vulnerabilities
 
Cloud security
Cloud security Cloud security
Cloud security
 
Rik Ferguson
Rik FergusonRik Ferguson
Rik Ferguson
 
O C T O B E R 2 0 1 4 V O L . 5 7 N O . 1 0 .docx
O C T O B E R 2 0 1 4 V O L . 5 7 N O . 1 0 .docxO C T O B E R 2 0 1 4 V O L . 5 7 N O . 1 0 .docx
O C T O B E R 2 0 1 4 V O L . 5 7 N O . 1 0 .docx
 

More from OpenNebula Project

OpenNebulaConf2019 - Welcome and Project Update - Ignacio M. Llorente, Rubén ...
OpenNebulaConf2019 - Welcome and Project Update - Ignacio M. Llorente, Rubén ...OpenNebulaConf2019 - Welcome and Project Update - Ignacio M. Llorente, Rubén ...
OpenNebulaConf2019 - Welcome and Project Update - Ignacio M. Llorente, Rubén ...OpenNebula Project
 
OpenNebulaConf2019 - Building Virtual Environments for Security Analyses of C...
OpenNebulaConf2019 - Building Virtual Environments for Security Analyses of C...OpenNebulaConf2019 - Building Virtual Environments for Security Analyses of C...
OpenNebulaConf2019 - Building Virtual Environments for Security Analyses of C...OpenNebula Project
 
OpenNebulaConf2019 - CORD and Edge computing with OpenNebula - Alfonso Aureli...
OpenNebulaConf2019 - CORD and Edge computing with OpenNebula - Alfonso Aureli...OpenNebulaConf2019 - CORD and Edge computing with OpenNebula - Alfonso Aureli...
OpenNebulaConf2019 - CORD and Edge computing with OpenNebula - Alfonso Aureli...OpenNebula Project
 
OpenNebulaConf2019 - 6 years (+) OpenNebula - Lessons learned - Sebastian Man...
OpenNebulaConf2019 - 6 years (+) OpenNebula - Lessons learned - Sebastian Man...OpenNebulaConf2019 - 6 years (+) OpenNebula - Lessons learned - Sebastian Man...
OpenNebulaConf2019 - 6 years (+) OpenNebula - Lessons learned - Sebastian Man...OpenNebula Project
 
OpenNebulaConf2019 - Performant and Resilient Storage the Open Source & Linux...
OpenNebulaConf2019 - Performant and Resilient Storage the Open Source & Linux...OpenNebulaConf2019 - Performant and Resilient Storage the Open Source & Linux...
OpenNebulaConf2019 - Performant and Resilient Storage the Open Source & Linux...OpenNebula Project
 
OpenNebulaConf2019 - Image Backups in OpenNebula - Momčilo Medić - ITAF
OpenNebulaConf2019 - Image Backups in OpenNebula - Momčilo Medić - ITAFOpenNebulaConf2019 - Image Backups in OpenNebula - Momčilo Medić - ITAF
OpenNebulaConf2019 - Image Backups in OpenNebula - Momčilo Medić - ITAFOpenNebula Project
 
OpenNebulaConf2019 - How We Use GOCA to Manage our OpenNebula Cloud - Jean-Ph...
OpenNebulaConf2019 - How We Use GOCA to Manage our OpenNebula Cloud - Jean-Ph...OpenNebulaConf2019 - How We Use GOCA to Manage our OpenNebula Cloud - Jean-Ph...
OpenNebulaConf2019 - How We Use GOCA to Manage our OpenNebula Cloud - Jean-Ph...OpenNebula Project
 
OpenNebulaConf2019 - Crytek: A Video gaming Edge Implementation "on the shoul...
OpenNebulaConf2019 - Crytek: A Video gaming Edge Implementation "on the shoul...OpenNebulaConf2019 - Crytek: A Video gaming Edge Implementation "on the shoul...
OpenNebulaConf2019 - Crytek: A Video gaming Edge Implementation "on the shoul...OpenNebula Project
 
Replacing vCloud with OpenNebula
Replacing vCloud with OpenNebulaReplacing vCloud with OpenNebula
Replacing vCloud with OpenNebulaOpenNebula Project
 
NTS: What We Do With OpenNebula - and Why We Do It
NTS: What We Do With OpenNebula - and Why We Do ItNTS: What We Do With OpenNebula - and Why We Do It
NTS: What We Do With OpenNebula - and Why We Do ItOpenNebula Project
 
OpenNebula from the Perspective of an ISP
OpenNebula from the Perspective of an ISPOpenNebula from the Perspective of an ISP
OpenNebula from the Perspective of an ISPOpenNebula Project
 
NTS CAPTAIN / OpenNebula at Julius Blum GmbH
NTS CAPTAIN / OpenNebula at Julius Blum GmbHNTS CAPTAIN / OpenNebula at Julius Blum GmbH
NTS CAPTAIN / OpenNebula at Julius Blum GmbHOpenNebula Project
 
Performant and Resilient Storage: The Open Source & Linux Way
Performant and Resilient Storage: The Open Source & Linux WayPerformant and Resilient Storage: The Open Source & Linux Way
Performant and Resilient Storage: The Open Source & Linux WayOpenNebula Project
 
NetApp Hybrid Cloud with OpenNebula
NetApp Hybrid Cloud with OpenNebulaNetApp Hybrid Cloud with OpenNebula
NetApp Hybrid Cloud with OpenNebulaOpenNebula Project
 
NSX with OpenNebula - upcoming 5.10
NSX with OpenNebula - upcoming 5.10NSX with OpenNebula - upcoming 5.10
NSX with OpenNebula - upcoming 5.10OpenNebula Project
 
Security for Private Cloud Environments
Security for Private Cloud EnvironmentsSecurity for Private Cloud Environments
Security for Private Cloud EnvironmentsOpenNebula Project
 
CheckPoint R80.30 Installation on OpenNebula
CheckPoint R80.30 Installation on OpenNebulaCheckPoint R80.30 Installation on OpenNebula
CheckPoint R80.30 Installation on OpenNebulaOpenNebula Project
 
Cloud Disaggregation with OpenNebula
Cloud Disaggregation with OpenNebulaCloud Disaggregation with OpenNebula
Cloud Disaggregation with OpenNebulaOpenNebula Project
 

More from OpenNebula Project (20)

OpenNebulaConf2019 - Welcome and Project Update - Ignacio M. Llorente, Rubén ...
OpenNebulaConf2019 - Welcome and Project Update - Ignacio M. Llorente, Rubén ...OpenNebulaConf2019 - Welcome and Project Update - Ignacio M. Llorente, Rubén ...
OpenNebulaConf2019 - Welcome and Project Update - Ignacio M. Llorente, Rubén ...
 
OpenNebulaConf2019 - Building Virtual Environments for Security Analyses of C...
OpenNebulaConf2019 - Building Virtual Environments for Security Analyses of C...OpenNebulaConf2019 - Building Virtual Environments for Security Analyses of C...
OpenNebulaConf2019 - Building Virtual Environments for Security Analyses of C...
 
OpenNebulaConf2019 - CORD and Edge computing with OpenNebula - Alfonso Aureli...
OpenNebulaConf2019 - CORD and Edge computing with OpenNebula - Alfonso Aureli...OpenNebulaConf2019 - CORD and Edge computing with OpenNebula - Alfonso Aureli...
OpenNebulaConf2019 - CORD and Edge computing with OpenNebula - Alfonso Aureli...
 
OpenNebulaConf2019 - 6 years (+) OpenNebula - Lessons learned - Sebastian Man...
OpenNebulaConf2019 - 6 years (+) OpenNebula - Lessons learned - Sebastian Man...OpenNebulaConf2019 - 6 years (+) OpenNebula - Lessons learned - Sebastian Man...
OpenNebulaConf2019 - 6 years (+) OpenNebula - Lessons learned - Sebastian Man...
 
OpenNebulaConf2019 - Performant and Resilient Storage the Open Source & Linux...
OpenNebulaConf2019 - Performant and Resilient Storage the Open Source & Linux...OpenNebulaConf2019 - Performant and Resilient Storage the Open Source & Linux...
OpenNebulaConf2019 - Performant and Resilient Storage the Open Source & Linux...
 
OpenNebulaConf2019 - Image Backups in OpenNebula - Momčilo Medić - ITAF
OpenNebulaConf2019 - Image Backups in OpenNebula - Momčilo Medić - ITAFOpenNebulaConf2019 - Image Backups in OpenNebula - Momčilo Medić - ITAF
OpenNebulaConf2019 - Image Backups in OpenNebula - Momčilo Medić - ITAF
 
OpenNebulaConf2019 - How We Use GOCA to Manage our OpenNebula Cloud - Jean-Ph...
OpenNebulaConf2019 - How We Use GOCA to Manage our OpenNebula Cloud - Jean-Ph...OpenNebulaConf2019 - How We Use GOCA to Manage our OpenNebula Cloud - Jean-Ph...
OpenNebulaConf2019 - How We Use GOCA to Manage our OpenNebula Cloud - Jean-Ph...
 
OpenNebulaConf2019 - Crytek: A Video gaming Edge Implementation "on the shoul...
OpenNebulaConf2019 - Crytek: A Video gaming Edge Implementation "on the shoul...OpenNebulaConf2019 - Crytek: A Video gaming Edge Implementation "on the shoul...
OpenNebulaConf2019 - Crytek: A Video gaming Edge Implementation "on the shoul...
 
Replacing vCloud with OpenNebula
Replacing vCloud with OpenNebulaReplacing vCloud with OpenNebula
Replacing vCloud with OpenNebula
 
NTS: What We Do With OpenNebula - and Why We Do It
NTS: What We Do With OpenNebula - and Why We Do ItNTS: What We Do With OpenNebula - and Why We Do It
NTS: What We Do With OpenNebula - and Why We Do It
 
OpenNebula from the Perspective of an ISP
OpenNebula from the Perspective of an ISPOpenNebula from the Perspective of an ISP
OpenNebula from the Perspective of an ISP
 
NTS CAPTAIN / OpenNebula at Julius Blum GmbH
NTS CAPTAIN / OpenNebula at Julius Blum GmbHNTS CAPTAIN / OpenNebula at Julius Blum GmbH
NTS CAPTAIN / OpenNebula at Julius Blum GmbH
 
Performant and Resilient Storage: The Open Source & Linux Way
Performant and Resilient Storage: The Open Source & Linux WayPerformant and Resilient Storage: The Open Source & Linux Way
Performant and Resilient Storage: The Open Source & Linux Way
 
NetApp Hybrid Cloud with OpenNebula
NetApp Hybrid Cloud with OpenNebulaNetApp Hybrid Cloud with OpenNebula
NetApp Hybrid Cloud with OpenNebula
 
NSX with OpenNebula - upcoming 5.10
NSX with OpenNebula - upcoming 5.10NSX with OpenNebula - upcoming 5.10
NSX with OpenNebula - upcoming 5.10
 
Security for Private Cloud Environments
Security for Private Cloud EnvironmentsSecurity for Private Cloud Environments
Security for Private Cloud Environments
 
CheckPoint R80.30 Installation on OpenNebula
CheckPoint R80.30 Installation on OpenNebulaCheckPoint R80.30 Installation on OpenNebula
CheckPoint R80.30 Installation on OpenNebula
 
DE-CIX: CloudConnectivity
DE-CIX: CloudConnectivityDE-CIX: CloudConnectivity
DE-CIX: CloudConnectivity
 
DDC Demo
DDC DemoDDC Demo
DDC Demo
 
Cloud Disaggregation with OpenNebula
Cloud Disaggregation with OpenNebulaCloud Disaggregation with OpenNebula
Cloud Disaggregation with OpenNebula
 

Recently uploaded

[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfhans926745
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 

Recently uploaded (20)

[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 

OpenNebulaConf 2013 - Top Ten Security Considerations when Setting up your OpenNebula Cloud by Nils Magnus

  • 1. Wir nutzen Technologien, um unsere Kunden glücklich zu machen. Und uns selbst. Security Considerations Securely Setting up your Open Nebula Cloud A top 10 Best Practise Guide OpenNebula Conf, September 25, 2013 in Berlin, Germany Nils Magnus inovex GmbH Senior System Engineer
  • 2. 25.09.13 Agenda and Preamble Protecting your Open Nebula Cloud I. Security is 90% architecture and 10% implementation. Apparently trivial suggestions form the base of your protection. II. Security is intrinsically understaffed. Management wants „quick wins“, team is looking to „get the job done“. Somehow. III. Security is not about checklists. If you are (or feel) responsible, you need to know your individual vulnerabilities. In this mode think like an attacker. Share my thoughts how to protect an Open Nebula cloud!
  • 3. 25.09.13 Security needs Ressources Don't underestimate the necessity of security. Assign proper ressources to adress this issue. Security is a costly investment in the future. It is a bargain compared to the loss of your main business processes. The possible damage scales to the same extend as your cloud itself.
  • 4. 25.09.13 Admin Account Protect access to the • ONE admin account, • the SunStone UI, and infrastructure. Once attackers gain unlawful access to your command bridge, your systems might be doomed. All of them.
  • 5. 25.09.13 VLAN Hopping Prevent VLAN hopping in the scope of your SDN and between physical hosts. Network virtualization with VLAN tagging comes very handy, but keep in mind that the very frames of all virtual segments may travel of a shared medium.
  • 6. 25.09.13 Environments Partition your cloud network segments into distinct security areas. Protect the different security environments and border them from each other. Actively separate maturity environments and different types of processed data.
  • 7. 25.09.13 Apply Classic Best Practises Anyway Despite in the cloud, nonetheless apply network security best practises like • firewalls, • intrusion detection, or • data leak prevention, based on the very requirements of your environment.
  • 8. 25.09.13 Host Protection Securing virtual machines is not enough. Make sure you also protect the access to all of your hosts, even if they are not designed to have users on them.
  • 9. 25.09.13 Key and User Management Set up a working SSH infrastructure and enforce it. Open Nebula heavily relies on a working and secured way to communicate with your hosts and virtual machines. Properly configured keys help both automating the system deployment process and restricting acess on a need-to-know basis.
  • 10. 25.09.13 Sensible Distrust Auto discovery and self registration to the inventory are powerful features that alleviate the system engineer's duties. But make sure that only known bare metal systems register into your cloud store and virtual ressources. Don't boot systems you don't have full control over.
  • 11. 25.09.13 Shared Storage Protect access to your shared storage. Several hosts have to access the images of all security environments. Rogue images injected in the right place might act as trojan horses in otherwise well-protected environments.
  • 12. 25.09.13 Availability Keep ressources in mind. One major advantage of virtualization is to share ressources like CPU or IO bandwidth. But some player in your cloud may or may not play fair. Those situations, both intended and unintended, threaten your availability. Enacting QoS measure could be helpful.
  • 13. 25.09.13 Wrap-up 1. assign proper ressources 2. protect your admin account 3. secure the networks 4. partition into environments 5. apply classic network security measures 6. protect your hosts 7. install a key infrastructure 8. authenticate all repositories 9. protect the shared storage 10. keep an eye on availability What did I say about lists, anyway?
  • 14. 25.09.13 Freedom is the brother of security. The great photos of this presentation are licensed under the free Creative Commons license (CC-BY SA) that allows use and redistribution (share alike) as long as you give proper attribution. A big thank you goes to: UCL Engineering for the chainmail: http://flickr.com/photos/uclengineering/6946862623 Jwalanta Shrestha for the multi lanes in Kathmandu: http://flickr.com/photos/jwalanta/4496289019/ Drgriz52 and the bears at the tent: http://flickr.com/photos/drbair_photography/3571049565/ Steve Tannock and his meadows of the Peak District: http://flickr.com/photos/stv/2586761094/ Chris McBrien for his photo of the blue keys: http://flickr.com/photos/cmcbrien/4715320000/ Sergio Morchon for the array of cannons: http://flickr.com/photos/smorchon/2951615532/ Simon Hooks for his shot of the Trojan Horse: http://flickr.com/photos/gogap/253649673/ Sam Greenhalgh took a photo of a rack in a data center: http://flickr.com/photos/80476901 Matt Peoples for the kegs: http://flickr.com/photos/leftymgp/7332282888/ Justin Ennis photographed the Swiss Guard in Rome: http://flickr.com/photos/averain/5307438963/ Schub@ took a photo a looking glass: http://flickr.com/photos/schubi74/5793584347 Maury Landsman for the applause: http://www.flickr.com/photos/mau3ry/3763640652 Sources and Acknowledgment
  • 15. 25.09.13 Thanks for listening! Questions? Contact Nils Magnus Senior System Engineer inovex GmbH Office Munich Valentin-Linhof-Str. 2 81829 Munich, Germany +49-173-3181-057 nils.magnus@inovex.de Agent L9 Oxycryocrypt