SlideShare ist ein Scribd-Unternehmen logo

Top ten security considerations when setting up your open nebula cloud

inovex GmbH
inovex GmbH

Creating new nodes in your cloud environment was never as easy. Just a few clicks away system engineers create new virtual machines, assign network environments for them and deploy software components. Viable security engineering has ever been a key task to ensure your data’s confidentiality, integrity, and availibity. While hardening your operating systems and wisely designing you applications, cloud computing introduced a new challenge for engineers who are responsible for security. A breach in the perimeters of one of your central components threatens the overall security of all systems in any environment. The talk discusses predominant attack patterns that system engineers and security officers should consider. The top 10 threats come together with practical suggestions to improve data center security in the cloud.

TechnologieSport
1 von 15
Downloaden Sie, um offline zu lesen
Security Considerations Securely Setting up your Open Nebula Cloud A top 10 Best Practise Guide OpenNebula Conf, September 25, 2013 in Berlin, Germany Nils Magnus inovex GmbH Senior System Engineer Wir nutzen Technologien, um unsere Kunden glücklich zu machen. Und uns selbst.
Agenda and Preamble Protecting your Open Nebula Cloud I. Security is 90% architecture and 10% implementation. Apparently trivial suggestions form the base of your protection. II. Security is intrinsically understaffed. Management wants „quick wins“, team is looking to „get the job done“. Somehow. III. Security is not about checklists. If you are (or feel) responsible, you need to know your individual vulnerabilities. In this mode think like an attacker. Share my thoughts how to protect an Open Nebula cloud! 25.09.13
Security needs Ressources Don't underestimate the necessity of security. Assign proper ressources to adress this issue. Security is a costly investment in the future. It is a bargain compared to the loss of your main business processes. The possible damage scales to the same extend as your cloud itself. 25.09.13
Admin Account Protect access to the • ONE admin account, • the SunStone UI, and infrastructure. Once attackers gain unlawful access to your command bridge, your systems might be doomed. All of them. 25.09.13
VLAN Hopping Prevent VLAN hopping in the scope of your SDN and between physical hosts. Network virtualization with VLAN tagging comes very handy, but keep in mind that the very frames of all virtual segments may travel of a shared medium. 25.09.13
Environments Partition your cloud network segments into distinct security areas. Protect the different security environments and border them from each other. 25.09.13 Actively separate maturity environments and different types of processed data.
Apply Classic Best Practises Anyway Despite in the cloud, nonetheless apply network security best practises like • firewalls, • intrusion detection, or • data leak prevention, based on the very requirements of your environment. 25.09.13
Host Protection Securing virtual machines is not enough. Make sure you also protect the access to all of your hosts, even if they are not designed to have users on them. 25.09.13
Key and User Management Set up a working SSH infrastructure and enforce it. Open Nebula heavily relies on a working and secured way to communicate with your hosts and virtual machines. Properly configured keys help both automating the system deployment process and restricting acess on a need-to-know basis. 25.09.13
Sensible Distrust Auto discovery and self registration to the inventory are powerful features that alleviate the system engineer's duties. But make sure that only known bare metal systems register into your cloud store and virtual ressources. Don't boot systems you don't have full control over. 25.09.13
Shared Storage Protect access to your shared storage. Several hosts have to access the images of all security environments. 25.09.13 Rogue images injected in the right place might act as trojan horses in otherwise well-protected environments.
Availability Keep ressources in mind. One major advantage of virtualization is to share ressources like CPU or IO bandwidth. But some player in your cloud may or may not play fair. Those situations, both intended and unintended, threaten your availability. Enacting QoS measure could be helpful. 25.09.13
Wrap-up ay id I s anyway? d What s, ut list abo 1. assign proper ressources 2. protect your admin account 3. secure the networks 4. partition into environments 5. apply classic network security measures 6. protect your hosts 7. install a key infrastructure 25.09.13 8. authenticate all repositories 9. protect the shared storage 10. keep an eye on availability
Sources and Acknowledgment Freedom is the brother of security. The great photos of this presentation are licensed under the free Creative Commons license (CC-BY SA) that allows use and redistribution (share alike) as long as you give proper attribution. A big thank you goes to: UCL Engineering for the chainmail: http://flickr.com/photos/uclengineering/6946862623 Jwalanta Shrestha for the multi lanes in Kathmandu: http://flickr.com/photos/jwalanta/4496289019/ Drgriz52 and the bears at the tent: http://flickr.com/photos/drbair_photography/3571049565/ Steve Tannock and his meadows of the Peak District: http://flickr.com/photos/stv/2586761094/ Chris McBrien for his photo of the blue keys: http://flickr.com/photos/cmcbrien/4715320000/ Sergio Morchon for the array of cannons: http://flickr.com/photos/smorchon/2951615532/ Simon Hooks for his shot of the Trojan Horse: http://flickr.com/photos/gogap/253649673/ Sam Greenhalgh took a photo of a rack in a data center: http://flickr.com/photos/80476901 Matt Peoples for the kegs: http://flickr.com/photos/leftymgp/7332282888/ 25.09.13 Justin Ennis photographed the Swiss Guard in Rome: http://flickr.com/photos/averain/5307438963/ Schub@ took a photo a looking glass: http://flickr.com/photos/schubi74/5793584347 Maury Landsman for the applause: http://www.flickr.com/photos/mau3ry/3763640652
Thanks for listening! Questions? Contact Nils Magnus Senior System Engineer inovex GmbH Office Munich Valentin-Linhof-Str. 2 81829 Munich, Germany +49-173-3181-057 nils.magnus@inovex.de Agent L9 Oxycryocrypt 25.09.13

Empfohlen

Top Ten Security Considerations when Setting up your OpenNebula Cloud
Top Ten Security Considerations when Setting up your OpenNebula CloudTop Ten Security Considerations when Setting up your OpenNebula Cloud
Top Ten Security Considerations when Setting up your OpenNebula CloudNETWAYS
 
In Cloud We Trust
In Cloud We TrustIn Cloud We Trust
In Cloud We TrustAndy Harjanto
 
7 cloud security tips
7 cloud security tips7 cloud security tips
7 cloud security tipsUnited Technology Group (UTG)
 
Surveillance Presentation
Surveillance PresentationSurveillance Presentation
Surveillance PresentationMichael Wieskamp
 
CLOUD STORAGE IS MUCH MORE SECURE THAN YOU THINK
CLOUD STORAGE IS MUCH MORE SECURE THAN YOU THINKCLOUD STORAGE IS MUCH MORE SECURE THAN YOU THINK
CLOUD STORAGE IS MUCH MORE SECURE THAN YOU THINKTyrone Systems
 
Make your OpenStack Cloud Self-Defending with VESPA!
Make your OpenStack Cloud Self-Defending with VESPA!Make your OpenStack Cloud Self-Defending with VESPA!
Make your OpenStack Cloud Self-Defending with VESPA!mlacostma
 
A pinguin as a bouncer... Open Source Security Solutions
A pinguin as a bouncer... Open Source Security SolutionsA pinguin as a bouncer... Open Source Security Solutions
A pinguin as a bouncer... Open Source Security SolutionsB.A.
 
Enhance Virtual Machine Security in OpenStack Using Suricata IPS
Enhance Virtual Machine Security in OpenStack Using Suricata IPSEnhance Virtual Machine Security in OpenStack Using Suricata IPS
Enhance Virtual Machine Security in OpenStack Using Suricata IPSShila044184
 

Empfohlen

Top Ten Security Considerations when Setting up your OpenNebula Cloud
Top Ten Security Considerations when Setting up your OpenNebula CloudTop Ten Security Considerations when Setting up your OpenNebula Cloud
Top Ten Security Considerations when Setting up your OpenNebula CloudNETWAYS
 
In Cloud We Trust
In Cloud We TrustIn Cloud We Trust
In Cloud We TrustAndy Harjanto
 
7 cloud security tips
7 cloud security tips7 cloud security tips
7 cloud security tipsUnited Technology Group (UTG)
 
Surveillance Presentation
Surveillance PresentationSurveillance Presentation
Surveillance PresentationMichael Wieskamp
 
CLOUD STORAGE IS MUCH MORE SECURE THAN YOU THINK
CLOUD STORAGE IS MUCH MORE SECURE THAN YOU THINKCLOUD STORAGE IS MUCH MORE SECURE THAN YOU THINK
CLOUD STORAGE IS MUCH MORE SECURE THAN YOU THINKTyrone Systems
 
Make your OpenStack Cloud Self-Defending with VESPA!
Make your OpenStack Cloud Self-Defending with VESPA!Make your OpenStack Cloud Self-Defending with VESPA!
Make your OpenStack Cloud Self-Defending with VESPA!mlacostma
 
A pinguin as a bouncer... Open Source Security Solutions
A pinguin as a bouncer... Open Source Security SolutionsA pinguin as a bouncer... Open Source Security Solutions
A pinguin as a bouncer... Open Source Security SolutionsB.A.
 
Enhance Virtual Machine Security in OpenStack Using Suricata IPS
Enhance Virtual Machine Security in OpenStack Using Suricata IPSEnhance Virtual Machine Security in OpenStack Using Suricata IPS
Enhance Virtual Machine Security in OpenStack Using Suricata IPSShila044184
 
Real security in a virtual environment - Infosecurity 2011
Real security in a virtual environment - Infosecurity 2011Real security in a virtual environment - Infosecurity 2011
Real security in a virtual environment - Infosecurity 2011David Geens
 
Infographic: Whack Hackers Lightning Fast
Infographic: Whack Hackers Lightning FastInfographic: Whack Hackers Lightning Fast
Infographic: Whack Hackers Lightning FastJuniper Networks
 
vSRX Buyer’s Guide infographic - Juniper Networks
vSRX Buyer’s Guide infographic - Juniper Networks vSRX Buyer’s Guide infographic - Juniper Networks
vSRX Buyer’s Guide infographic - Juniper Networks Juniper Networks
 
Modern sandbox escaping techniques
Modern sandbox escaping techniquesModern sandbox escaping techniques
Modern sandbox escaping techniquesMohsen Tahmasebi
 
Network security
Network securityNetwork security
Network securitySibergen Technologies
 
Virtual Networking Security - Network Security
Virtual Networking Security - Network SecurityVirtual Networking Security - Network Security
Virtual Networking Security - Network SecurityEng Teong Cheah
 
Network security
Network securityNetwork security
Network securitySibergen Technologies
 
2020-12-21 ISC^2 Suisse Romande speech
2020-12-21 ISC^2 Suisse Romande speech2020-12-21 ISC^2 Suisse Romande speech
2020-12-21 ISC^2 Suisse Romande speechLuca Bertagnolio
 
WatchGuard - Cryptolocker en het gevecht tegen IT 's grootste vijand - Orbid ...
WatchGuard - Cryptolocker en het gevecht tegen IT 's grootste vijand - Orbid ...WatchGuard - Cryptolocker en het gevecht tegen IT 's grootste vijand - Orbid ...
WatchGuard - Cryptolocker en het gevecht tegen IT 's grootste vijand - Orbid ...Orbid
 
Top 10 Encryption Myths
Top 10 Encryption MythsTop 10 Encryption Myths
Top 10 Encryption MythsHighCloud Security
 
Te chnical presentation networkexploits and security
Te chnical presentation networkexploits and securityTe chnical presentation networkexploits and security
Te chnical presentation networkexploits and securityKartik Rao
 
A Migration Imperative With Windows 10 Enterprise-Grade Security
A Migration Imperative With Windows 10 Enterprise-Grade SecurityA Migration Imperative With Windows 10 Enterprise-Grade Security
A Migration Imperative With Windows 10 Enterprise-Grade SecurityInsight
 
Acknowledging Boundaries: How to Bring Back Consistency to Your Microservice ...
Acknowledging Boundaries: How to Bring Back Consistency to Your Microservice ...Acknowledging Boundaries: How to Bring Back Consistency to Your Microservice ...
Acknowledging Boundaries: How to Bring Back Consistency to Your Microservice ...IT Arena
 
Onsite Vs Hosted Desktop Security
Onsite Vs Hosted Desktop SecurityOnsite Vs Hosted Desktop Security
Onsite Vs Hosted Desktop SecurityJames Hegarty
 
The World Against the Bad, Cisco AMP Solution to the Rescue
The World Against the Bad, Cisco AMP Solution to the RescueThe World Against the Bad, Cisco AMP Solution to the Rescue
The World Against the Bad, Cisco AMP Solution to the RescueCisco Canada
 
Alternatives for-securing-virtual-networks
Alternatives for-securing-virtual-networksAlternatives for-securing-virtual-networks
Alternatives for-securing-virtual-networksJustin Cletus
 
CIS Control Solution Guide
CIS Control Solution Guide CIS Control Solution Guide
CIS Control Solution Guide Lauren Bell
 
VMware Technical Overview (2012)
VMware Technical Overview (2012)VMware Technical Overview (2012)
VMware Technical Overview (2012)Steven Aiello
 
Proactive Security That Works
Proactive Security That WorksProactive Security That Works
Proactive Security That WorksBrett L. Scott
 
Test Driven Development
Test Driven DevelopmentTest Driven Development
Test Driven Developmentinovex GmbH
 
Deep Dive into dockerized Microservices
Deep Dive into dockerized MicroservicesDeep Dive into dockerized Microservices
Deep Dive into dockerized Microservicesinovex GmbH
 
Entwicklungsumgebungen - Packer, Vagrant, Puppet
Entwicklungsumgebungen - Packer, Vagrant, PuppetEntwicklungsumgebungen - Packer, Vagrant, Puppet
Entwicklungsumgebungen - Packer, Vagrant, Puppetinovex GmbH
 

Weitere ähnliche Inhalte

Was ist angesagt?

Real security in a virtual environment - Infosecurity 2011
Real security in a virtual environment - Infosecurity 2011Real security in a virtual environment - Infosecurity 2011
Real security in a virtual environment - Infosecurity 2011David Geens
 
Infographic: Whack Hackers Lightning Fast
Infographic: Whack Hackers Lightning FastInfographic: Whack Hackers Lightning Fast
Infographic: Whack Hackers Lightning FastJuniper Networks
 
vSRX Buyer’s Guide infographic - Juniper Networks
vSRX Buyer’s Guide infographic - Juniper Networks vSRX Buyer’s Guide infographic - Juniper Networks
vSRX Buyer’s Guide infographic - Juniper Networks Juniper Networks
 
Modern sandbox escaping techniques
Modern sandbox escaping techniquesModern sandbox escaping techniques
Modern sandbox escaping techniquesMohsen Tahmasebi
 
Virtual Networking Security - Network Security
Virtual Networking Security - Network SecurityVirtual Networking Security - Network Security
Virtual Networking Security - Network SecurityEng Teong Cheah
 
2020-12-21 ISC^2 Suisse Romande speech
2020-12-21 ISC^2 Suisse Romande speech2020-12-21 ISC^2 Suisse Romande speech
2020-12-21 ISC^2 Suisse Romande speechLuca Bertagnolio
 
WatchGuard - Cryptolocker en het gevecht tegen IT 's grootste vijand - Orbid ...
WatchGuard - Cryptolocker en het gevecht tegen IT 's grootste vijand - Orbid ...WatchGuard - Cryptolocker en het gevecht tegen IT 's grootste vijand - Orbid ...
WatchGuard - Cryptolocker en het gevecht tegen IT 's grootste vijand - Orbid ...Orbid
 
Te chnical presentation networkexploits and security
Te chnical presentation networkexploits and securityTe chnical presentation networkexploits and security
Te chnical presentation networkexploits and securityKartik Rao
 
A Migration Imperative With Windows 10 Enterprise-Grade Security
A Migration Imperative With Windows 10 Enterprise-Grade SecurityA Migration Imperative With Windows 10 Enterprise-Grade Security
A Migration Imperative With Windows 10 Enterprise-Grade SecurityInsight
 
Acknowledging Boundaries: How to Bring Back Consistency to Your Microservice ...
Acknowledging Boundaries: How to Bring Back Consistency to Your Microservice ...Acknowledging Boundaries: How to Bring Back Consistency to Your Microservice ...
Acknowledging Boundaries: How to Bring Back Consistency to Your Microservice ...IT Arena
 
Onsite Vs Hosted Desktop Security
Onsite Vs Hosted Desktop SecurityOnsite Vs Hosted Desktop Security
Onsite Vs Hosted Desktop SecurityJames Hegarty
 
The World Against the Bad, Cisco AMP Solution to the Rescue
The World Against the Bad, Cisco AMP Solution to the RescueThe World Against the Bad, Cisco AMP Solution to the Rescue
The World Against the Bad, Cisco AMP Solution to the RescueCisco Canada
 
Alternatives for-securing-virtual-networks
Alternatives for-securing-virtual-networksAlternatives for-securing-virtual-networks
Alternatives for-securing-virtual-networksJustin Cletus
 
CIS Control Solution Guide
CIS Control Solution Guide CIS Control Solution Guide
CIS Control Solution Guide Lauren Bell
 
VMware Technical Overview (2012)
VMware Technical Overview (2012)VMware Technical Overview (2012)
VMware Technical Overview (2012)Steven Aiello
 
Proactive Security That Works
Proactive Security That WorksProactive Security That Works
Proactive Security That WorksBrett L. Scott
 

Was ist angesagt? (19)

Real security in a virtual environment - Infosecurity 2011
Real security in a virtual environment - Infosecurity 2011Real security in a virtual environment - Infosecurity 2011
Real security in a virtual environment - Infosecurity 2011
 
Infographic: Whack Hackers Lightning Fast
Infographic: Whack Hackers Lightning FastInfographic: Whack Hackers Lightning Fast
Infographic: Whack Hackers Lightning Fast
 
vSRX Buyer’s Guide infographic - Juniper Networks
vSRX Buyer’s Guide infographic - Juniper Networks vSRX Buyer’s Guide infographic - Juniper Networks
vSRX Buyer’s Guide infographic - Juniper Networks
 
Modern sandbox escaping techniques
Modern sandbox escaping techniquesModern sandbox escaping techniques
Modern sandbox escaping techniques
 
Network security
Network securityNetwork security
Network security
 
Virtual Networking Security - Network Security
Virtual Networking Security - Network SecurityVirtual Networking Security - Network Security
Virtual Networking Security - Network Security
 
Network security
Network securityNetwork security
Network security
 
2020-12-21 ISC^2 Suisse Romande speech
2020-12-21 ISC^2 Suisse Romande speech2020-12-21 ISC^2 Suisse Romande speech
2020-12-21 ISC^2 Suisse Romande speech
 
WatchGuard - Cryptolocker en het gevecht tegen IT 's grootste vijand - Orbid ...
WatchGuard - Cryptolocker en het gevecht tegen IT 's grootste vijand - Orbid ...WatchGuard - Cryptolocker en het gevecht tegen IT 's grootste vijand - Orbid ...
WatchGuard - Cryptolocker en het gevecht tegen IT 's grootste vijand - Orbid ...
 
Top 10 Encryption Myths
Top 10 Encryption MythsTop 10 Encryption Myths
Top 10 Encryption Myths
 
Te chnical presentation networkexploits and security
Te chnical presentation networkexploits and securityTe chnical presentation networkexploits and security
Te chnical presentation networkexploits and security
 
A Migration Imperative With Windows 10 Enterprise-Grade Security
A Migration Imperative With Windows 10 Enterprise-Grade SecurityA Migration Imperative With Windows 10 Enterprise-Grade Security
A Migration Imperative With Windows 10 Enterprise-Grade Security
 
Acknowledging Boundaries: How to Bring Back Consistency to Your Microservice ...
Acknowledging Boundaries: How to Bring Back Consistency to Your Microservice ...Acknowledging Boundaries: How to Bring Back Consistency to Your Microservice ...
Acknowledging Boundaries: How to Bring Back Consistency to Your Microservice ...
 
Onsite Vs Hosted Desktop Security
Onsite Vs Hosted Desktop SecurityOnsite Vs Hosted Desktop Security
Onsite Vs Hosted Desktop Security
 
The World Against the Bad, Cisco AMP Solution to the Rescue
The World Against the Bad, Cisco AMP Solution to the RescueThe World Against the Bad, Cisco AMP Solution to the Rescue
The World Against the Bad, Cisco AMP Solution to the Rescue
 
Alternatives for-securing-virtual-networks
Alternatives for-securing-virtual-networksAlternatives for-securing-virtual-networks
Alternatives for-securing-virtual-networks
 
CIS Control Solution Guide
CIS Control Solution Guide CIS Control Solution Guide
CIS Control Solution Guide
 
VMware Technical Overview (2012)
VMware Technical Overview (2012)VMware Technical Overview (2012)
VMware Technical Overview (2012)
 
Proactive Security That Works
Proactive Security That WorksProactive Security That Works
Proactive Security That Works
 

Andere mochten auch

Test Driven Development
Test Driven DevelopmentTest Driven Development
Test Driven Developmentinovex GmbH
 
Deep Dive into dockerized Microservices
Deep Dive into dockerized MicroservicesDeep Dive into dockerized Microservices
Deep Dive into dockerized Microservicesinovex GmbH
 
Entwicklungsumgebungen - Packer, Vagrant, Puppet
Entwicklungsumgebungen - Packer, Vagrant, PuppetEntwicklungsumgebungen - Packer, Vagrant, Puppet
Entwicklungsumgebungen - Packer, Vagrant, Puppetinovex GmbH
 
Software-defined networking
Software-defined networkingSoftware-defined networking
Software-defined networkinginovex GmbH
 
Configuration Management with Saltstack
Configuration Management with SaltstackConfiguration Management with Saltstack
Configuration Management with Saltstackinovex GmbH
 
SaltStack – (Not) just another Automation & Remote Execution Tool
SaltStack – (Not) just another Automation & Remote Execution ToolSaltStack – (Not) just another Automation & Remote Execution Tool
SaltStack – (Not) just another Automation & Remote Execution Toolinovex GmbH
 
Application configuration in containers
Application configuration in containersApplication configuration in containers
Application configuration in containersinovex GmbH
 
repositor.io - Simple Repository Management
repositor.io - Simple Repository Managementrepositor.io - Simple Repository Management
repositor.io - Simple Repository Managementinovex GmbH
 
Infrastructure as code: Cloud-Umgebungen mit Terraform verwalten
Infrastructure as code: Cloud-Umgebungen mit Terraform verwaltenInfrastructure as code: Cloud-Umgebungen mit Terraform verwalten
Infrastructure as code: Cloud-Umgebungen mit Terraform verwalteninovex GmbH
 
A system architect guide - ten ways to ruin your cloud experience ...and how ...
A system architect guide - ten ways to ruin your cloud experience ...and how ...A system architect guide - ten ways to ruin your cloud experience ...and how ...
A system architect guide - ten ways to ruin your cloud experience ...and how ...inovex GmbH
 
A system architect guide - ten ways to ruin your cloud experience ...and how ...
A system architect guide - ten ways to ruin your cloud experience ...and how ...A system architect guide - ten ways to ruin your cloud experience ...and how ...
A system architect guide - ten ways to ruin your cloud experience ...and how ...inovex GmbH
 
Agile Data Analytics
Agile Data AnalyticsAgile Data Analytics
Agile Data Analyticsinovex GmbH
 
Kubernetes - how to orchestrate containers
Kubernetes - how to orchestrate containersKubernetes - how to orchestrate containers
Kubernetes - how to orchestrate containersinovex GmbH
 
Bootstrapping Forman with Vagrant - Setting up a local Provision & Deployment...
Bootstrapping Forman with Vagrant - Setting up a local Provision & Deployment...Bootstrapping Forman with Vagrant - Setting up a local Provision & Deployment...
Bootstrapping Forman with Vagrant - Setting up a local Provision & Deployment...inovex GmbH
 
Integration in der Cloud mit Camel, Karaf und Cellar
Integration in der Cloud mit Camel, Karaf und CellarIntegration in der Cloud mit Camel, Karaf und Cellar
Integration in der Cloud mit Camel, Karaf und Cellarinovex GmbH
 
Definition of almost done
Definition of almost doneDefinition of almost done
Definition of almost doneinovex GmbH
 
Kanban Paper Airplanes
Kanban Paper AirplanesKanban Paper Airplanes
Kanban Paper Airplanesinovex GmbH
 
Sling sitebuilder and Sling CMS
Sling sitebuilder and Sling CMSSling sitebuilder and Sling CMS
Sling sitebuilder and Sling CMSinovex GmbH
 
Puppet: Designing modules & repositories
Puppet: Designing modules & repositoriesPuppet: Designing modules & repositories
Puppet: Designing modules & repositoriesinovex GmbH
 

Andere mochten auch (20)

Test Driven Development
Test Driven DevelopmentTest Driven Development
Test Driven Development
 
Deep Dive into dockerized Microservices
Deep Dive into dockerized MicroservicesDeep Dive into dockerized Microservices
Deep Dive into dockerized Microservices
 
Entwicklungsumgebungen - Packer, Vagrant, Puppet
Entwicklungsumgebungen - Packer, Vagrant, PuppetEntwicklungsumgebungen - Packer, Vagrant, Puppet
Entwicklungsumgebungen - Packer, Vagrant, Puppet
 
Software-defined networking
Software-defined networkingSoftware-defined networking
Software-defined networking
 
Configuration Management with Saltstack
Configuration Management with SaltstackConfiguration Management with Saltstack
Configuration Management with Saltstack
 
SaltStack – (Not) just another Automation & Remote Execution Tool
SaltStack – (Not) just another Automation & Remote Execution ToolSaltStack – (Not) just another Automation & Remote Execution Tool
SaltStack – (Not) just another Automation & Remote Execution Tool
 
Application configuration in containers
Application configuration in containersApplication configuration in containers
Application configuration in containers
 
repositor.io - Simple Repository Management
repositor.io - Simple Repository Managementrepositor.io - Simple Repository Management
repositor.io - Simple Repository Management
 
Infrastructure as code: Cloud-Umgebungen mit Terraform verwalten
Infrastructure as code: Cloud-Umgebungen mit Terraform verwaltenInfrastructure as code: Cloud-Umgebungen mit Terraform verwalten
Infrastructure as code: Cloud-Umgebungen mit Terraform verwalten
 
A system architect guide - ten ways to ruin your cloud experience ...and how ...
A system architect guide - ten ways to ruin your cloud experience ...and how ...A system architect guide - ten ways to ruin your cloud experience ...and how ...
A system architect guide - ten ways to ruin your cloud experience ...and how ...
 
A system architect guide - ten ways to ruin your cloud experience ...and how ...
A system architect guide - ten ways to ruin your cloud experience ...and how ...A system architect guide - ten ways to ruin your cloud experience ...and how ...
A system architect guide - ten ways to ruin your cloud experience ...and how ...
 
Agile Data Analytics
Agile Data AnalyticsAgile Data Analytics
Agile Data Analytics
 
Kubernetes - how to orchestrate containers
Kubernetes - how to orchestrate containersKubernetes - how to orchestrate containers
Kubernetes - how to orchestrate containers
 
Bootstrapping Forman with Vagrant - Setting up a local Provision & Deployment...
Bootstrapping Forman with Vagrant - Setting up a local Provision & Deployment...Bootstrapping Forman with Vagrant - Setting up a local Provision & Deployment...
Bootstrapping Forman with Vagrant - Setting up a local Provision & Deployment...
 
Integration in der Cloud mit Camel, Karaf und Cellar
Integration in der Cloud mit Camel, Karaf und CellarIntegration in der Cloud mit Camel, Karaf und Cellar
Integration in der Cloud mit Camel, Karaf und Cellar
 
Definition of almost done
Definition of almost doneDefinition of almost done
Definition of almost done
 
Kanban Paper Airplanes
Kanban Paper AirplanesKanban Paper Airplanes
Kanban Paper Airplanes
 
Sling sitebuilder and Sling CMS
Sling sitebuilder and Sling CMSSling sitebuilder and Sling CMS
Sling sitebuilder and Sling CMS
 
Big Data Basics
Big Data BasicsBig Data Basics
Big Data Basics
 
Puppet: Designing modules & repositories
Puppet: Designing modules & repositoriesPuppet: Designing modules & repositories
Puppet: Designing modules & repositories
 

Ähnlich wie Top ten security considerations when setting up your open nebula cloud

OpenNebulaConf 2013 - Top Ten Security Considerations when Setting up your Op...
OpenNebulaConf 2013 - Top Ten Security Considerations when Setting up your Op...OpenNebulaConf 2013 - Top Ten Security Considerations when Setting up your Op...
OpenNebulaConf 2013 - Top Ten Security Considerations when Setting up your Op...OpenNebula Project
 
Encryption in the Public Cloud: 16 Bits of Advice for Security Techniques
Encryption in the Public Cloud: 16 Bits of Advice for Security TechniquesEncryption in the Public Cloud: 16 Bits of Advice for Security Techniques
Encryption in the Public Cloud: 16 Bits of Advice for Security TechniquesTrend Micro
 
Interview Questions for Azure Security.pdf
Interview Questions for Azure Security.pdfInterview Questions for Azure Security.pdf
Interview Questions for Azure Security.pdfInfosec Train
 
Security in the Cloud: Tips on How to Protect Your Data
Security in the Cloud: Tips on How to Protect Your DataSecurity in the Cloud: Tips on How to Protect Your Data
Security in the Cloud: Tips on How to Protect Your DataProcore Technologies
 
A Secure Framework for Cloud Computing With Multi-cloud Service Providers
A Secure Framework for Cloud Computing With Multi-cloud Service ProvidersA Secure Framework for Cloud Computing With Multi-cloud Service Providers
A Secure Framework for Cloud Computing With Multi-cloud Service Providersiosrjce
 
Cloudsecurity
CloudsecurityCloudsecurity
Cloudsecuritydrewz lin
 
AWS Cloud Security From the Point of View of the Compliance
AWS Cloud Security From the Point of View of the ComplianceAWS Cloud Security From the Point of View of the Compliance
AWS Cloud Security From the Point of View of the ComplianceYury Chemerkin
 
AWS Security Challenges
AWS Security ChallengesAWS Security Challenges
AWS Security ChallengesSTO STRATEGY
 
Architecting Data Services for the Cloud: Security Considerations and Best Pr...
Architecting Data Services for the Cloud: Security Considerations and Best Pr...Architecting Data Services for the Cloud: Security Considerations and Best Pr...
Architecting Data Services for the Cloud: Security Considerations and Best Pr...Adnene Guabtni
 
A Study of Data Storage Security Issues in Cloud Computing
A Study of Data Storage Security Issues in Cloud ComputingA Study of Data Storage Security Issues in Cloud Computing
A Study of Data Storage Security Issues in Cloud Computingvivatechijri
 
SC-900 Capabilities of Microsoft Security Solutions
SC-900 Capabilities of Microsoft Security SolutionsSC-900 Capabilities of Microsoft Security Solutions
SC-900 Capabilities of Microsoft Security SolutionsFredBrandonAuthorMCP
 
Security Spotlight: The Coca Cola Company - CSS ATX 2017
Security Spotlight: The Coca Cola Company - CSS ATX 2017Security Spotlight: The Coca Cola Company - CSS ATX 2017
Security Spotlight: The Coca Cola Company - CSS ATX 2017Alert Logic
 
Avoiding Container Vulnerabilities
Avoiding Container VulnerabilitiesAvoiding Container Vulnerabilities
Avoiding Container VulnerabilitiesMighty Guides, Inc.
 

Ähnlich wie Top ten security considerations when setting up your open nebula cloud (20)

OpenNebulaConf 2013 - Top Ten Security Considerations when Setting up your Op...
OpenNebulaConf 2013 - Top Ten Security Considerations when Setting up your Op...OpenNebulaConf 2013 - Top Ten Security Considerations when Setting up your Op...
OpenNebulaConf 2013 - Top Ten Security Considerations when Setting up your Op...
 
Encryption in the Public Cloud: 16 Bits of Advice for Security Techniques
Encryption in the Public Cloud: 16 Bits of Advice for Security TechniquesEncryption in the Public Cloud: 16 Bits of Advice for Security Techniques
Encryption in the Public Cloud: 16 Bits of Advice for Security Techniques
 
Interview Questions for Azure Security.pdf
Interview Questions for Azure Security.pdfInterview Questions for Azure Security.pdf
Interview Questions for Azure Security.pdf
 
Security in the Cloud: Tips on How to Protect Your Data
Security in the Cloud: Tips on How to Protect Your DataSecurity in the Cloud: Tips on How to Protect Your Data
Security in the Cloud: Tips on How to Protect Your Data
 
Cloud security risks
Cloud security risksCloud security risks
Cloud security risks
 
Cloud security risks
Cloud security risksCloud security risks
Cloud security risks
 
Encryption in the Cloud
Encryption in the CloudEncryption in the Cloud
Encryption in the Cloud
 
I017225966
I017225966I017225966
I017225966
 
A Secure Framework for Cloud Computing With Multi-cloud Service Providers
A Secure Framework for Cloud Computing With Multi-cloud Service ProvidersA Secure Framework for Cloud Computing With Multi-cloud Service Providers
A Secure Framework for Cloud Computing With Multi-cloud Service Providers
 
Cloudsecurity
CloudsecurityCloudsecurity
Cloudsecurity
 
AWS Cloud Security From the Point of View of the Compliance
AWS Cloud Security From the Point of View of the ComplianceAWS Cloud Security From the Point of View of the Compliance
AWS Cloud Security From the Point of View of the Compliance
 
AWS Security Challenges
AWS Security ChallengesAWS Security Challenges
AWS Security Challenges
 
Architecting Data Services for the Cloud: Security Considerations and Best Pr...
Architecting Data Services for the Cloud: Security Considerations and Best Pr...Architecting Data Services for the Cloud: Security Considerations and Best Pr...
Architecting Data Services for the Cloud: Security Considerations and Best Pr...
 
A Study of Data Storage Security Issues in Cloud Computing
A Study of Data Storage Security Issues in Cloud ComputingA Study of Data Storage Security Issues in Cloud Computing
A Study of Data Storage Security Issues in Cloud Computing
 
Rik Ferguson
Rik FergusonRik Ferguson
Rik Ferguson
 
Cloud Security_ Unit 4
Cloud Security_ Unit 4Cloud Security_ Unit 4
Cloud Security_ Unit 4
 
SC-900 Capabilities of Microsoft Security Solutions
SC-900 Capabilities of Microsoft Security SolutionsSC-900 Capabilities of Microsoft Security Solutions
SC-900 Capabilities of Microsoft Security Solutions
 
Security Spotlight: The Coca Cola Company - CSS ATX 2017
Security Spotlight: The Coca Cola Company - CSS ATX 2017Security Spotlight: The Coca Cola Company - CSS ATX 2017
Security Spotlight: The Coca Cola Company - CSS ATX 2017
 
Cloud security
Cloud security Cloud security
Cloud security
 
Avoiding Container Vulnerabilities
Avoiding Container VulnerabilitiesAvoiding Container Vulnerabilities
Avoiding Container Vulnerabilities
 

Mehr von inovex GmbH

lldb – Debugger auf Abwegen
lldb – Debugger auf Abwegenlldb – Debugger auf Abwegen
lldb – Debugger auf Abwegeninovex GmbH
 
Are you sure about that?! Uncertainty Quantification in AI
Are you sure about that?! Uncertainty Quantification in AIAre you sure about that?! Uncertainty Quantification in AI
Are you sure about that?! Uncertainty Quantification in AIinovex GmbH
 
Why natural language is next step in the AI evolution
Why natural language is next step in the AI evolutionWhy natural language is next step in the AI evolution
Why natural language is next step in the AI evolutioninovex GmbH
 
Network Policies
Network PoliciesNetwork Policies
Network Policiesinovex GmbH
 
Interpretable Machine Learning
Interpretable Machine LearningInterpretable Machine Learning
Interpretable Machine Learninginovex GmbH
 
Jenkins X – CI/CD in wolkigen Umgebungen
Jenkins X – CI/CD in wolkigen UmgebungenJenkins X – CI/CD in wolkigen Umgebungen
Jenkins X – CI/CD in wolkigen Umgebungeninovex GmbH
 
AI auf Edge-Geraeten
AI auf Edge-GeraetenAI auf Edge-Geraeten
AI auf Edge-Geraeteninovex GmbH
 
Prometheus on Kubernetes
Prometheus on KubernetesPrometheus on Kubernetes
Prometheus on Kubernetesinovex GmbH
 
Deep Learning for Recommender Systems
Deep Learning for Recommender SystemsDeep Learning for Recommender Systems
Deep Learning for Recommender Systemsinovex GmbH
 
Representation Learning von Zeitreihen
Representation Learning von ZeitreihenRepresentation Learning von Zeitreihen
Representation Learning von Zeitreiheninovex GmbH
 
Talk to me – Chatbots und digitale Assistenten
Talk to me – Chatbots und digitale AssistentenTalk to me – Chatbots und digitale Assistenten
Talk to me – Chatbots und digitale Assistenteninovex GmbH
 
Künstlich intelligent?
Künstlich intelligent?Künstlich intelligent?
Künstlich intelligent?inovex GmbH
 
Das Android Open Source Project
Das Android Open Source ProjectDas Android Open Source Project
Das Android Open Source Projectinovex GmbH
 
Machine Learning Interpretability
Machine Learning InterpretabilityMachine Learning Interpretability
Machine Learning Interpretabilityinovex GmbH
 
Performance evaluation of GANs in a semisupervised OCR use case
Performance evaluation of GANs in a semisupervised OCR use casePerformance evaluation of GANs in a semisupervised OCR use case
Performance evaluation of GANs in a semisupervised OCR use caseinovex GmbH
 
People & Products – Lessons learned from the daily IT madness
People & Products – Lessons learned from the daily IT madnessPeople & Products – Lessons learned from the daily IT madness
People & Products – Lessons learned from the daily IT madnessinovex GmbH
 
Infrastructure as (real) Code – Manage your K8s resources with Pulumi
Infrastructure as (real) Code – Manage your K8s resources with PulumiInfrastructure as (real) Code – Manage your K8s resources with Pulumi
Infrastructure as (real) Code – Manage your K8s resources with Pulumiinovex GmbH
 

Mehr von inovex GmbH (20)

lldb – Debugger auf Abwegen
lldb – Debugger auf Abwegenlldb – Debugger auf Abwegen
lldb – Debugger auf Abwegen
 
Are you sure about that?! Uncertainty Quantification in AI
Are you sure about that?! Uncertainty Quantification in AIAre you sure about that?! Uncertainty Quantification in AI
Are you sure about that?! Uncertainty Quantification in AI
 
Why natural language is next step in the AI evolution
Why natural language is next step in the AI evolutionWhy natural language is next step in the AI evolution
Why natural language is next step in the AI evolution
 
WWDC 2019 Recap
WWDC 2019 RecapWWDC 2019 Recap
WWDC 2019 Recap
 
Network Policies
Network PoliciesNetwork Policies
Network Policies
 
Interpretable Machine Learning
Interpretable Machine LearningInterpretable Machine Learning
Interpretable Machine Learning
 
Jenkins X – CI/CD in wolkigen Umgebungen
Jenkins X – CI/CD in wolkigen UmgebungenJenkins X – CI/CD in wolkigen Umgebungen
Jenkins X – CI/CD in wolkigen Umgebungen
 
AI auf Edge-Geraeten
AI auf Edge-GeraetenAI auf Edge-Geraeten
AI auf Edge-Geraeten
 
Prometheus on Kubernetes
Prometheus on KubernetesPrometheus on Kubernetes
Prometheus on Kubernetes
 
Deep Learning for Recommender Systems
Deep Learning for Recommender SystemsDeep Learning for Recommender Systems
Deep Learning for Recommender Systems
 
Azure IoT Edge
Azure IoT EdgeAzure IoT Edge
Azure IoT Edge
 
Representation Learning von Zeitreihen
Representation Learning von ZeitreihenRepresentation Learning von Zeitreihen
Representation Learning von Zeitreihen
 
Talk to me – Chatbots und digitale Assistenten
Talk to me – Chatbots und digitale AssistentenTalk to me – Chatbots und digitale Assistenten
Talk to me – Chatbots und digitale Assistenten
 
Künstlich intelligent?
Künstlich intelligent?Künstlich intelligent?
Künstlich intelligent?
 
Dev + Ops = Go
Dev + Ops = GoDev + Ops = Go
Dev + Ops = Go
 
Das Android Open Source Project
Das Android Open Source ProjectDas Android Open Source Project
Das Android Open Source Project
 
Machine Learning Interpretability
Machine Learning InterpretabilityMachine Learning Interpretability
Machine Learning Interpretability
 
Performance evaluation of GANs in a semisupervised OCR use case
Performance evaluation of GANs in a semisupervised OCR use casePerformance evaluation of GANs in a semisupervised OCR use case
Performance evaluation of GANs in a semisupervised OCR use case
 
People & Products – Lessons learned from the daily IT madness
People & Products – Lessons learned from the daily IT madnessPeople & Products – Lessons learned from the daily IT madness
People & Products – Lessons learned from the daily IT madness
 
Infrastructure as (real) Code – Manage your K8s resources with Pulumi
Infrastructure as (real) Code – Manage your K8s resources with PulumiInfrastructure as (real) Code – Manage your K8s resources with Pulumi
Infrastructure as (real) Code – Manage your K8s resources with Pulumi
 

Kürzlich hochgeladen

Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 

Kürzlich hochgeladen (20)

Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 

Top ten security considerations when setting up your open nebula cloud

  • 1. Security Considerations Securely Setting up your Open Nebula Cloud A top 10 Best Practise Guide OpenNebula Conf, September 25, 2013 in Berlin, Germany Nils Magnus inovex GmbH Senior System Engineer Wir nutzen Technologien, um unsere Kunden glücklich zu machen. Und uns selbst.
  • 2. Agenda and Preamble Protecting your Open Nebula Cloud I. Security is 90% architecture and 10% implementation. Apparently trivial suggestions form the base of your protection. II. Security is intrinsically understaffed. Management wants „quick wins“, team is looking to „get the job done“. Somehow. III. Security is not about checklists. If you are (or feel) responsible, you need to know your individual vulnerabilities. In this mode think like an attacker. Share my thoughts how to protect an Open Nebula cloud! 25.09.13
  • 3. Security needs Ressources Don't underestimate the necessity of security. Assign proper ressources to adress this issue. Security is a costly investment in the future. It is a bargain compared to the loss of your main business processes. The possible damage scales to the same extend as your cloud itself. 25.09.13
  • 4. Admin Account Protect access to the • ONE admin account, • the SunStone UI, and infrastructure. Once attackers gain unlawful access to your command bridge, your systems might be doomed. All of them. 25.09.13
  • 5. VLAN Hopping Prevent VLAN hopping in the scope of your SDN and between physical hosts. Network virtualization with VLAN tagging comes very handy, but keep in mind that the very frames of all virtual segments may travel of a shared medium. 25.09.13
  • 6. Environments Partition your cloud network segments into distinct security areas. Protect the different security environments and border them from each other. 25.09.13 Actively separate maturity environments and different types of processed data.
  • 7. Apply Classic Best Practises Anyway Despite in the cloud, nonetheless apply network security best practises like • firewalls, • intrusion detection, or • data leak prevention, based on the very requirements of your environment. 25.09.13
  • 8. Host Protection Securing virtual machines is not enough. Make sure you also protect the access to all of your hosts, even if they are not designed to have users on them. 25.09.13
  • 9. Key and User Management Set up a working SSH infrastructure and enforce it. Open Nebula heavily relies on a working and secured way to communicate with your hosts and virtual machines. Properly configured keys help both automating the system deployment process and restricting acess on a need-to-know basis. 25.09.13
  • 10. Sensible Distrust Auto discovery and self registration to the inventory are powerful features that alleviate the system engineer's duties. But make sure that only known bare metal systems register into your cloud store and virtual ressources. Don't boot systems you don't have full control over. 25.09.13
  • 11. Shared Storage Protect access to your shared storage. Several hosts have to access the images of all security environments. 25.09.13 Rogue images injected in the right place might act as trojan horses in otherwise well-protected environments.
  • 12. Availability Keep ressources in mind. One major advantage of virtualization is to share ressources like CPU or IO bandwidth. But some player in your cloud may or may not play fair. Those situations, both intended and unintended, threaten your availability. Enacting QoS measure could be helpful. 25.09.13
  • 13. Wrap-up ay id I s anyway? d What s, ut list abo 1. assign proper ressources 2. protect your admin account 3. secure the networks 4. partition into environments 5. apply classic network security measures 6. protect your hosts 7. install a key infrastructure 25.09.13 8. authenticate all repositories 9. protect the shared storage 10. keep an eye on availability
  • 14. Sources and Acknowledgment Freedom is the brother of security. The great photos of this presentation are licensed under the free Creative Commons license (CC-BY SA) that allows use and redistribution (share alike) as long as you give proper attribution. A big thank you goes to: UCL Engineering for the chainmail: http://flickr.com/photos/uclengineering/6946862623 Jwalanta Shrestha for the multi lanes in Kathmandu: http://flickr.com/photos/jwalanta/4496289019/ Drgriz52 and the bears at the tent: http://flickr.com/photos/drbair_photography/3571049565/ Steve Tannock and his meadows of the Peak District: http://flickr.com/photos/stv/2586761094/ Chris McBrien for his photo of the blue keys: http://flickr.com/photos/cmcbrien/4715320000/ Sergio Morchon for the array of cannons: http://flickr.com/photos/smorchon/2951615532/ Simon Hooks for his shot of the Trojan Horse: http://flickr.com/photos/gogap/253649673/ Sam Greenhalgh took a photo of a rack in a data center: http://flickr.com/photos/80476901 Matt Peoples for the kegs: http://flickr.com/photos/leftymgp/7332282888/ 25.09.13 Justin Ennis photographed the Swiss Guard in Rome: http://flickr.com/photos/averain/5307438963/ Schub@ took a photo a looking glass: http://flickr.com/photos/schubi74/5793584347 Maury Landsman for the applause: http://www.flickr.com/photos/mau3ry/3763640652
  • 15. Thanks for listening! Questions? Contact Nils Magnus Senior System Engineer inovex GmbH Office Munich Valentin-Linhof-Str. 2 81829 Munich, Germany +49-173-3181-057 nils.magnus@inovex.de Agent L9 Oxycryocrypt 25.09.13