SlideShare una empresa de Scribd logo

Top Ten Security Considerations when Setting up your OpenNebula Cloud

NETWAYS
NETWAYS

Creating new nodes in your cloud environment was never as easy. Just a few clicks away system engineers create new virtual machines, assign network environments for them and deploy software components. Viable security engineering has ever been a key task to ensure your data’s confidentiality, integrity, and availibity. While hardening your operating systems and wisely designing you applications, cloud computing introduced a new challenge for engineers who are responsible for security. A breach in the perimeters of one of your central components threatens the overall security of all systems in any environment. The talk discusses predominant attack patterns that system engineers and security officers should consider. The top 10 threats come together with practical suggestions to improve data center security in the cloud.

TecnologíaDeportes
1 de 15
Descargar para leer sin conexión
Wir nutzen Technologien, um unsere Kunden glücklich zu machen. Und uns selbst. Security Considerations Securely Setting up your Open Nebula Cloud A top 10 Best Practise Guide OpenNebula Conf, September 25, 2013 in Berlin, Germany Nils Magnus inovex GmbH Senior System Engineer
25.09.13 Agenda and Preamble Protecting your Open Nebula Cloud I. Security is 90% architecture and 10% implementation. Apparently trivial suggestions form the base of your protection. II. Security is intrinsically understaffed. Management wants „quick wins“, team is looking to „get the job done“. Somehow. III. Security is not about checklists. If you are (or feel) responsible, you need to know your individual vulnerabilities. In this mode think like an attacker. Share my thoughts how to protect an Open Nebula cloud!
25.09.13 Security needs Ressources Don't underestimate the necessity of security. Assign proper ressources to adress this issue. Security is a costly investment in the future. It is a bargain compared to the loss of your main business processes. The possible damage scales to the same extend as your cloud itself.
25.09.13 Admin Account Protect access to the • ONE admin account, • the SunStone UI, and infrastructure. Once attackers gain unlawful access to your command bridge, your systems might be doomed. All of them.
25.09.13 VLAN Hopping Prevent VLAN hopping in the scope of your SDN and between physical hosts. Network virtualization with VLAN tagging comes very handy, but keep in mind that the very frames of all virtual segments may travel of a shared medium.
25.09.13 Environments Partition your cloud network segments into distinct security areas. Protect the different security environments and border them from each other. Actively separate maturity environments and different types of processed data.
25.09.13 Apply Classic Best Practises Anyway Despite in the cloud, nonetheless apply network security best practises like • firewalls, • intrusion detection, or • data leak prevention, based on the very requirements of your environment.
25.09.13 Host Protection Securing virtual machines is not enough. Make sure you also protect the access to all of your hosts, even if they are not designed to have users on them.
25.09.13 Key and User Management Set up a working SSH infrastructure and enforce it. Open Nebula heavily relies on a working and secured way to communicate with your hosts and virtual machines. Properly configured keys help both automating the system deployment process and restricting acess on a need-to-know basis.
25.09.13 Sensible Distrust Auto discovery and self registration to the inventory are powerful features that alleviate the system engineer's duties. But make sure that only known bare metal systems register into your cloud store and virtual ressources. Don't boot systems you don't have full control over.
25.09.13 Shared Storage Protect access to your shared storage. Several hosts have to access the images of all security environments. Rogue images injected in the right place might act as trojan horses in otherwise well-protected environments.
25.09.13 Availability Keep ressources in mind. One major advantage of virtualization is to share ressources like CPU or IO bandwidth. But some player in your cloud may or may not play fair. Those situations, both intended and unintended, threaten your availability. Enacting QoS measure could be helpful.
25.09.13 Wrap-up 1. assign proper ressources 2. protect your admin account 3. secure the networks 4. partition into environments 5. apply classic network security measures 6. protect your hosts 7. install a key infrastructure 8. authenticate all repositories 9. protect the shared storage 10. keep an eye on availability What did I say about lists, anyway?
25.09.13 Freedom is the brother of security. The great photos of this presentation are licensed under the free Creative Commons license (CC-BY SA) that allows use and redistribution (share alike) as long as you give proper attribution. A big thank you goes to: UCL Engineering for the chainmail: http://flickr.com/photos/uclengineering/6946862623 Jwalanta Shrestha for the multi lanes in Kathmandu: http://flickr.com/photos/jwalanta/4496289019/ Drgriz52 and the bears at the tent: http://flickr.com/photos/drbair_photography/3571049565/ Steve Tannock and his meadows of the Peak District: http://flickr.com/photos/stv/2586761094/ Chris McBrien for his photo of the blue keys: http://flickr.com/photos/cmcbrien/4715320000/ Sergio Morchon for the array of cannons: http://flickr.com/photos/smorchon/2951615532/ Simon Hooks for his shot of the Trojan Horse: http://flickr.com/photos/gogap/253649673/ Sam Greenhalgh took a photo of a rack in a data center: http://flickr.com/photos/80476901 Matt Peoples for the kegs: http://flickr.com/photos/leftymgp/7332282888/ Justin Ennis photographed the Swiss Guard in Rome: http://flickr.com/photos/averain/5307438963/ Schub@ took a photo a looking glass: http://flickr.com/photos/schubi74/5793584347 Maury Landsman for the applause: http://www.flickr.com/photos/mau3ry/3763640652 Sources and Acknowledgment
25.09.13 Thanks for listening! Questions? Contact Nils Magnus Senior System Engineer inovex GmbH Office Munich Valentin-Linhof-Str. 2 81829 Munich, Germany +49-173-3181-057 nils.magnus@inovex.de Agent L9 Oxycryocrypt

Recomendados

Enabling Scientific Workflows on FermiCloud using OpenNebula
Enabling Scientific Workflows on FermiCloud using OpenNebulaEnabling Scientific Workflows on FermiCloud using OpenNebula
Enabling Scientific Workflows on FermiCloud using OpenNebulaNETWAYS
 
Opening the Path to Technical Excellence
Opening the Path to Technical ExcellenceOpening the Path to Technical Excellence
Opening the Path to Technical ExcellenceNETWAYS
 
Contrail Virtual Execution Platform
Contrail Virtual Execution PlatformContrail Virtual Execution Platform
Contrail Virtual Execution PlatformNETWAYS
 
Making clouds: turning opennebula into a product
Making clouds: turning opennebula into a productMaking clouds: turning opennebula into a product
Making clouds: turning opennebula into a productCarlo Daffara
 
OpenNebulaConf2015 2.05 OpenNebula at the Leibniz Supercomputing Centre - Mat...
OpenNebulaConf2015 2.05 OpenNebula at the Leibniz Supercomputing Centre - Mat...OpenNebulaConf2015 2.05 OpenNebula at the Leibniz Supercomputing Centre - Mat...
OpenNebulaConf2015 2.05 OpenNebula at the Leibniz Supercomputing Centre - Mat...OpenNebula Project
 
Adventures in Research
Adventures in ResearchAdventures in Research
Adventures in ResearchNETWAYS
 
XCP-ng - past, present and future
XCP-ng - past, present and futureXCP-ng - past, present and future
XCP-ng - past, present and futureShapeBlue
 
[OpenStack Days Korea 2016] An SDN Pioneer's Vision of Networking
[OpenStack Days Korea 2016] An SDN Pioneer's Vision of Networking[OpenStack Days Korea 2016] An SDN Pioneer's Vision of Networking
[OpenStack Days Korea 2016] An SDN Pioneer's Vision of NetworkingOpenStack Korea Community
 

Recomendados

Enabling Scientific Workflows on FermiCloud using OpenNebula
Enabling Scientific Workflows on FermiCloud using OpenNebulaEnabling Scientific Workflows on FermiCloud using OpenNebula
Enabling Scientific Workflows on FermiCloud using OpenNebulaNETWAYS
 
Opening the Path to Technical Excellence
Opening the Path to Technical ExcellenceOpening the Path to Technical Excellence
Opening the Path to Technical ExcellenceNETWAYS
 
Contrail Virtual Execution Platform
Contrail Virtual Execution PlatformContrail Virtual Execution Platform
Contrail Virtual Execution PlatformNETWAYS
 
Making clouds: turning opennebula into a product
Making clouds: turning opennebula into a productMaking clouds: turning opennebula into a product
Making clouds: turning opennebula into a productCarlo Daffara
 
OpenNebulaConf2015 2.05 OpenNebula at the Leibniz Supercomputing Centre - Mat...
OpenNebulaConf2015 2.05 OpenNebula at the Leibniz Supercomputing Centre - Mat...OpenNebulaConf2015 2.05 OpenNebula at the Leibniz Supercomputing Centre - Mat...
OpenNebulaConf2015 2.05 OpenNebula at the Leibniz Supercomputing Centre - Mat...OpenNebula Project
 
Adventures in Research
Adventures in ResearchAdventures in Research
Adventures in ResearchNETWAYS
 
XCP-ng - past, present and future
XCP-ng - past, present and futureXCP-ng - past, present and future
XCP-ng - past, present and futureShapeBlue
 
[OpenStack Days Korea 2016] An SDN Pioneer's Vision of Networking
[OpenStack Days Korea 2016] An SDN Pioneer's Vision of Networking[OpenStack Days Korea 2016] An SDN Pioneer's Vision of Networking
[OpenStack Days Korea 2016] An SDN Pioneer's Vision of NetworkingOpenStack Korea Community
 
Building a redundant CloudStack management cluster - Vladimir Melnik
Building a redundant CloudStack management cluster - Vladimir MelnikBuilding a redundant CloudStack management cluster - Vladimir Melnik
Building a redundant CloudStack management cluster - Vladimir MelnikShapeBlue
 
Multisite OpenStack for NFV: Bridging the Gap
Multisite OpenStack for NFV: Bridging the GapMultisite OpenStack for NFV: Bridging the Gap
Multisite OpenStack for NFV: Bridging the GapDimitri Mazmanov
 
OpenNebula TechDay Boston 2015 - HA HPC with OpenNebula
OpenNebula TechDay Boston 2015 - HA HPC with OpenNebulaOpenNebula TechDay Boston 2015 - HA HPC with OpenNebula
OpenNebula TechDay Boston 2015 - HA HPC with OpenNebulaOpenNebula Project
 
Open stack in action enovance-quantum in action
Open stack in action enovance-quantum in actionOpen stack in action enovance-quantum in action
Open stack in action enovance-quantum in actioneNovance
 
KuberNETes - meetup
KuberNETes - meetupKuberNETes - meetup
KuberNETes - meetupNathan Ness
 
Whats New in Apache CloudStack Version 4.5
Whats New in Apache CloudStack Version 4.5Whats New in Apache CloudStack Version 4.5
Whats New in Apache CloudStack Version 4.5ShapeBlue
 
Hybrid cloud federation
Hybrid cloud federationHybrid cloud federation
Hybrid cloud federationopenstackindia
 
Using OpenContrail with Kubernetes
Using OpenContrail with KubernetesUsing OpenContrail with Kubernetes
Using OpenContrail with KubernetesMatt Baldwin
 
[OpenStack Day in Korea 2015] Track 3-2 - Huawei Cloud Computing Powered by O...
[OpenStack Day in Korea 2015] Track 3-2 - Huawei Cloud Computing Powered by O...[OpenStack Day in Korea 2015] Track 3-2 - Huawei Cloud Computing Powered by O...
[OpenStack Day in Korea 2015] Track 3-2 - Huawei Cloud Computing Powered by O...OpenStack Korea Community
 
Boyan Krosnov - Building a software-defined cloud - our experience
Boyan Krosnov - Building a software-defined cloud - our experienceBoyan Krosnov - Building a software-defined cloud - our experience
Boyan Krosnov - Building a software-defined cloud - our experienceShapeBlue
 
OpenStack in Action! 5 - Dell - OpenStack powered solutions - Patrick Hamon
OpenStack in Action! 5 - Dell - OpenStack powered solutions - Patrick HamonOpenStack in Action! 5 - Dell - OpenStack powered solutions - Patrick Hamon
OpenStack in Action! 5 - Dell - OpenStack powered solutions - Patrick HamoneNovance
 
[OpenStack Day in Korea 2015] Track 3-6 - Archiectural Overview of the Open S...
[OpenStack Day in Korea 2015] Track 3-6 - Archiectural Overview of the Open S...[OpenStack Day in Korea 2015] Track 3-6 - Archiectural Overview of the Open S...
[OpenStack Day in Korea 2015] Track 3-6 - Archiectural Overview of the Open S...OpenStack Korea Community
 
Docker, Innovation Accelerator
Docker, Innovation AcceleratorDocker, Innovation Accelerator
Docker, Innovation AcceleratorDocker, Inc.
 
Containers 101 Meetup - VMs vs Containers
Containers 101 Meetup - VMs vs ContainersContainers 101 Meetup - VMs vs Containers
Containers 101 Meetup - VMs vs ContainersTommy Berry
 
Intro to OpenStack
Intro to OpenStackIntro to OpenStack
Intro to OpenStackdonnieh1
 
Optimising nfv service chains on open stack using docker
Optimising nfv service chains on open stack using dockerOptimising nfv service chains on open stack using docker
Optimising nfv service chains on open stack using dockerAnanth Padmanabhan
 
Dependable Storage and Computing using Multiple Cloud Providers
Dependable Storage and Computing using Multiple Cloud ProvidersDependable Storage and Computing using Multiple Cloud Providers
Dependable Storage and Computing using Multiple Cloud ProvidersAlysson Bessani
 
Wido den Hollander - building highly available cloud with Ceph and CloudStack
Wido den Hollander - building highly available cloud with Ceph and CloudStackWido den Hollander - building highly available cloud with Ceph and CloudStack
Wido den Hollander - building highly available cloud with Ceph and CloudStackShapeBlue
 
[OpenStack Days Korea 2016] Track2 - 가상화 네트워크와 클라우드간 협업
[OpenStack Days Korea 2016] Track2 - 가상화 네트워크와 클라우드간 협업[OpenStack Days Korea 2016] Track2 - 가상화 네트워크와 클라우드간 협업
[OpenStack Days Korea 2016] Track2 - 가상화 네트워크와 클라우드간 협업OpenStack Korea Community
 
Raspberry pi x kubernetes x tensorflow
Raspberry pi x kubernetes x tensorflowRaspberry pi x kubernetes x tensorflow
Raspberry pi x kubernetes x tensorflow霈萱 蔡
 
Community Clouds from Scratch
Community Clouds from ScratchCommunity Clouds from Scratch
Community Clouds from ScratchNETWAYS
 
rOCCI – Providing Interoperability through OCCI 1.1 Support for OpenNebula
rOCCI – Providing Interoperability through OCCI 1.1 Support for OpenNebularOCCI – Providing Interoperability through OCCI 1.1 Support for OpenNebula
rOCCI – Providing Interoperability through OCCI 1.1 Support for OpenNebulaNETWAYS
 

Más contenido relacionado

La actualidad más candente

Building a redundant CloudStack management cluster - Vladimir Melnik
Building a redundant CloudStack management cluster - Vladimir MelnikBuilding a redundant CloudStack management cluster - Vladimir Melnik
Building a redundant CloudStack management cluster - Vladimir MelnikShapeBlue
 
Multisite OpenStack for NFV: Bridging the Gap
Multisite OpenStack for NFV: Bridging the GapMultisite OpenStack for NFV: Bridging the Gap
Multisite OpenStack for NFV: Bridging the GapDimitri Mazmanov
 
OpenNebula TechDay Boston 2015 - HA HPC with OpenNebula
OpenNebula TechDay Boston 2015 - HA HPC with OpenNebulaOpenNebula TechDay Boston 2015 - HA HPC with OpenNebula
OpenNebula TechDay Boston 2015 - HA HPC with OpenNebulaOpenNebula Project
 
Open stack in action enovance-quantum in action
Open stack in action enovance-quantum in actionOpen stack in action enovance-quantum in action
Open stack in action enovance-quantum in actioneNovance
 
KuberNETes - meetup
KuberNETes - meetupKuberNETes - meetup
KuberNETes - meetupNathan Ness
 
Whats New in Apache CloudStack Version 4.5
Whats New in Apache CloudStack Version 4.5Whats New in Apache CloudStack Version 4.5
Whats New in Apache CloudStack Version 4.5ShapeBlue
 
Hybrid cloud federation
Hybrid cloud federationHybrid cloud federation
Hybrid cloud federationopenstackindia
 
Using OpenContrail with Kubernetes
Using OpenContrail with KubernetesUsing OpenContrail with Kubernetes
Using OpenContrail with KubernetesMatt Baldwin
 
[OpenStack Day in Korea 2015] Track 3-2 - Huawei Cloud Computing Powered by O...
[OpenStack Day in Korea 2015] Track 3-2 - Huawei Cloud Computing Powered by O...[OpenStack Day in Korea 2015] Track 3-2 - Huawei Cloud Computing Powered by O...
[OpenStack Day in Korea 2015] Track 3-2 - Huawei Cloud Computing Powered by O...OpenStack Korea Community
 
Boyan Krosnov - Building a software-defined cloud - our experience
Boyan Krosnov - Building a software-defined cloud - our experienceBoyan Krosnov - Building a software-defined cloud - our experience
Boyan Krosnov - Building a software-defined cloud - our experienceShapeBlue
 
OpenStack in Action! 5 - Dell - OpenStack powered solutions - Patrick Hamon
OpenStack in Action! 5 - Dell - OpenStack powered solutions - Patrick HamonOpenStack in Action! 5 - Dell - OpenStack powered solutions - Patrick Hamon
OpenStack in Action! 5 - Dell - OpenStack powered solutions - Patrick HamoneNovance
 
[OpenStack Day in Korea 2015] Track 3-6 - Archiectural Overview of the Open S...
[OpenStack Day in Korea 2015] Track 3-6 - Archiectural Overview of the Open S...[OpenStack Day in Korea 2015] Track 3-6 - Archiectural Overview of the Open S...
[OpenStack Day in Korea 2015] Track 3-6 - Archiectural Overview of the Open S...OpenStack Korea Community
 
Docker, Innovation Accelerator
Docker, Innovation AcceleratorDocker, Innovation Accelerator
Docker, Innovation AcceleratorDocker, Inc.
 
Containers 101 Meetup - VMs vs Containers
Containers 101 Meetup - VMs vs ContainersContainers 101 Meetup - VMs vs Containers
Containers 101 Meetup - VMs vs ContainersTommy Berry
 
Intro to OpenStack
Intro to OpenStackIntro to OpenStack
Intro to OpenStackdonnieh1
 
Optimising nfv service chains on open stack using docker
Optimising nfv service chains on open stack using dockerOptimising nfv service chains on open stack using docker
Optimising nfv service chains on open stack using dockerAnanth Padmanabhan
 
Dependable Storage and Computing using Multiple Cloud Providers
Dependable Storage and Computing using Multiple Cloud ProvidersDependable Storage and Computing using Multiple Cloud Providers
Dependable Storage and Computing using Multiple Cloud ProvidersAlysson Bessani
 
Wido den Hollander - building highly available cloud with Ceph and CloudStack
Wido den Hollander - building highly available cloud with Ceph and CloudStackWido den Hollander - building highly available cloud with Ceph and CloudStack
Wido den Hollander - building highly available cloud with Ceph and CloudStackShapeBlue
 
[OpenStack Days Korea 2016] Track2 - 가상화 네트워크와 클라우드간 협업
[OpenStack Days Korea 2016] Track2 - 가상화 네트워크와 클라우드간 협업[OpenStack Days Korea 2016] Track2 - 가상화 네트워크와 클라우드간 협업
[OpenStack Days Korea 2016] Track2 - 가상화 네트워크와 클라우드간 협업OpenStack Korea Community
 
Raspberry pi x kubernetes x tensorflow
Raspberry pi x kubernetes x tensorflowRaspberry pi x kubernetes x tensorflow
Raspberry pi x kubernetes x tensorflow霈萱 蔡
 

La actualidad más candente (20)

Building a redundant CloudStack management cluster - Vladimir Melnik
Building a redundant CloudStack management cluster - Vladimir MelnikBuilding a redundant CloudStack management cluster - Vladimir Melnik
Building a redundant CloudStack management cluster - Vladimir Melnik
 
Multisite OpenStack for NFV: Bridging the Gap
Multisite OpenStack for NFV: Bridging the GapMultisite OpenStack for NFV: Bridging the Gap
Multisite OpenStack for NFV: Bridging the Gap
 
OpenNebula TechDay Boston 2015 - HA HPC with OpenNebula
OpenNebula TechDay Boston 2015 - HA HPC with OpenNebulaOpenNebula TechDay Boston 2015 - HA HPC with OpenNebula
OpenNebula TechDay Boston 2015 - HA HPC with OpenNebula
 
Open stack in action enovance-quantum in action
Open stack in action enovance-quantum in actionOpen stack in action enovance-quantum in action
Open stack in action enovance-quantum in action
 
KuberNETes - meetup
KuberNETes - meetupKuberNETes - meetup
KuberNETes - meetup
 
Whats New in Apache CloudStack Version 4.5
Whats New in Apache CloudStack Version 4.5Whats New in Apache CloudStack Version 4.5
Whats New in Apache CloudStack Version 4.5
 
Hybrid cloud federation
Hybrid cloud federationHybrid cloud federation
Hybrid cloud federation
 
Using OpenContrail with Kubernetes
Using OpenContrail with KubernetesUsing OpenContrail with Kubernetes
Using OpenContrail with Kubernetes
 
[OpenStack Day in Korea 2015] Track 3-2 - Huawei Cloud Computing Powered by O...
[OpenStack Day in Korea 2015] Track 3-2 - Huawei Cloud Computing Powered by O...[OpenStack Day in Korea 2015] Track 3-2 - Huawei Cloud Computing Powered by O...
[OpenStack Day in Korea 2015] Track 3-2 - Huawei Cloud Computing Powered by O...
 
Boyan Krosnov - Building a software-defined cloud - our experience
Boyan Krosnov - Building a software-defined cloud - our experienceBoyan Krosnov - Building a software-defined cloud - our experience
Boyan Krosnov - Building a software-defined cloud - our experience
 
OpenStack in Action! 5 - Dell - OpenStack powered solutions - Patrick Hamon
OpenStack in Action! 5 - Dell - OpenStack powered solutions - Patrick HamonOpenStack in Action! 5 - Dell - OpenStack powered solutions - Patrick Hamon
OpenStack in Action! 5 - Dell - OpenStack powered solutions - Patrick Hamon
 
[OpenStack Day in Korea 2015] Track 3-6 - Archiectural Overview of the Open S...
[OpenStack Day in Korea 2015] Track 3-6 - Archiectural Overview of the Open S...[OpenStack Day in Korea 2015] Track 3-6 - Archiectural Overview of the Open S...
[OpenStack Day in Korea 2015] Track 3-6 - Archiectural Overview of the Open S...
 
Docker, Innovation Accelerator
Docker, Innovation AcceleratorDocker, Innovation Accelerator
Docker, Innovation Accelerator
 
Containers 101 Meetup - VMs vs Containers
Containers 101 Meetup - VMs vs ContainersContainers 101 Meetup - VMs vs Containers
Containers 101 Meetup - VMs vs Containers
 
Intro to OpenStack
Intro to OpenStackIntro to OpenStack
Intro to OpenStack
 
Optimising nfv service chains on open stack using docker
Optimising nfv service chains on open stack using dockerOptimising nfv service chains on open stack using docker
Optimising nfv service chains on open stack using docker
 
Dependable Storage and Computing using Multiple Cloud Providers
Dependable Storage and Computing using Multiple Cloud ProvidersDependable Storage and Computing using Multiple Cloud Providers
Dependable Storage and Computing using Multiple Cloud Providers
 
Wido den Hollander - building highly available cloud with Ceph and CloudStack
Wido den Hollander - building highly available cloud with Ceph and CloudStackWido den Hollander - building highly available cloud with Ceph and CloudStack
Wido den Hollander - building highly available cloud with Ceph and CloudStack
 
[OpenStack Days Korea 2016] Track2 - 가상화 네트워크와 클라우드간 협업
[OpenStack Days Korea 2016] Track2 - 가상화 네트워크와 클라우드간 협업[OpenStack Days Korea 2016] Track2 - 가상화 네트워크와 클라우드간 협업
[OpenStack Days Korea 2016] Track2 - 가상화 네트워크와 클라우드간 협업
 
Raspberry pi x kubernetes x tensorflow
Raspberry pi x kubernetes x tensorflowRaspberry pi x kubernetes x tensorflow
Raspberry pi x kubernetes x tensorflow
 

Destacado

Community Clouds from Scratch
Community Clouds from ScratchCommunity Clouds from Scratch
Community Clouds from ScratchNETWAYS
 
rOCCI – Providing Interoperability through OCCI 1.1 Support for OpenNebula
rOCCI – Providing Interoperability through OCCI 1.1 Support for OpenNebularOCCI – Providing Interoperability through OCCI 1.1 Support for OpenNebula
rOCCI – Providing Interoperability through OCCI 1.1 Support for OpenNebulaNETWAYS
 
High Performance Computing Cloud at SURFsara: Experiences with OpenNebula 3.x
High Performance Computing Cloud at SURFsara: Experiences with OpenNebula 3.xHigh Performance Computing Cloud at SURFsara: Experiences with OpenNebula 3.x
High Performance Computing Cloud at SURFsara: Experiences with OpenNebula 3.xNETWAYS
 
OpenNebula in a Multiuser Environment
OpenNebula in a Multiuser EnvironmentOpenNebula in a Multiuser Environment
OpenNebula in a Multiuser EnvironmentNETWAYS
 
Making Clouds: Turning OpenNebula into a Product
Making Clouds: Turning OpenNebula into a ProductMaking Clouds: Turning OpenNebula into a Product
Making Clouds: Turning OpenNebula into a ProductNETWAYS
 
Monitoring Large-scale Cloud Infrastructures with OpenNebula
Monitoring Large-scale Cloud Infrastructures with OpenNebulaMonitoring Large-scale Cloud Infrastructures with OpenNebula
Monitoring Large-scale Cloud Infrastructures with OpenNebulaNETWAYS
 
CentOS and OpenNebula, a Perfect Match
CentOS and OpenNebula, a Perfect MatchCentOS and OpenNebula, a Perfect Match
CentOS and OpenNebula, a Perfect MatchNETWAYS
 
Welcome talk unleashing the future of open-source enterprise cloud computing
Welcome talk unleashing the future of open-source enterprise cloud computingWelcome talk unleashing the future of open-source enterprise cloud computing
Welcome talk unleashing the future of open-source enterprise cloud computingNETWAYS
 
Monitoring of OpenNebula installations
Monitoring of OpenNebula installationsMonitoring of OpenNebula installations
Monitoring of OpenNebula installationsNETWAYS
 
How Can OpenNebula Fit Your Needs: A European Project Feedback
How Can OpenNebula Fit Your Needs: A European Project FeedbackHow Can OpenNebula Fit Your Needs: A European Project Feedback
How Can OpenNebula Fit Your Needs: A European Project FeedbackNETWAYS
 

Destacado (10)

Community Clouds from Scratch
Community Clouds from ScratchCommunity Clouds from Scratch
Community Clouds from Scratch
 
rOCCI – Providing Interoperability through OCCI 1.1 Support for OpenNebula
rOCCI – Providing Interoperability through OCCI 1.1 Support for OpenNebularOCCI – Providing Interoperability through OCCI 1.1 Support for OpenNebula
rOCCI – Providing Interoperability through OCCI 1.1 Support for OpenNebula
 
High Performance Computing Cloud at SURFsara: Experiences with OpenNebula 3.x
High Performance Computing Cloud at SURFsara: Experiences with OpenNebula 3.xHigh Performance Computing Cloud at SURFsara: Experiences with OpenNebula 3.x
High Performance Computing Cloud at SURFsara: Experiences with OpenNebula 3.x
 
OpenNebula in a Multiuser Environment
OpenNebula in a Multiuser EnvironmentOpenNebula in a Multiuser Environment
OpenNebula in a Multiuser Environment
 
Making Clouds: Turning OpenNebula into a Product
Making Clouds: Turning OpenNebula into a ProductMaking Clouds: Turning OpenNebula into a Product
Making Clouds: Turning OpenNebula into a Product
 
Monitoring Large-scale Cloud Infrastructures with OpenNebula
Monitoring Large-scale Cloud Infrastructures with OpenNebulaMonitoring Large-scale Cloud Infrastructures with OpenNebula
Monitoring Large-scale Cloud Infrastructures with OpenNebula
 
CentOS and OpenNebula, a Perfect Match
CentOS and OpenNebula, a Perfect MatchCentOS and OpenNebula, a Perfect Match
CentOS and OpenNebula, a Perfect Match
 
Welcome talk unleashing the future of open-source enterprise cloud computing
Welcome talk unleashing the future of open-source enterprise cloud computingWelcome talk unleashing the future of open-source enterprise cloud computing
Welcome talk unleashing the future of open-source enterprise cloud computing
 
Monitoring of OpenNebula installations
Monitoring of OpenNebula installationsMonitoring of OpenNebula installations
Monitoring of OpenNebula installations
 
How Can OpenNebula Fit Your Needs: A European Project Feedback
How Can OpenNebula Fit Your Needs: A European Project FeedbackHow Can OpenNebula Fit Your Needs: A European Project Feedback
How Can OpenNebula Fit Your Needs: A European Project Feedback
 

Similar a Top Ten Security Considerations when Setting up your OpenNebula Cloud

Top ten security considerations when setting up your open nebula cloud
Top ten security considerations when setting up your open nebula cloudTop ten security considerations when setting up your open nebula cloud
Top ten security considerations when setting up your open nebula cloudinovex GmbH
 
Encryption in the Public Cloud: 16 Bits of Advice for Security Techniques
Encryption in the Public Cloud: 16 Bits of Advice for Security TechniquesEncryption in the Public Cloud: 16 Bits of Advice for Security Techniques
Encryption in the Public Cloud: 16 Bits of Advice for Security TechniquesTrend Micro
 
Interview Questions for Azure Security.pdf
Interview Questions for Azure Security.pdfInterview Questions for Azure Security.pdf
Interview Questions for Azure Security.pdfInfosec Train
 
Security in the Cloud: Tips on How to Protect Your Data
Security in the Cloud: Tips on How to Protect Your DataSecurity in the Cloud: Tips on How to Protect Your Data
Security in the Cloud: Tips on How to Protect Your DataProcore Technologies
 
A Secure Framework for Cloud Computing With Multi-cloud Service Providers
A Secure Framework for Cloud Computing With Multi-cloud Service ProvidersA Secure Framework for Cloud Computing With Multi-cloud Service Providers
A Secure Framework for Cloud Computing With Multi-cloud Service Providersiosrjce
 
A Study of Data Storage Security Issues in Cloud Computing
A Study of Data Storage Security Issues in Cloud ComputingA Study of Data Storage Security Issues in Cloud Computing
A Study of Data Storage Security Issues in Cloud Computingvivatechijri
 
Cloudsecurity
CloudsecurityCloudsecurity
Cloudsecuritydrewz lin
 
AWS Cloud Security From the Point of View of the Compliance
AWS Cloud Security From the Point of View of the ComplianceAWS Cloud Security From the Point of View of the Compliance
AWS Cloud Security From the Point of View of the ComplianceYury Chemerkin
 
AWS Security Challenges
AWS Security ChallengesAWS Security Challenges
AWS Security ChallengesSTO STRATEGY
 
Architecting Data Services for the Cloud: Security Considerations and Best Pr...
Architecting Data Services for the Cloud: Security Considerations and Best Pr...Architecting Data Services for the Cloud: Security Considerations and Best Pr...
Architecting Data Services for the Cloud: Security Considerations and Best Pr...Adnene Guabtni
 
Avoiding Container Vulnerabilities
Avoiding Container VulnerabilitiesAvoiding Container Vulnerabilities
Avoiding Container VulnerabilitiesMighty Guides, Inc.
 
O C T O B E R 2 0 1 4 V O L . 5 7 N O . 1 0 .docx
O C T O B E R 2 0 1 4 V O L . 5 7 N O . 1 0 .docxO C T O B E R 2 0 1 4 V O L . 5 7 N O . 1 0 .docx
O C T O B E R 2 0 1 4 V O L . 5 7 N O . 1 0 .docxvannagoforth
 

Similar a Top Ten Security Considerations when Setting up your OpenNebula Cloud (20)

Top ten security considerations when setting up your open nebula cloud
Top ten security considerations when setting up your open nebula cloudTop ten security considerations when setting up your open nebula cloud
Top ten security considerations when setting up your open nebula cloud
 
Encryption in the Public Cloud: 16 Bits of Advice for Security Techniques
Encryption in the Public Cloud: 16 Bits of Advice for Security TechniquesEncryption in the Public Cloud: 16 Bits of Advice for Security Techniques
Encryption in the Public Cloud: 16 Bits of Advice for Security Techniques
 
7 cloud security tips
7 cloud security tips7 cloud security tips
7 cloud security tips
 
Cloud security risks
Cloud security risksCloud security risks
Cloud security risks
 
Cloud security risks
Cloud security risksCloud security risks
Cloud security risks
 
Interview Questions for Azure Security.pdf
Interview Questions for Azure Security.pdfInterview Questions for Azure Security.pdf
Interview Questions for Azure Security.pdf
 
Security in the Cloud: Tips on How to Protect Your Data
Security in the Cloud: Tips on How to Protect Your DataSecurity in the Cloud: Tips on How to Protect Your Data
Security in the Cloud: Tips on How to Protect Your Data
 
Encryption in the Cloud
Encryption in the CloudEncryption in the Cloud
Encryption in the Cloud
 
I017225966
I017225966I017225966
I017225966
 
A Secure Framework for Cloud Computing With Multi-cloud Service Providers
A Secure Framework for Cloud Computing With Multi-cloud Service ProvidersA Secure Framework for Cloud Computing With Multi-cloud Service Providers
A Secure Framework for Cloud Computing With Multi-cloud Service Providers
 
A Study of Data Storage Security Issues in Cloud Computing
A Study of Data Storage Security Issues in Cloud ComputingA Study of Data Storage Security Issues in Cloud Computing
A Study of Data Storage Security Issues in Cloud Computing
 
Cloudsecurity
CloudsecurityCloudsecurity
Cloudsecurity
 
AWS Cloud Security From the Point of View of the Compliance
AWS Cloud Security From the Point of View of the ComplianceAWS Cloud Security From the Point of View of the Compliance
AWS Cloud Security From the Point of View of the Compliance
 
AWS Security Challenges
AWS Security ChallengesAWS Security Challenges
AWS Security Challenges
 
Architecting Data Services for the Cloud: Security Considerations and Best Pr...
Architecting Data Services for the Cloud: Security Considerations and Best Pr...Architecting Data Services for the Cloud: Security Considerations and Best Pr...
Architecting Data Services for the Cloud: Security Considerations and Best Pr...
 
Cloud Security_ Unit 4
Cloud Security_ Unit 4Cloud Security_ Unit 4
Cloud Security_ Unit 4
 
Avoiding Container Vulnerabilities
Avoiding Container VulnerabilitiesAvoiding Container Vulnerabilities
Avoiding Container Vulnerabilities
 
Cloud security
Cloud security Cloud security
Cloud security
 
Rik Ferguson
Rik FergusonRik Ferguson
Rik Ferguson
 
O C T O B E R 2 0 1 4 V O L . 5 7 N O . 1 0 .docx
O C T O B E R 2 0 1 4 V O L . 5 7 N O . 1 0 .docxO C T O B E R 2 0 1 4 V O L . 5 7 N O . 1 0 .docx
O C T O B E R 2 0 1 4 V O L . 5 7 N O . 1 0 .docx
 

Último

Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 

Último (20)

Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 

Top Ten Security Considerations when Setting up your OpenNebula Cloud

  • 1. Wir nutzen Technologien, um unsere Kunden glücklich zu machen. Und uns selbst. Security Considerations Securely Setting up your Open Nebula Cloud A top 10 Best Practise Guide OpenNebula Conf, September 25, 2013 in Berlin, Germany Nils Magnus inovex GmbH Senior System Engineer
  • 2. 25.09.13 Agenda and Preamble Protecting your Open Nebula Cloud I. Security is 90% architecture and 10% implementation. Apparently trivial suggestions form the base of your protection. II. Security is intrinsically understaffed. Management wants „quick wins“, team is looking to „get the job done“. Somehow. III. Security is not about checklists. If you are (or feel) responsible, you need to know your individual vulnerabilities. In this mode think like an attacker. Share my thoughts how to protect an Open Nebula cloud!
  • 3. 25.09.13 Security needs Ressources Don't underestimate the necessity of security. Assign proper ressources to adress this issue. Security is a costly investment in the future. It is a bargain compared to the loss of your main business processes. The possible damage scales to the same extend as your cloud itself.
  • 4. 25.09.13 Admin Account Protect access to the • ONE admin account, • the SunStone UI, and infrastructure. Once attackers gain unlawful access to your command bridge, your systems might be doomed. All of them.
  • 5. 25.09.13 VLAN Hopping Prevent VLAN hopping in the scope of your SDN and between physical hosts. Network virtualization with VLAN tagging comes very handy, but keep in mind that the very frames of all virtual segments may travel of a shared medium.
  • 6. 25.09.13 Environments Partition your cloud network segments into distinct security areas. Protect the different security environments and border them from each other. Actively separate maturity environments and different types of processed data.
  • 7. 25.09.13 Apply Classic Best Practises Anyway Despite in the cloud, nonetheless apply network security best practises like • firewalls, • intrusion detection, or • data leak prevention, based on the very requirements of your environment.
  • 8. 25.09.13 Host Protection Securing virtual machines is not enough. Make sure you also protect the access to all of your hosts, even if they are not designed to have users on them.
  • 9. 25.09.13 Key and User Management Set up a working SSH infrastructure and enforce it. Open Nebula heavily relies on a working and secured way to communicate with your hosts and virtual machines. Properly configured keys help both automating the system deployment process and restricting acess on a need-to-know basis.
  • 10. 25.09.13 Sensible Distrust Auto discovery and self registration to the inventory are powerful features that alleviate the system engineer's duties. But make sure that only known bare metal systems register into your cloud store and virtual ressources. Don't boot systems you don't have full control over.
  • 11. 25.09.13 Shared Storage Protect access to your shared storage. Several hosts have to access the images of all security environments. Rogue images injected in the right place might act as trojan horses in otherwise well-protected environments.
  • 12. 25.09.13 Availability Keep ressources in mind. One major advantage of virtualization is to share ressources like CPU or IO bandwidth. But some player in your cloud may or may not play fair. Those situations, both intended and unintended, threaten your availability. Enacting QoS measure could be helpful.
  • 13. 25.09.13 Wrap-up 1. assign proper ressources 2. protect your admin account 3. secure the networks 4. partition into environments 5. apply classic network security measures 6. protect your hosts 7. install a key infrastructure 8. authenticate all repositories 9. protect the shared storage 10. keep an eye on availability What did I say about lists, anyway?
  • 14. 25.09.13 Freedom is the brother of security. The great photos of this presentation are licensed under the free Creative Commons license (CC-BY SA) that allows use and redistribution (share alike) as long as you give proper attribution. A big thank you goes to: UCL Engineering for the chainmail: http://flickr.com/photos/uclengineering/6946862623 Jwalanta Shrestha for the multi lanes in Kathmandu: http://flickr.com/photos/jwalanta/4496289019/ Drgriz52 and the bears at the tent: http://flickr.com/photos/drbair_photography/3571049565/ Steve Tannock and his meadows of the Peak District: http://flickr.com/photos/stv/2586761094/ Chris McBrien for his photo of the blue keys: http://flickr.com/photos/cmcbrien/4715320000/ Sergio Morchon for the array of cannons: http://flickr.com/photos/smorchon/2951615532/ Simon Hooks for his shot of the Trojan Horse: http://flickr.com/photos/gogap/253649673/ Sam Greenhalgh took a photo of a rack in a data center: http://flickr.com/photos/80476901 Matt Peoples for the kegs: http://flickr.com/photos/leftymgp/7332282888/ Justin Ennis photographed the Swiss Guard in Rome: http://flickr.com/photos/averain/5307438963/ Schub@ took a photo a looking glass: http://flickr.com/photos/schubi74/5793584347 Maury Landsman for the applause: http://www.flickr.com/photos/mau3ry/3763640652 Sources and Acknowledgment
  • 15. 25.09.13 Thanks for listening! Questions? Contact Nils Magnus Senior System Engineer inovex GmbH Office Munich Valentin-Linhof-Str. 2 81829 Munich, Germany +49-173-3181-057 nils.magnus@inovex.de Agent L9 Oxycryocrypt