SlideShare una empresa de Scribd logo

Virtual Security in Cloud Networks

Descargar como PPTX, PDF
Marcelo Grebois
Marcelo Grebois

Understanding the difference between Cloud and Virtualization

TecnologíaEmpresariales
1 de 38
Flash Talk Privacy, Security and Trust Issues arising from Cloud Computing
Who Am I? Marcelo Grebois grebois@gmail.com www.linkedin.com/grebois @Grebois
General Idea and Agenda
Not Focusing on any vendor
Intended Audience This presentation is more theorical than technical so its main audience is; - All Sysadmins - Security Auditors - Infrastructure designers - Virtualization professionals
NIST definition of Cloud Computing “Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications , and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.”
What is NOT cloud computing NIST does not include virtualization as part of their cloud description so; CLOUD COMPUTING IS NOT VIRTUALIZATION Cloud Computing is a new paradigm that offers a number of new features. Any new paradigm has weaknesses characteristic to its very design.
The Power Grid Analogy
What they want us to believe - Totally secure - Management Free - Pay-as-you-go - No Downtime
network Network Admin Server Admin Application Owners ? Data Custodians Traditional Security Who’s Watching? VM Process Service VM Process Service VM Process Service VM Process Service VM Process Service Physical NICs VM Process Service VM VM VM Process Service VM Process Service Management VM Process Service VM Physical Network Virtual Network
Virtualization & Cloud Security What is so scary about “the cloud”? Today’s   ata  Center D Tomorrow’s   ublic  Cloud P ? ? ? ? ? We Have Control ? Who Has Control? It’s located at X. Where is it located? It’s stored in server’s Y, Z. Where is it stored? We have backups in place. Who backs it up? Our admins control access. Who has access? Our uptime is sufficient. How resilient is it? The auditors are happy. How do auditors observe? Our security team is engaged. How does our security team engage?
Market Analysis Gmail Google Apps SaaS – Software as a Service (Platform , Scaling and Hardware transparent) Live workspace Salesforce.com Increasing Virtualization Microsoft Force.com Sun Caroline PaaS – Platform as a Service Google app Microsoft Azure (Hardware Provisioning Hidden – Automatic Scaling) engine Amazon Simple DB Amazon HaaS – Hardware as a Service EC2/S3 Programmatic Interface for Hardware Provisioning In house hosted Bare Metal servers People Process based hardware provisioning EDS (Infrastructure Outsourcing) Flexibility of Offering
19
Lord of the Rings
The usual suspects
FOCUS ON DATA Don’t let one person managing all the devices • Enforce Separation of Duties (SOD) SOD makes sure that one individual cannot complete a critical task by himself. Avoid the same person can manage the hosts and the Virtual Machine Use Role Based Access Control • RBAC is the model used in Virtual Center
Authentication Network Access Control grants access to enterprise network resources is granted based upon authentication of the user and device as well as only if compliat with policy
Authorization Complexity in the Cloud overnance/Risk orkload Risk EC2 App Virt Web Service Policy App Guidance OS OS Best Practices Hypervisor BLADE SAN Coherence Security Posture and Behavior Coupling
Follow best practices Fabric: Lots of Configuration! 2
Enforce Strong Access Controls Security Implementation in Principle VI Least Roles with only Joe Privileges required privileges Separation of Roles applied only Harry Duties to required objects Administrator Operator User Anne
Keep follow best practices
Virtualization & Cloud Security Layers of a typical Cloud Service Application as a service SAAS PAAS IAAS Application software licensed for use as a Cloud Delivered service provided to customers on demand Services Platform as a service Optimized middleware – application servers, database servers, portal servers Infrastructure as a service Virtualized servers, storage, networking Business Support Services Cloud Platform Offering Mgmt, Customer Mgmt, Ordering Mgmt, Billing Operational Support Services Infrastructure Provisioning Instance, Image, Resource / Asset Mgmt Virtualized Resources Virtual Network, Server, Storage System Resources Network, Server, Storage Physical System and Environment
Virtualization & Cloud Security Cloud Security Application as a service Application software licensed for use as a Cloud Delivered service provided to customers on demand  Secure integration with existing Services Platform as a service enterprise security infrastructure Optimized middleware – application servers, database servers, portal servers  Federated identity / identity as a service  Authorization, entitlements Infrastructure as a service  Log, audit and compliance reporting Virtualized servers, storage, networking  Intrusion prevention Business Support Services Cloud Platform Offering Mgmt, Customer Mgmt, Ordering Mgmt, Billing  Process isolation, data segregation Operational Support Services  Control of privileged user access Infrastructure Provisioning Instance, Image, Resource / Asset Mgmt  Provisioning w/ security and location constraints Virtualized Resources  Image provenance, image & VM integrity Virtual Network, Server, Storage  Multi-tenant security services (identity, compliance reporting, etc.) System Resources Network, Server, Storage  Multi-tenant intrusion prevention  Consistency top-to-bottom Physical System and Environment
Virtualization & Cloud Security Cloud Security = SOA Security + Virtualization Security Application as a service Application software licensed for use as a Cloud Delivered service provided to customers on demand Services Platform as a service Optimized middleware – application servers, Service Oriented Architecture (SOA) database servers, portal servers Security Infrastructure as a service Virtualized servers, storage, networking Business Support Services Cloud Platform Offering Mgmt, Customer Mgmt, Ordering Mgmt, Billing Operational Support Services Infrastructure Provisioning Instance, Image, Resource / Asset Mgmt Virtualization Security Virtualized Resources Virtual Network, Server, Storage System Resources Network, Server, Storage Physical System and Environment
Incident Analysis • Most CSP does not provide incident analysis • Access to log is restricted to the customers • Forensics become almost impossible • CSP force you to trust in their security
Is not that bad! • Possible solutions are; • HIDS • Virtual Firewalls • Catbird Security • Vshield • Of course the old ones; • Data encryption • Data integrity check ( during VMs transfer )

Recomendados

20120620 moving to windows azure
20120620 moving to windows azure20120620 moving to windows azure
20120620 moving to windows azureLuis Martins
 
Comprendre l’offre IBM SmartCloud Foundation, Zoom sur PureSystems
Comprendre l’offre IBM SmartCloud Foundation, Zoom sur PureSystems Comprendre l’offre IBM SmartCloud Foundation, Zoom sur PureSystems
Comprendre l’offre IBM SmartCloud Foundation, Zoom sur PureSystems Claude Riousset
 
Data Center Convergentes - Carlos Spera - 20 de octubre - UY
Data Center Convergentes - Carlos Spera - 20 de octubre - UYData Center Convergentes - Carlos Spera - 20 de octubre - UY
Data Center Convergentes - Carlos Spera - 20 de octubre - UYLogicalis Latam
 
NIC 2013 - Configure and Deploy Private Cloud
NIC 2013 - Configure and Deploy Private CloudNIC 2013 - Configure and Deploy Private Cloud
NIC 2013 - Configure and Deploy Private CloudKristian Nese
 
FewebPlus @ microsoft 19 april 2010 cloud continuum
FewebPlus @ microsoft 19 april 2010 cloud continuumFewebPlus @ microsoft 19 april 2010 cloud continuum
FewebPlus @ microsoft 19 april 2010 cloud continuumTom Crombez
 
Ismael Intalio Cloud Benefits
Ismael Intalio Cloud BenefitsIsmael Intalio Cloud Benefits
Ismael Intalio Cloud BenefitsTomoaki Sawada
 
Prodware wa college - marcel meijer
Prodware wa college - marcel meijerProdware wa college - marcel meijer
Prodware wa college - marcel meijerFreelance Consultant / Manager / co-CTO
 
Hanu cloud computing expertise
Hanu cloud computing expertiseHanu cloud computing expertise
Hanu cloud computing expertiseHanu Software
 

Recomendados

20120620 moving to windows azure
20120620 moving to windows azure20120620 moving to windows azure
20120620 moving to windows azureLuis Martins
 
Comprendre l’offre IBM SmartCloud Foundation, Zoom sur PureSystems
Comprendre l’offre IBM SmartCloud Foundation, Zoom sur PureSystems Comprendre l’offre IBM SmartCloud Foundation, Zoom sur PureSystems
Comprendre l’offre IBM SmartCloud Foundation, Zoom sur PureSystems Claude Riousset
 
Data Center Convergentes - Carlos Spera - 20 de octubre - UY
Data Center Convergentes - Carlos Spera - 20 de octubre - UYData Center Convergentes - Carlos Spera - 20 de octubre - UY
Data Center Convergentes - Carlos Spera - 20 de octubre - UYLogicalis Latam
 
NIC 2013 - Configure and Deploy Private Cloud
NIC 2013 - Configure and Deploy Private CloudNIC 2013 - Configure and Deploy Private Cloud
NIC 2013 - Configure and Deploy Private CloudKristian Nese
 
FewebPlus @ microsoft 19 april 2010 cloud continuum
FewebPlus @ microsoft 19 april 2010 cloud continuumFewebPlus @ microsoft 19 april 2010 cloud continuum
FewebPlus @ microsoft 19 april 2010 cloud continuumTom Crombez
 
Ismael Intalio Cloud Benefits
Ismael Intalio Cloud BenefitsIsmael Intalio Cloud Benefits
Ismael Intalio Cloud BenefitsTomoaki Sawada
 
Prodware wa college - marcel meijer
Prodware wa college - marcel meijerProdware wa college - marcel meijer
Prodware wa college - marcel meijerFreelance Consultant / Manager / co-CTO
 
Hanu cloud computing expertise
Hanu cloud computing expertiseHanu cloud computing expertise
Hanu cloud computing expertiseHanu Software
 
Windows Azure UK Universities Bradford Uni
Windows Azure UK Universities Bradford UniWindows Azure UK Universities Bradford Uni
Windows Azure UK Universities Bradford UniLee Stott
 
Be Prepared for Tomorrow's IT Forecast Great Chance of Hybrid Clouds
Be Prepared for Tomorrow's IT Forecast Great Chance of Hybrid CloudsBe Prepared for Tomorrow's IT Forecast Great Chance of Hybrid Clouds
Be Prepared for Tomorrow's IT Forecast Great Chance of Hybrid CloudsEucalyptus Systems, Inc.
 
Paving the Way to IT-as-a-Service
Paving the Way to IT-as-a-ServicePaving the Way to IT-as-a-Service
Paving the Way to IT-as-a-Servicebuildacloud
 
Choosing Your Windows Azure Platform Strategy
Choosing Your Windows Azure Platform StrategyChoosing Your Windows Azure Platform Strategy
Choosing Your Windows Azure Platform Strategydrmarcustillett
 
BOI 2011 - Be what's next
BOI 2011 - Be what's nextBOI 2011 - Be what's next
BOI 2011 - Be what's nextTudor Damian
 
A Practical Approach to Delivering Cloud Platforms Using Novell Solutions: Ho...
A Practical Approach to Delivering Cloud Platforms Using Novell Solutions: Ho...A Practical Approach to Delivering Cloud Platforms Using Novell Solutions: Ho...
A Practical Approach to Delivering Cloud Platforms Using Novell Solutions: Ho...Novell
 
Private cloud, the Good, the Bad and the Ugly
Private cloud, the Good, the Bad and the UglyPrivate cloud, the Good, the Bad and the Ugly
Private cloud, the Good, the Bad and the UglyTudor Damian
 
Building your private cloud the ncs experience harrison lee
Building your private cloud the ncs experience harrison leeBuilding your private cloud the ncs experience harrison lee
Building your private cloud the ncs experience harrison leeMicrosoft Singapore
 
Private cloud infrastructure configure and deploy 24 hiapc fabrizio volpe
Private cloud infrastructure configure and deploy 24 hiapc fabrizio volpePrivate cloud infrastructure configure and deploy 24 hiapc fabrizio volpe
Private cloud infrastructure configure and deploy 24 hiapc fabrizio volpeFabrizio Volpe
 
.NetCampus Windows Azure Mobile
.NetCampus Windows Azure Mobile.NetCampus Windows Azure Mobile
.NetCampus Windows Azure Mobileantimo musone
 
Roger boesch news xd_xa_nov (1)
Roger boesch news xd_xa_nov (1)Roger boesch news xd_xa_nov (1)
Roger boesch news xd_xa_nov (1)Digicomp Academy AG
 
An introduction to Citrix CloudPlatform (powered by Apache CloudStack), Citri...
An introduction to Citrix CloudPlatform (powered by Apache CloudStack), Citri...An introduction to Citrix CloudPlatform (powered by Apache CloudStack), Citri...
An introduction to Citrix CloudPlatform (powered by Apache CloudStack), Citri...ShapeBlue
 
PHP Day 2011 PHP goes to the cloud
PHP Day 2011 PHP goes to the cloudPHP Day 2011 PHP goes to the cloud
PHP Day 2011 PHP goes to the cloudpietrobr
 
Mon1420 build clouds-oliviermaes-citrix
Mon1420 build clouds-oliviermaes-citrixMon1420 build clouds-oliviermaes-citrix
Mon1420 build clouds-oliviermaes-citrixeurocloud
 
CCitDG Presenation
CCitDG PresenationCCitDG Presenation
CCitDG PresenationDatabarracks
 
Layer 7 & Burton Group: New Cloud Security Model Requirements
Layer 7 & Burton Group: New Cloud Security Model RequirementsLayer 7 & Burton Group: New Cloud Security Model Requirements
Layer 7 & Burton Group: New Cloud Security Model RequirementsCA API Management
 
IT Management Firestarter
IT Management FirestarterIT Management Firestarter
IT Management FirestarterBala Subra
 
Azure for the ITPro
Azure for the ITProAzure for the ITPro
Azure for the ITProEnrique Lima
 
Harness the Power of the Cloud
Harness the Power of the CloudHarness the Power of the Cloud
Harness the Power of the CloudInnoTech
 
System Center 2012: Bringing the Microsoft Private Cloud Down to Earth
System Center 2012: Bringing the Microsoft Private Cloud Down to EarthSystem Center 2012: Bringing the Microsoft Private Cloud Down to Earth
System Center 2012: Bringing the Microsoft Private Cloud Down to EarthInnoTech
 
Windows Azure Overview
Windows Azure OverviewWindows Azure Overview
Windows Azure OverviewStefano Paluello
 
[Dubravko marak] Kako kreirati private cloud koristeći sistem centar 2012
[Dubravko marak] Kako kreirati private cloud koristeći sistem centar 2012[Dubravko marak] Kako kreirati private cloud koristeći sistem centar 2012
[Dubravko marak] Kako kreirati private cloud koristeći sistem centar 2012Dubravko Marak
 

Más contenido relacionado

La actualidad más candente

Windows Azure UK Universities Bradford Uni
Windows Azure UK Universities Bradford UniWindows Azure UK Universities Bradford Uni
Windows Azure UK Universities Bradford UniLee Stott
 
Be Prepared for Tomorrow's IT Forecast Great Chance of Hybrid Clouds
Be Prepared for Tomorrow's IT Forecast Great Chance of Hybrid CloudsBe Prepared for Tomorrow's IT Forecast Great Chance of Hybrid Clouds
Be Prepared for Tomorrow's IT Forecast Great Chance of Hybrid CloudsEucalyptus Systems, Inc.
 
Paving the Way to IT-as-a-Service
Paving the Way to IT-as-a-ServicePaving the Way to IT-as-a-Service
Paving the Way to IT-as-a-Servicebuildacloud
 
Choosing Your Windows Azure Platform Strategy
Choosing Your Windows Azure Platform StrategyChoosing Your Windows Azure Platform Strategy
Choosing Your Windows Azure Platform Strategydrmarcustillett
 
BOI 2011 - Be what's next
BOI 2011 - Be what's nextBOI 2011 - Be what's next
BOI 2011 - Be what's nextTudor Damian
 
A Practical Approach to Delivering Cloud Platforms Using Novell Solutions: Ho...
A Practical Approach to Delivering Cloud Platforms Using Novell Solutions: Ho...A Practical Approach to Delivering Cloud Platforms Using Novell Solutions: Ho...
A Practical Approach to Delivering Cloud Platforms Using Novell Solutions: Ho...Novell
 
Private cloud, the Good, the Bad and the Ugly
Private cloud, the Good, the Bad and the UglyPrivate cloud, the Good, the Bad and the Ugly
Private cloud, the Good, the Bad and the UglyTudor Damian
 
Building your private cloud the ncs experience harrison lee
Building your private cloud the ncs experience harrison leeBuilding your private cloud the ncs experience harrison lee
Building your private cloud the ncs experience harrison leeMicrosoft Singapore
 
Private cloud infrastructure configure and deploy 24 hiapc fabrizio volpe
Private cloud infrastructure configure and deploy 24 hiapc fabrizio volpePrivate cloud infrastructure configure and deploy 24 hiapc fabrizio volpe
Private cloud infrastructure configure and deploy 24 hiapc fabrizio volpeFabrizio Volpe
 
.NetCampus Windows Azure Mobile
.NetCampus Windows Azure Mobile.NetCampus Windows Azure Mobile
.NetCampus Windows Azure Mobileantimo musone
 
An introduction to Citrix CloudPlatform (powered by Apache CloudStack), Citri...
An introduction to Citrix CloudPlatform (powered by Apache CloudStack), Citri...An introduction to Citrix CloudPlatform (powered by Apache CloudStack), Citri...
An introduction to Citrix CloudPlatform (powered by Apache CloudStack), Citri...ShapeBlue
 
PHP Day 2011 PHP goes to the cloud
PHP Day 2011 PHP goes to the cloudPHP Day 2011 PHP goes to the cloud
PHP Day 2011 PHP goes to the cloudpietrobr
 
Mon1420 build clouds-oliviermaes-citrix
Mon1420 build clouds-oliviermaes-citrixMon1420 build clouds-oliviermaes-citrix
Mon1420 build clouds-oliviermaes-citrixeurocloud
 
CCitDG Presenation
CCitDG PresenationCCitDG Presenation
CCitDG PresenationDatabarracks
 
Layer 7 & Burton Group: New Cloud Security Model Requirements
Layer 7 & Burton Group: New Cloud Security Model RequirementsLayer 7 & Burton Group: New Cloud Security Model Requirements
Layer 7 & Burton Group: New Cloud Security Model RequirementsCA API Management
 
IT Management Firestarter
IT Management FirestarterIT Management Firestarter
IT Management FirestarterBala Subra
 
Azure for the ITPro
Azure for the ITProAzure for the ITPro
Azure for the ITProEnrique Lima
 
Harness the Power of the Cloud
Harness the Power of the CloudHarness the Power of the Cloud
Harness the Power of the CloudInnoTech
 
System Center 2012: Bringing the Microsoft Private Cloud Down to Earth
System Center 2012: Bringing the Microsoft Private Cloud Down to EarthSystem Center 2012: Bringing the Microsoft Private Cloud Down to Earth
System Center 2012: Bringing the Microsoft Private Cloud Down to EarthInnoTech
 

La actualidad más candente (20)

Windows Azure UK Universities Bradford Uni
Windows Azure UK Universities Bradford UniWindows Azure UK Universities Bradford Uni
Windows Azure UK Universities Bradford Uni
 
Be Prepared for Tomorrow's IT Forecast Great Chance of Hybrid Clouds
Be Prepared for Tomorrow's IT Forecast Great Chance of Hybrid CloudsBe Prepared for Tomorrow's IT Forecast Great Chance of Hybrid Clouds
Be Prepared for Tomorrow's IT Forecast Great Chance of Hybrid Clouds
 
Paving the Way to IT-as-a-Service
Paving the Way to IT-as-a-ServicePaving the Way to IT-as-a-Service
Paving the Way to IT-as-a-Service
 
Choosing Your Windows Azure Platform Strategy
Choosing Your Windows Azure Platform StrategyChoosing Your Windows Azure Platform Strategy
Choosing Your Windows Azure Platform Strategy
 
BOI 2011 - Be what's next
BOI 2011 - Be what's nextBOI 2011 - Be what's next
BOI 2011 - Be what's next
 
A Practical Approach to Delivering Cloud Platforms Using Novell Solutions: Ho...
A Practical Approach to Delivering Cloud Platforms Using Novell Solutions: Ho...A Practical Approach to Delivering Cloud Platforms Using Novell Solutions: Ho...
A Practical Approach to Delivering Cloud Platforms Using Novell Solutions: Ho...
 
Private cloud, the Good, the Bad and the Ugly
Private cloud, the Good, the Bad and the UglyPrivate cloud, the Good, the Bad and the Ugly
Private cloud, the Good, the Bad and the Ugly
 
Building your private cloud the ncs experience harrison lee
Building your private cloud the ncs experience harrison leeBuilding your private cloud the ncs experience harrison lee
Building your private cloud the ncs experience harrison lee
 
Private cloud infrastructure configure and deploy 24 hiapc fabrizio volpe
Private cloud infrastructure configure and deploy 24 hiapc fabrizio volpePrivate cloud infrastructure configure and deploy 24 hiapc fabrizio volpe
Private cloud infrastructure configure and deploy 24 hiapc fabrizio volpe
 
.NetCampus Windows Azure Mobile
.NetCampus Windows Azure Mobile.NetCampus Windows Azure Mobile
.NetCampus Windows Azure Mobile
 
Roger boesch news xd_xa_nov (1)
Roger boesch news xd_xa_nov (1)Roger boesch news xd_xa_nov (1)
Roger boesch news xd_xa_nov (1)
 
An introduction to Citrix CloudPlatform (powered by Apache CloudStack), Citri...
An introduction to Citrix CloudPlatform (powered by Apache CloudStack), Citri...An introduction to Citrix CloudPlatform (powered by Apache CloudStack), Citri...
An introduction to Citrix CloudPlatform (powered by Apache CloudStack), Citri...
 
PHP Day 2011 PHP goes to the cloud
PHP Day 2011 PHP goes to the cloudPHP Day 2011 PHP goes to the cloud
PHP Day 2011 PHP goes to the cloud
 
Mon1420 build clouds-oliviermaes-citrix
Mon1420 build clouds-oliviermaes-citrixMon1420 build clouds-oliviermaes-citrix
Mon1420 build clouds-oliviermaes-citrix
 
CCitDG Presenation
CCitDG PresenationCCitDG Presenation
CCitDG Presenation
 
Layer 7 & Burton Group: New Cloud Security Model Requirements
Layer 7 & Burton Group: New Cloud Security Model RequirementsLayer 7 & Burton Group: New Cloud Security Model Requirements
Layer 7 & Burton Group: New Cloud Security Model Requirements
 
IT Management Firestarter
IT Management FirestarterIT Management Firestarter
IT Management Firestarter
 
Azure for the ITPro
Azure for the ITProAzure for the ITPro
Azure for the ITPro
 
Harness the Power of the Cloud
Harness the Power of the CloudHarness the Power of the Cloud
Harness the Power of the Cloud
 
System Center 2012: Bringing the Microsoft Private Cloud Down to Earth
System Center 2012: Bringing the Microsoft Private Cloud Down to EarthSystem Center 2012: Bringing the Microsoft Private Cloud Down to Earth
System Center 2012: Bringing the Microsoft Private Cloud Down to Earth
 

Similar a Virtual Security in Cloud Networks

[Dubravko marak] Kako kreirati private cloud koristeći sistem centar 2012
[Dubravko marak] Kako kreirati private cloud koristeći sistem centar 2012[Dubravko marak] Kako kreirati private cloud koristeći sistem centar 2012
[Dubravko marak] Kako kreirati private cloud koristeći sistem centar 2012Dubravko Marak
 
Patterns of Cloud Applications Using Microsoft Azure Services Platform
Patterns of Cloud Applications Using Microsoft Azure Services PlatformPatterns of Cloud Applications Using Microsoft Azure Services Platform
Patterns of Cloud Applications Using Microsoft Azure Services PlatformDavid Chou
 
Symantec VMworld 2011 News
Symantec VMworld 2011 NewsSymantec VMworld 2011 News
Symantec VMworld 2011 NewsSymantec
 
Microsoft PaaS Cloud Windows Azure Platform
Microsoft PaaS Cloud Windows Azure PlatformMicrosoft PaaS Cloud Windows Azure Platform
Microsoft PaaS Cloud Windows Azure PlatformEsri
 
Systems Integration in the Cloud Era - API vs. Integration Framework vs. Ente...
Systems Integration in the Cloud Era - API vs. Integration Framework vs. Ente...Systems Integration in the Cloud Era - API vs. Integration Framework vs. Ente...
Systems Integration in the Cloud Era - API vs. Integration Framework vs. Ente...Kai Wähner
 
Nlgug grails in the cloud
Nlgug grails in the cloudNlgug grails in the cloud
Nlgug grails in the cloudmalderhout
 
Cloud computing NIC 2012
Cloud computing NIC 2012Cloud computing NIC 2012
Cloud computing NIC 2012Kristian Nese
 
Windows Azure Platform Overview
Windows Azure Platform OverviewWindows Azure Platform Overview
Windows Azure Platform OverviewRobert MacLean
 
System Center 2012 Overview
System Center 2012 OverviewSystem Center 2012 Overview
System Center 2012 OverviewAmit Gatenyo
 
The role of hyper-v in nist model
The role of hyper-v in nist modelThe role of hyper-v in nist model
The role of hyper-v in nist modelAlexey Bokov
 
Microsoft Techready -21 aprilie 2011
Microsoft Techready -21 aprilie 2011Microsoft Techready -21 aprilie 2011
Microsoft Techready -21 aprilie 2011Agora Group
 
Brief about Windows Azure Platform
Brief about Windows Azure Platform Brief about Windows Azure Platform
Brief about Windows Azure Platform K.Mohamed Faizal
 
Windows Azure: Is Azure right for you?
Windows Azure: Is Azure right for you?Windows Azure: Is Azure right for you?
Windows Azure: Is Azure right for you?Intergen
 
Amazon web services,
Amazon web services,Amazon web services,
Amazon web services,Chetan Goenka
 

Similar a Virtual Security in Cloud Networks (20)

Windows Azure Overview
Windows Azure OverviewWindows Azure Overview
Windows Azure Overview
 
[Dubravko marak] Kako kreirati private cloud koristeći sistem centar 2012
[Dubravko marak] Kako kreirati private cloud koristeći sistem centar 2012[Dubravko marak] Kako kreirati private cloud koristeći sistem centar 2012
[Dubravko marak] Kako kreirati private cloud koristeći sistem centar 2012
 
PHP in the Cloud
PHP in the CloudPHP in the Cloud
PHP in the Cloud
 
Patterns of Cloud Applications Using Microsoft Azure Services Platform
Patterns of Cloud Applications Using Microsoft Azure Services PlatformPatterns of Cloud Applications Using Microsoft Azure Services Platform
Patterns of Cloud Applications Using Microsoft Azure Services Platform
 
Symantec VMworld 2011 News
Symantec VMworld 2011 NewsSymantec VMworld 2011 News
Symantec VMworld 2011 News
 
Microsoft PaaS Cloud Windows Azure Platform
Microsoft PaaS Cloud Windows Azure PlatformMicrosoft PaaS Cloud Windows Azure Platform
Microsoft PaaS Cloud Windows Azure Platform
 
Systems Integration in the Cloud Era - API vs. Integration Framework vs. Ente...
Systems Integration in the Cloud Era - API vs. Integration Framework vs. Ente...Systems Integration in the Cloud Era - API vs. Integration Framework vs. Ente...
Systems Integration in the Cloud Era - API vs. Integration Framework vs. Ente...
 
Nlgug grails in the cloud
Nlgug grails in the cloudNlgug grails in the cloud
Nlgug grails in the cloud
 
Cloud computing NIC 2012
Cloud computing NIC 2012Cloud computing NIC 2012
Cloud computing NIC 2012
 
Windows Azure Platform Overview
Windows Azure Platform OverviewWindows Azure Platform Overview
Windows Azure Platform Overview
 
System Center 2012 Overview
System Center 2012 OverviewSystem Center 2012 Overview
System Center 2012 Overview
 
The role of hyper-v in nist model
The role of hyper-v in nist modelThe role of hyper-v in nist model
The role of hyper-v in nist model
 
Microsoft Techready -21 aprilie 2011
Microsoft Techready -21 aprilie 2011Microsoft Techready -21 aprilie 2011
Microsoft Techready -21 aprilie 2011
 
Brief about Windows Azure Platform
Brief about Windows Azure Platform Brief about Windows Azure Platform
Brief about Windows Azure Platform
 
Cloud computing overview
Cloud computing overviewCloud computing overview
Cloud computing overview
 
Cloud taxonomy yong kigkeat
Cloud taxonomy yong kigkeatCloud taxonomy yong kigkeat
Cloud taxonomy yong kigkeat
 
IBM Cloud Strategy
IBM Cloud StrategyIBM Cloud Strategy
IBM Cloud Strategy
 
Windows Azure: Is Azure right for you?
Windows Azure: Is Azure right for you?Windows Azure: Is Azure right for you?
Windows Azure: Is Azure right for you?
 
Intalio Cloud Benefits
Intalio Cloud Benefits Intalio Cloud Benefits
Intalio Cloud Benefits
 
Amazon web services,
Amazon web services,Amazon web services,
Amazon web services,
 

Último

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdfSandro Moreira
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusZilliz
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfOrbitshub
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Zilliz
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Angeliki Cooney
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...apidays
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKJago de Vreede
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024The Digital Insurer
 

Último (20)

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 

Virtual Security in Cloud Networks

  • 1. Flash Talk Privacy, Security and Trust Issues arising from Cloud Computing
  • 2. Who Am I? Marcelo Grebois grebois@gmail.com www.linkedin.com/grebois @Grebois
  • 4. Not Focusing on any vendor
  • 5. Intended Audience This presentation is more theorical than technical so its main audience is; - All Sysadmins - Security Auditors - Infrastructure designers - Virtualization professionals
  • 6. NIST definition of Cloud Computing “Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications , and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.”
  • 7. What is NOT cloud computing NIST does not include virtualization as part of their cloud description so; CLOUD COMPUTING IS NOT VIRTUALIZATION Cloud Computing is a new paradigm that offers a number of new features. Any new paradigm has weaknesses characteristic to its very design.
  • 8. The Power Grid Analogy
  • 9. What they want us to believe - Totally secure - Management Free - Pay-as-you-go - No Downtime
  • 10.
  • 11. network Network Admin Server Admin Application Owners ? Data Custodians Traditional Security Who’s Watching? VM Process Service VM Process Service VM Process Service VM Process Service VM Process Service Physical NICs VM Process Service VM VM VM Process Service VM Process Service Management VM Process Service VM Physical Network Virtual Network
  • 12. Virtualization & Cloud Security What is so scary about “the cloud”? Today’s   ata  Center D Tomorrow’s   ublic  Cloud P ? ? ? ? ? We Have Control ? Who Has Control? It’s located at X. Where is it located? It’s stored in server’s Y, Z. Where is it stored? We have backups in place. Who backs it up? Our admins control access. Who has access? Our uptime is sufficient. How resilient is it? The auditors are happy. How do auditors observe? Our security team is engaged. How does our security team engage?
  • 13.
  • 14.
  • 15.
  • 16. Market Analysis Gmail Google Apps SaaS – Software as a Service (Platform , Scaling and Hardware transparent) Live workspace Salesforce.com Increasing Virtualization Microsoft Force.com Sun Caroline PaaS – Platform as a Service Google app Microsoft Azure (Hardware Provisioning Hidden – Automatic Scaling) engine Amazon Simple DB Amazon HaaS – Hardware as a Service EC2/S3 Programmatic Interface for Hardware Provisioning In house hosted Bare Metal servers People Process based hardware provisioning EDS (Infrastructure Outsourcing) Flexibility of Offering
  • 17.
  • 18.
  • 19. 19
  • 20.
  • 21.
  • 22. Lord of the Rings
  • 24.
  • 25. FOCUS ON DATA Don’t let one person managing all the devices • Enforce Separation of Duties (SOD) SOD makes sure that one individual cannot complete a critical task by himself. Avoid the same person can manage the hosts and the Virtual Machine Use Role Based Access Control • RBAC is the model used in Virtual Center
  • 26. Authentication Network Access Control grants access to enterprise network resources is granted based upon authentication of the user and device as well as only if compliat with policy
  • 27. Authorization Complexity in the Cloud overnance/Risk orkload Risk EC2 App Virt Web Service Policy App Guidance OS OS Best Practices Hypervisor BLADE SAN Coherence Security Posture and Behavior Coupling
  • 28. Follow best practices Fabric: Lots of Configuration! 2
  • 29. Enforce Strong Access Controls Security Implementation in Principle VI Least Roles with only Joe Privileges required privileges Separation of Roles applied only Harry Duties to required objects Administrator Operator User Anne
  • 30. Keep follow best practices
  • 31.
  • 32. Virtualization & Cloud Security Layers of a typical Cloud Service Application as a service SAAS PAAS IAAS Application software licensed for use as a Cloud Delivered service provided to customers on demand Services Platform as a service Optimized middleware – application servers, database servers, portal servers Infrastructure as a service Virtualized servers, storage, networking Business Support Services Cloud Platform Offering Mgmt, Customer Mgmt, Ordering Mgmt, Billing Operational Support Services Infrastructure Provisioning Instance, Image, Resource / Asset Mgmt Virtualized Resources Virtual Network, Server, Storage System Resources Network, Server, Storage Physical System and Environment
  • 33. Virtualization & Cloud Security Cloud Security Application as a service Application software licensed for use as a Cloud Delivered service provided to customers on demand  Secure integration with existing Services Platform as a service enterprise security infrastructure Optimized middleware – application servers, database servers, portal servers  Federated identity / identity as a service  Authorization, entitlements Infrastructure as a service  Log, audit and compliance reporting Virtualized servers, storage, networking  Intrusion prevention Business Support Services Cloud Platform Offering Mgmt, Customer Mgmt, Ordering Mgmt, Billing  Process isolation, data segregation Operational Support Services  Control of privileged user access Infrastructure Provisioning Instance, Image, Resource / Asset Mgmt  Provisioning w/ security and location constraints Virtualized Resources  Image provenance, image & VM integrity Virtual Network, Server, Storage  Multi-tenant security services (identity, compliance reporting, etc.) System Resources Network, Server, Storage  Multi-tenant intrusion prevention  Consistency top-to-bottom Physical System and Environment
  • 34. Virtualization & Cloud Security Cloud Security = SOA Security + Virtualization Security Application as a service Application software licensed for use as a Cloud Delivered service provided to customers on demand Services Platform as a service Optimized middleware – application servers, Service Oriented Architecture (SOA) database servers, portal servers Security Infrastructure as a service Virtualized servers, storage, networking Business Support Services Cloud Platform Offering Mgmt, Customer Mgmt, Ordering Mgmt, Billing Operational Support Services Infrastructure Provisioning Instance, Image, Resource / Asset Mgmt Virtualization Security Virtualized Resources Virtual Network, Server, Storage System Resources Network, Server, Storage Physical System and Environment
  • 35.
  • 36. Incident Analysis • Most CSP does not provide incident analysis • Access to log is restricted to the customers • Forensics become almost impossible • CSP force you to trust in their security
  • 37.
  • 38. Is not that bad! • Possible solutions are; • HIDS • Virtual Firewalls • Catbird Security • Vshield • Of course the old ones; • Data encryption • Data integrity check ( during VMs transfer )

Notas del editor

  1. http://news.cnet.com/twitter-phishing-scam-may-be-spreading/
  2. http://community.ca.com/blogs/securityadvisor/archive/2009/12/09/zeus-in-the-cloud.aspx