CloudStack Secured

•Descargar como PPTX, PDF•

2 recomendaciones•1,645 vistas

John Kinsella

My talk from CloudStack Collab 2012

Tecnología

CloudStack Secured

John Kinsella
@johnlkinsella
Apache CloudStack PPMC
Founder, Stratosec Inc.

Overview

• Code Review
• Incident response
• Stratosec extras
• What’s next

Manual review
• Process of combing code looking for flaws
• “Targeted” manual review can be
cheaper, easier
• Grepping for known patterns can quickly point
to issues in code
– “crypt”
– “password”
– “FIXME”
– “this is a hack”

Manual review, cont
• Once we find an area where there’s a “smell,”
we investigate closer.

Static analysis
• Automated!
• Automation good, right?
• But tools usually not cheap.

What does this get us?
So far, not much.

• No critical findings discovered
• Low issues possible
(eg raw error message displayed in UI)

Good guys vs bad guys

governments

$$

Malicious
user

Community

Incident response
• Report findings to ACS security team (PPMC)
• We strive to investigate and respond ASAP
• Verified issues
• Pre-4.0 issues are forwarded to Citrix
• Pre-notification list for critical vendors

(Gizoogle cloudstack security response)

SSL
• ACS Ships with SSL disabled.
• Instructions in ACS wiki under “CloudStack
Security”

VPNs
• SSL is nice, but we like OpenVPN for any
administrative access
• Con: iOS doesn’t like OpenVPN*

*Jailbroken iOS does like OpenVPN

Tighter firewalling
• If you place unprotected hypervisors on public
Internet, after several days, you will find VMs
at a grub prompt
• Firewall everything. Use VPN, but firewall that
too.

Testing
• Vulnerability scanning
• Penetration testing
• Important – monitoring for changes

IDS
• Run snort on hypervisors monitoring bridges
• Run OSSEC, monitoring anything sensitive
– /etc
• AntiVirus? Shouldn’t have to…

Two Factor Authentication
• Becoming more and more common
• Passwords aren’t enough
– Guessable
– Stealable
– Sniffable, when you’re not using SSL/VPN

2FA any day now…
• WiKID Systems 2 factor auth
• “Mutual HTTPS Authentication”
• Code seems to be working, just need to tweak
build

What’s next
• Admin login notification
• KVM + SELinux
– Working on it – not production ready
• After SELinux, auditd
• Goal: Provide users with transparency

Logging
• We collect/analyze logs from
– All IDS
– Network firewalls
– Web application firewalls
– Syslog (Management, node, AND VM) collected
centrally

We’d love help
• Security Frameworks
• Security plugins (authentication, monitoring)
• grsecurity support?
• Further xen hardening?
• Ideas?

http://cloudstack.org

Thanks! Questions?

John Kinsella
@johnlkinsella
http://www.slideshare.net/jlkinsel/

Más contenido relacionado

La actualidad más candente

[OWASP Poland Day] A study of Electron security

OWASP

Large enterprise SIEM: get ready for oversize

Mona Arkhipova

Cloud computing

Abderrahmane TEKFI

SeattleFall1

Victor Angelbeat

CSW2017 chuanda ding_state of windows application security

CanSecWest

Jiangping Xu, Microsoft With a rapid growing of M365 Office customers, the security scanning coverage has been tripled in years and it keeps scaling. Making all Office service machines compliant and security patching up to date within different product environments is challenging and require a growing mindset and scalable engineering solution. In this session, we introduce approaches and security scanning infrastructures we build to support large scale of service machines. We will discuss how to detect unhealthy scanners and hosts across M365 services and how to make monitoring and alerts intelligent and action based.

BlueHat v18 || Scaling security scanning

BlueHat Security Conference

General Electric Migrates to Zenoss 5.0

Zenoss

Two models for running automated security tests in a CI/CD pipeline: either blocking or parallel security tests Integration depends on the level of cultural integration of security into DevOps. 3 Models of test ownership: 1. Owned by Security team - least desirable 2. Owned by DevOps, overseen by security - better 3. Owned by SecDevOps, look Ma, no silos. Overview of BDD-Security Configuring Jenkins with BDD-Security as inline tests

Automating security tests for Continuous Integration

Stephen de Vries

Making AI based monitoring a platform feature with the power of BOSH

VMware Tanzu

Halo Installfest Slides

CloudPassage

I would like to thank all who participates in the webinar, it was a great pleasure to share and contribute, Below are the links to the record of the Webinar, All the Webinar: Just the Demo: you can also find all the slides the HEAT template file, the CLI and all the materials used in this webinar here: The OpenStack VM all-in-one: https://www.dropbox.com/s/501ul31o6ilnmv3/coa-aio-newton.ova?dl=0 All the materials: https://drive.google.com/drive/folders/1dTSe4n2m3VoevIHZGT_q8uZIV7_f9ZJt?usp=sharing Thanks to Racim and to the ELIANIS TECHNOLOGIES team. Special thanks to our REDHAT ARCHITECT Sir. Djelloul Bouida for attending the webinar and all our group member. For those who didn't join our Group, here the link to our Group on Facebook: https://www.facebook.com/groups/475301352862998/

Introduction to Orchestration and DevOps with OpenStack

Abderrahmane TEKFI

Continuous Security Testing in a Devops World #OWASPHelsinki

Stephen de Vries

About Zabbix Software: Zabbix is an enterprise-class open source distributed monitoring solution designed to monitor and track performance and availability of network servers, devices, services and other IT resources. Zabbix is an all-in-one monitoring solution that allows users to collect, store, manage and analyze information received from IT infrastructure, as well as display on-screen, and alert by e-mail, SMS or Jabber when thresholds are reached. Zabbix allows administrators to recognize server and device problems within a short period of time and therefore reduces the system downtime and risk of system failure. The monitoring solution is being actively used by SMBs and large enterprises across all industries and almost in every country of the world.

Introduction to Zabbix - Company, Product, Services and Use Cases

Zabbix

Automating OpenStack clouds and beyond w/ StackStorm

OpenStack_Online

All Your Containers Are Belong To Us

Lacework

Andy has made mistakes. He's seen even more. And in this talk he details the best and the worst of the container and Kubernetes security problems he's experienced, exploited, and remediated. This talk details low level exploitable issues with container and Kubernetes deployments. We focus on lessons learned, and show attendees how to ensure that they do not fall victim to avoidable attacks. See how to bypass security controls and exploit insecure defaults in this technical appraisal of the container and cluster security landscape.

The Future of Security and Productivity in Our Newly Remote World

DevOps.com

DevOps enables companies to deliver innovations faster to market. But with multiple functional teams collaborating on development, and so many moving parts, security is often left out of the DevOps process and then tacked on at the end - delaying deployment into production and negating many of the benefits of DevOps. Presented by renowned industry expert Prof. Avishai Wool, this new technical webinar will cover best practices for incorporating security into the DevOps lifecycle. This insight will help ensure better collaboration between security and the development teams right from the start and reduce the time, cost and risk of deploying applications into production. In this webinar Professor Wool will cover how to: •Identify and map existing applications and their connectivity flows to establish a baseline •Adjust application connectivity for each stage of the DevOps lifecycle – without coding •Automatically deploy connectivity throughout the development lifecycle using templates •Proactively assess risk and compliance throughout the DevOps process •Manage and maintain security in the production environment

DevSecOps: Putting the Sec into the DevOps

shira koper

CSW2017 Scott kelly secureboot-csw2017-v1

CanSecWest

Using OpenStack to Control VM Chaos

David Strom

CSW2017 Minrui yan+Jianhao-liu a visualization tool for evaluating can-bus cy...

CanSecWest

La actualidad más candente (20)

[OWASP Poland Day] A study of Electron security

Large enterprise SIEM: get ready for oversize

Cloud computing

SeattleFall1

CSW2017 chuanda ding_state of windows application security

BlueHat v18 || Scaling security scanning

General Electric Migrates to Zenoss 5.0

Automating security tests for Continuous Integration

Making AI based monitoring a platform feature with the power of BOSH

Halo Installfest Slides

Introduction to Orchestration and DevOps with OpenStack

Continuous Security Testing in a Devops World #OWASPHelsinki

Introduction to Zabbix - Company, Product, Services and Use Cases

Automating OpenStack clouds and beyond w/ StackStorm

All Your Containers Are Belong To Us

The Future of Security and Productivity in Our Newly Remote World

DevSecOps: Putting the Sec into the DevOps

CSW2017 Scott kelly secureboot-csw2017-v1

Using OpenStack to Control VM Chaos

CSW2017 Minrui yan+Jianhao-liu a visualization tool for evaluating can-bus cy...

Similar a CloudStack Secured

Nate Warfield, Microsoft Ben Ridgway, Microsoft MongoDB, Redis, Elastic, Hadoop, SMBv1, IIS6.0, Samba. What do they all have in common? Thousands of them were pwned. In Azure. In 2017. Attackers have shifted tactics, leveraged nation-state leaked tools and are leveraging ransomware to monetize their attacks. Cloud networks are prime targets; the DMZ is gone, the firewall doesn't exist and customers may not realize they've exposed insecure services to the internet until it's too late. In this talk we'll discuss hunting, finding and remediating compromised customer systems in Azure - a non-trivial task with 1.59million exposed hosts and counting. Remediating system compromise is only the first stage so we'll also cover how we applied the lessons learned to proactively secure Azure Marketplace.

BlueHat v17 || All Your Cloud Are Belong to Us; Hunting Compromise in Azure

BlueHat Security Conference

I will never forget my assignment for a vulnerability assessment against a control systems network. “Hey, can you go somewhere, run “scans” against this system, and oh by the way don’t crash it or a large portion of the USA could lose power”. Needless to say, I turned down that assignment, as they required that a traditional network-based “scan” be run. There has to be a better way to preform assessments in such environments! Fast forward 10 years later and I’ve worked with much safer techniques for assessing the security of SCADA/Control systems infrastructure. Working for Tenable Network Security has also provided me great insights into several techniques, including: - Using credentials to login to systems and audit for missing patches and configuration changes - Tuning vulnerability scans to be less intrusive yet still accurate and providing useful information - Implementing passive vulnerability scanning to discover hosts on the network and enumerate vulnerabilities, without sending a single packet to the end-user system

Tiptoe Through The Network: Practical Vulnerability Assessments in Control Sy...

Digital Bond

Amazon WorkSpaces provides businesses with secure, managed desktops in the Amazon cloud, and offers an enhanced security posture, the ability to support the needs of a modern mobile workforce, and the flexibility to scale globally. In this session, you’ll hear about how organizations can simplify end user computing by moving desktops to the cloud. The session will cover identity and access management, network access and design, integration with on-premises IT infrastructure, application delivery, and the end user experience. Generalized deployment model and office in the box with a deconstructed network. You will also hear first-hand from customers who have implemented WorkSpaces and best practices for deploying Amazon WorkSpaces at scale. Topics will include security and network access, identity and access management, application delivery, and end user experience.

Managing WorkSpaces at Scale | AWS Public Sector Summit 2016

Amazon Web Services

intrusion detection system (IDS)

Aj Maurya

Whether you’re working exclusively on Azure or with multiple cloud environments, there are certain things you should consider when moving assets to the public cloud. As with any cloud deployment, security is a top priority, and moving your workloads to the Azure cloud doesn’t mean you’re not responsible for the security of your operating system, applications, and data. Building on the security of the Azure infrastructure, this shared security responsibility starts with making sure your environment is secure. In this session, we will discuss step-by-step what you need to do to secure access at the administrative, application and network layers.

Azure 101: Shared responsibility in the Azure Cloud

Paulo Renato

IoT (Internet of Things) and OT (Operational Technology) are the current buzzwords for networked devices on which our modern society is based on. In this area the used operating systems are summarized with the term firmware. The devices by themself, so called embedded devices, are essential in the private, as well as in the industrial environment and in the so-called critical infrastructure. Penetration testing of these systems is quite complex as we have to deal with different architectures, optimized operating systems and special protocols. EMBA is an open-source firmware analyzer with the goal to simplify and optimize the complex task of firmware security analysis. EMBA supports the penetration tester with the automated detection of 1-day vulnerabilities on binary level. This goes far beyond the plain CVE detection. With EMBA you always know which public exploits are available for the target firmware. Beside the detection of already known vulnerabilities, EMBA also supports the tester on the next 0-day. For this EMBA identifies critical binary functions, protection mechanisms and services with network behavior on a binary level. There are many other features built into EMBA, such as fully automated firmware extraction, finding file system vulnerabilities, hard-coded credentials, and more. EMBA is an open-source firmware scanner, created by penetration testers for penetration testers. Project page: https://github.com/e-m-b-a/emba Conference page: https://troopers.de/troopers22/agenda/tr22-1042-emba-open-source-firmware-security-testing/

EMBA Firmware analysis - TROOPERS22

MichaelM85042

Tizen is an operating system which is built to run on various kinds of devices. Tizen OS defines following profiles based on the devices types supported. Tizen IVI (in-vehicle infotainment) Tizen Mobile Tizen TV, and Tizen Wearable Samsung's first Tizen-based devices are set to be launched in India in Nov 2014. This paper presents the research outcome on the security analysis of Tizen OS. The paper begins with a quick introduction to Tizen architecture which explains the various components of Tizen OS. This will be followed by Tizen's security model, where Application Sandboxing and Resource Access Control powered by Smack will be explained. The vulnerabilities in Tizen identified during the research and responsibly disclosed to Tizen community will be discussed. This includes issues like Tizen WebKit2 Address spoofing and content injection, Buffer Overflows, Issues in Memory Protection like ASLR and DEP, Injecting SSL Certificate into Trusted Zone, (Shellshock) CVE-2014-6271 etc. Applications in Tizen can be written in HTML5/JS/CSS or natively using C/C++. Overview of pentesting Tizen application will be presented along with some of the issues impacting the security of Tizen application. There will be comparisons made to Android application, and how these security issues differ with Tizen. For eg: Security issues with inter application communication with custom URL schemes or intent broadcasting in Android as opposed to using MessagePort API in Tizen. Issues with Webview & JavaScript Bridge in Android compared to how the web to native communication is handled with Tizen etc. Tizen is late to enter into the market as compared to Android or iOS, which gives it the benefit of learning from the mistakes impacting the security of mobile OS, and fixing these issues right in the Security Architecture. To conclude, a verdict would be provided by the speaker on how much Tizen has achieved with regard to making this mobile OS a secure one.

Hacking Tizen : The OS of Everything - Nullcon Goa 2015

Ajin Abraham

SCADA Security: The Five Stages of Cyber Grief

Lancope, Inc.

Hacklu2011 tricaud

stricaud

Securing the continuous integration

Irene Michlin

Cloud hosting providers, such as Amazon AWS, Google Cloud, DigitalOcean, Microsoft Azure, and many others, have to respond to a regular barrage of abuse complaint reports from all around the world when their customers virtual private servers are used for malicious activity. This activity can happen knowingly by the "renter" of the system or on behalf of an attacker if the server becomes infected. Although by no means the end all, one way of measuring the trust posture of a cloud hosting provider is by analyzing the amount of time between shared hosts beginning to attack other hosts on the Internet and the activity ceasing, generally by way of forced-decommissioning, quarantining, or remediation of the root-cause, such as a malware infection. In this talk, we discuss using the data collected by GreyNoise, a large network of passive collector nodes, to measure the time-to-remediation of infected or malicious machines. We will discuss methodology, results, and actionable takeaways for conference attendees who use shared cloud hosting in their businesses.

Using GreyNoise to Quantify Response Time of Cloud Provider Abuse Teams

Andrew Morris

Every time a new information technology finds its way into production, it seems as though we end up repeating the same process – security vulnerabilities will be discovered and disclosed in that technology, and users and vendors will deny that the risks are significant. Only after major attacks occur do we really start to see efforts to address the inherent risks in a systematic way. We’re falling into this exact same trap again with Industrial Control and SCADA systems, but in this case the problem is worse, because the inherent nature of control systems prevents us from applying many of the strategies that have been used to protect other kinds of computer networks. Join Lancope’s Director of Security Research, Tom Cross, for a look at the five stages of grief that organizations seem to pass through as they come to terms with security risks, and how far we’ve come regarding Industrial Control Systems. Hear about: The state of Control Systems security vulnerabilities Attack activity that is prompting a change in perspective The unique, long-term challenges associated with protecting SCADA networks How anomaly detection can play a key role in protecting SCADA systems now

SCADA Security: The Five Stages of Cyber Grief

Lancope, Inc.

Creating Havoc using Human Interface Device

Positive Hack Days

Zane lackey. security at scale. web application security in a continuous depl...

Yury Chemerkin

Past several years Microsoft Windows undergo lot of fundamental security changes. Where one can argue still imperfect and bound to tons of legacy issues, on the other hand those changes made important shifts in attacker perspective. From tightened sandboxing, restricting attack surface, introducing mitigations, applying virtualization up to stronger focus even on win32k. In our talk we will go trough those changes, how it affects us and how we tackle them from choosing targets, finding bugs up to exploitation primitives we are using. While also empathize that windows research is not only about sandbox, and there are many more interesting target to look for.

Security research over Windows #defcon china

Peter Hlavaty

"All happy cloud deployments are alike; each unhappy cloud deployment is unhappy in its own way." — Leo Tolstoy, Site Reliability Engineer At Gruntwork, I've had the chance to see the cloud adoption journeys of hundreds of companies, from tiny startups to Fortune 50 giants. I've seen those journeys go well. I've seen those journeys go poorly. In this talk, I discuss a few of the ways cloud adoption can go horribly wrong (massive cost overruns, endless death marches, security disasters), and more importantly, how you can get it right. To help you get it right, we looked at the cloud journeys that were successful and extracted from them the patterns they had in common. We distilled all this experience down into something called the Gruntwork Production Framework, which defines five concrete steps you can follow to adopt the cloud at your own company—and hopefully, to end up with your very own happy cloud deployment.

Cloud adoption fails - 5 ways deployments go wrong and 5 solutions

Yevgeniy Brikman

RSA 2015 Realities of Private Cloud Security

Scott Carlson

Security is more critical than ever with new computing environments in the cloud and expanding access to the internet. There are a number of security protection mechanisms available for MongoDB to ensure you have a stable and secure architecture for your deployment. We'll walk through general security threats to databases and specifically how they can be mitigated for MongoDB deployments. Topics will include general security tools and how to configure those for MongoDB, an overview of security features available in MongoDB, including LDAP, SSL, x.509 and Authentication.

Securing Your MongoDB Deployment

MongoDB

Big Data Approaches to Cloud Security

Paul Morse

Cloud security, sounds like a myth does it not? Many organizations still cling to the belief that cloud services can not be used in a secure infrastructure in this session I'll cover emerging and available technologies which can help abate some of these concerns. Threat models - What's a side channel attack? - What's a co-residency attack? Amazon - Available amazon AWS compliance documentation and how it is relevant to secure infrastructure - Available amazon AWS services such as KSM and how they may be used to secure your deployments, VPC and netowrk isolation, IAM. Openstack - What's openstack bandit and why should I care? - What options do I have in my openstack deployment to secure my infrastructure and how are they relevant to my needs? Federated cloud infrastructure - What is it? - Why you need one - Ensuring secure "chain of custody" through to deployment Docker / LXC - What is container virtualization and how does it differ to regular virtualization? - How does this affect my attack surface? - Should I have this in production ? Security CI - How can security be part of your CI process? Emerging technologies - pki.oio - vaultproject.io - haka Telemetry processing - Why your logs are your most important data source - Handling thousands, millions or more lines per second - Using the right components Building the castle - Thoughts in putting this all together to produce infrastructure hardened from developer though to production.

Cumulonimbus fortification-secure-your-data-in-the-cloud

David Busby, CISSP

Similar a CloudStack Secured (20)

BlueHat v17 || All Your Cloud Are Belong to Us; Hunting Compromise in Azure

Tiptoe Through The Network: Practical Vulnerability Assessments in Control Sy...

Managing WorkSpaces at Scale | AWS Public Sector Summit 2016

intrusion detection system (IDS)

Azure 101: Shared responsibility in the Azure Cloud

EMBA Firmware analysis - TROOPERS22

Hacking Tizen : The OS of Everything - Nullcon Goa 2015

SCADA Security: The Five Stages of Cyber Grief

Hacklu2011 tricaud

Securing the continuous integration

Using GreyNoise to Quantify Response Time of Cloud Provider Abuse Teams

SCADA Security: The Five Stages of Cyber Grief

Creating Havoc using Human Interface Device

Zane lackey. security at scale. web application security in a continuous depl...

Security research over Windows #defcon china

Cloud adoption fails - 5 ways deployments go wrong and 5 solutions

RSA 2015 Realities of Private Cloud Security

Securing Your MongoDB Deployment

Big Data Approaches to Cloud Security

Cumulonimbus fortification-secure-your-data-in-the-cloud

Más de John Kinsella

Removing the Burden of Securing Microservices Through Automation and Visibility

John Kinsella

2019 Infosec World Keynote

John Kinsella

An In-depth look at application containers

John Kinsella

Understanding container security

John Kinsella

Docker security configuration

John Kinsella

A (fun!) Comparison of Docker Vulnerability Scanners

John Kinsella

CloudStack and the HeartBleed vulnerability

John Kinsella

Dont break the glass

John Kinsella

Truly Secure: The Steps a Security Practitioner Took to Build a Secure Public...

John Kinsella

Securing the Cloud

John Kinsella

What is Cloud Security, and Can I Have Some?

John Kinsella

Más de John Kinsella (11)

Removing the Burden of Securing Microservices Through Automation and Visibility

2019 Infosec World Keynote

An In-depth look at application containers

Understanding container security

Docker security configuration

A (fun!) Comparison of Docker Vulnerability Scanners

CloudStack and the HeartBleed vulnerability

Dont break the glass

Truly Secure: The Steps a Security Practitioner Took to Build a Secure Public...

Securing the Cloud

What is Cloud Security, and Can I Have Some?

Último

"I see eyes in my soup": How Delivery Hero implemented the safety system for ...

Zilliz

Passkeys: Developing APIs to enable passwordless authentication Cody Salas, Sr Developer Advocate | Solutions Architect - Yubico Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...

apidays

💥 You’re lucky! We’ve found two different (lead) developers that are willing to share their valuable lessons learned about using UiPath Document Understanding! Based on recent implementations in appealing use cases at Partou and SPIE. Don’t expect fancy videos or slide decks, but real and practical experiences that will help you with your own implementations. 📕 Topics that will be addressed: • Training the ML-model by humans: do or don't? • Rule-based versus AI extractors • Tips for finding use cases • How to start 👨‍🏫👨‍💻 Speakers: o Dion Morskieft, RPA Product Owner @Partou o Jack Klein-Schiphorst, Automation Developer @Tacstone Technology

DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam

UiPathCommunity

The Good, the Bad and the Governed - Why is governance a dirty word? David O'Neill, Chief Operating Officer - APIContext Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...

apidays

presentation ICT roal in 21st century education

jfdjdjcjdnsjd

MINDCTI Revenue Release Quarter One 2024

MIND CTI

The microservices honeymoon is over. When starting a new project or revamping a legacy monolith, teams started looking for alternatives to microservices. The Modular Monolith, or 'Modulith', is an architecture that reaps the benefits of (vertical) functional decoupling without the high costs associated with separate deployments. This talk will delve into the advantages and challenges of this progressive architecture, beginning with exploring the concept of a 'module', its internal structure, public API, and inter-module communication patterns. Supported by spring-modulith, the talk provides practical guidance on addressing the main challenges of a Modultith Architecture: finding and guarding module boundaries, data decoupling, and integration module-testing. You should not miss this talk if you are a software architect or tech lead seeking practical, scalable solutions. About the author With two decades of experience, Victor is a Java Champion working as a trainer for top companies in Europe. Five thousands developers in 120 companies attended his workshops, so he gets to debate every week the challenges that various projects struggle with. In return, Victor summarizes key points from these workshops in conference talks and online meetups for the European Software Crafters, the world’s largest developer community around architecture, refactoring, and testing. Discover how Victor can help you on victorrentea.ro : company training catalog, consultancy and YouTube playlists.

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024

Victor Rentea

EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER

MadyBayot

[BuildWithAI] Introduction to Gemini.pdf

Sandro Moreira

Following the popularity of “Cloud Revolution: Exploring the New Wave of Serverless Spatial Data,” we’re thrilled to announce this much-anticipated encore webinar. In this sequel, we’ll dive deeper into the Cloud-Native realm by uncovering practical applications and FME support for these new formats, including COGs, COPC, FlatGeoBuf, GeoParquet, STAC, and ZARR. Building on the foundation laid by industry leaders Michelle Roby of Radiant Earth and Chris Holmes of Planet in the first webinar, this second part offers an in-depth look at the real-world application and behind-the-scenes dynamics of these cutting-edge formats. We will spotlight specific use-cases and workflows, showcasing their efficiency and relevance in practical scenarios. Discover the vast possibilities each format holds, highlighted through detailed discussions and demonstrations. Our expert speakers will dissect the key aspects and provide critical takeaways for effective use, ensuring attendees leave with a thorough understanding of how to apply these formats in their own projects. Elevate your understanding of how FME supports these cutting-edge technologies, enhancing your ability to manage, share, and analyze spatial data. Whether you’re building on knowledge from our initial session or are new to the serverless spatial data landscape, this webinar is your gateway to mastering cloud-native formats in your workflows.

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Safe Software

Elevate Developer Efficiency & build GenAI Application with Amazon Q

Bhuvaneswari Subramani

Artificial Intelligence Chap.5 : Uncertainty

Khushali Kathiriya

Strategies for Landing an Oracle DBA Job as a Fresher

Remote DBA Services

💉💊+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHABI}}+971581248768 +971581248768 Mtp-Kit (500MG) Prices » Dubai [(+971581248768**)] Abortion Pills For Sale In Dubai, UAE, Mifepristone and Misoprostol Tablets Available In Dubai, UAE CONTACT DR.Maya Whatsapp +971581248768 We Have Abortion Pills / Cytotec Tablets /Mifegest Kit Available in Dubai, Sharjah, Abudhabi, Ajman, Alain, Fujairah, Ras Al Khaimah, Umm Al Quwain, UAE, Buy cytotec in Dubai +971581248768''''Abortion Pills near me DUBAI | ABU DHABI|UAE. Price of Misoprostol, Cytotec” +971581248768' Dr.DEEM ''BUY ABORTION PILLS MIFEGEST KIT, MISOPROTONE, CYTOTEC PILLS IN DUBAI, ABU DHABI,UAE'' Contact me now via What's App…… abortion Pills Cytotec also available Oman Qatar Doha Saudi Arabia Bahrain Above all, Cytotec Abortion Pills are Available In Dubai / UAE, you will be very happy to do abortion in Dubai we are providing cytotec 200mg abortion pill in Dubai, UAE. Medication abortion offers an alternative to Surgical Abortion for women in the early weeks of pregnancy. We only offer abortion pills from 1 week-6 Months. We then advise you to use surgery if its beyond 6 months. Our Abu Dhabi, Ajman, Al Ain, Dubai, Fujairah, Ras Al Khaimah (RAK), Sharjah, Umm Al Quwain (UAQ) United Arab Emirates Abortion Clinic provides the safest and most advanced techniques for providing non-surgical, medical and surgical abortion methods for early through late second trimester, including the Abortion By Pill Procedure (RU 486, Mifeprex, Mifepristone, early options French Abortion Pill), Tamoxifen, Methotrexate and Cytotec (Misoprostol). The Abu Dhabi, United Arab Emirates Abortion Clinic performs Same Day Abortion Procedure using medications that are taken on the first day of the office visit and will cause the abortion to occur generally within 4 to 6 hours (as early as 30 minutes) for patients who are 3 to 12 weeks pregnant. When Mifepristone and Misoprostol are used, 50% of patients complete in 4 to 6 hours; 75% to 80% in 12 hours; and 90% in 24 hours. We use a regimen that allows for completion without the need for surgery 99% of the time. All advanced second trimester and late term pregnancies at our Tampa clinic (17 to 24 weeks or greater) can be completed within 24 hours or less 99% of the time without the need surgery. The procedure is completed with minimal to no complications. Our Women's Health Center located in Abu Dhabi, United Arab Emirates, uses the latest medications for medical abortions (RU-486, Mifeprex, Mifegyne, Mifepristone, early options French abortion pill), Methotrexate and Cytotec (Misoprostol). The safety standards of our Abu Dhabi, United Arab Emirates Abortion Doctors remain unparalleled. They consistently maintain the lowest complication rates throughout the nation. Our Physicians and staff are always available to answer questions and care for women in one of the most difficult times in their lives. The decision to have an abortion at the Abortion Cl

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...

?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@

Following the popularity of "Cloud Revolution: Exploring the New Wave of Serverless Spatial Data," we're thrilled to announce this much-anticipated encore webinar. In this sequel, we'll dive deeper into the Cloud-Native realm by uncovering practical applications and FME support for these new formats, including COGs, COPC, FlatGeoBuf, GeoParquet, STAC, and ZARR. Building on the foundation laid by industry leaders Michelle Roby of Radiant Earth and Chris Holmes of Planet in the first webinar, this second part offers an in-depth look at the real-world application and behind-the-scenes dynamics of these cutting-edge formats. We will spotlight specific use-cases and workflows, showcasing their efficiency and relevance in practical scenarios. Discover the vast possibilities each format holds, highlighted through detailed discussions and demonstrations. Our expert speakers will dissect the key aspects and provide critical takeaways for effective use, ensuring attendees leave with a thorough understanding of how to apply these formats in their own projects. Elevate your understanding of how FME supports these cutting-edge technologies, enhancing your ability to manage, share, and analyze spatial data. Whether you're building on knowledge from our initial session or are new to the serverless spatial data landscape, this webinar is your gateway to mastering cloud-native formats in your workflows.

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Safe Software

Tracing the root cause of a performance issue requires a lot of patience, experience, and focus. It’s so hard that we sometimes attempt to guess by trying out tentative fixes, but that usually results in frustration, messy code, and a considerable waste of time and money. This talk explains how to correctly zoom in on a performance bottleneck using three levels of profiling: distributed tracing, metrics, and method profiling. After we learn to read the JVM profiler output as a flame graph, we explore a series of bottlenecks typical for backend systems, like connection/thread pool starvation, invisible aspects, blocking code, hot CPU methods, lock contention, and Virtual Thread pinning, and we learn to trace them even if they occur in library code you are not familiar with. Attend this talk and prepare for the performance issues that will eventually hit any successful system. About authorWith two decades of experience, Victor is a Java Champion working as a trainer for top companies in Europe. Five thousands developers in 120 companies attended his workshops, so he gets to debate every week the challenges that various projects struggle with. In return, Victor summarizes key points from these workshops in conference talks and online meetups for the European Software Crafters, the world’s largest developer community around architecture, refactoring, and testing. Discover how Victor can help you on victorrentea.ro : company training catalog, consultancy and YouTube playlists.

Finding Java's Hidden Performance Traps @ DevoxxUK 2024

Victor Rentea

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving

Edi Saputra

Three things you will take away from the session: • How to run an effective tenant-to-tenant migration • Best practices for before, during, and after migration • Tips for using migration as a springboard to prepare for Copilot in Microsoft 365 Main ideas: Migration Overview: The presentation covers the current reality of cross-tenant migrations, the triggers, phases, best practices, and benefits of a successful tenant migration Considerations: When considering a migration, it is important to consider the migration scope, performance, customization, flexibility, user-friendly interface, automation, monitoring, support, training, scalability, data integrity, data security, cost, and licensing structure Next Wave: The next wave of change includes the launch of Copilot, which requires businesses to be prepared for upcoming changes related to Copilot and the cloud, and to consolidate data and tighten governance ShareGate: ShareGate can help with pre-migration analysis, configurable migration tool, and automated, end-user driven collaborative governance

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

sammart93

Effective data discovery is crucial for maintaining compliance and mitigating risks in today's rapidly evolving privacy landscape. However, traditional manual approaches often struggle to keep pace with the growing volume and complexity of data. Join us for an insightful webinar where industry leaders from TrustArc and Privya will share their expertise on leveraging AI-powered solutions to revolutionize data discovery. You'll learn how to: - Effortlessly maintain a comprehensive, up-to-date data inventory - Harness code scanning insights to gain complete visibility into data flows leveraging the advantages of code scanning over DB scanning - Simplify compliance by leveraging Privya's integration with TrustArc - Implement proven strategies to mitigate third-party risks Our panel of experts will discuss real-world case studies and share practical strategies for overcoming common data discovery challenges. They'll also explore the latest trends and innovations in AI-driven data management, and how these technologies can help organizations stay ahead of the curve in an ever-changing privacy landscape.

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

TrustArc

Webinar Recording: https://www.panagenda.com/webinars/why-teams-call-analytics-is-critical-to-your-entire-business Nothing is as frustrating and noticeable as being in an important call and being unable to see or hear the other person. Not surprising then, that issues with Teams calls are among the most common problems users call their helpdesk for. Having in depth insight into everything relevant going on at the user’s device, local network, ISP and Microsoft itself during the call is crucial for good Microsoft Teams Call quality support. To ensure a quick and adequate solution and to ensure your users get the most out of their Microsoft 365. But did you know that ‘bad calls’ are also an excellent indicator of other problems arising? Precisely because it is so noticeable!? Like the canary in the mine, bad calls can be early indicators of problems. Problems that might otherwise not have been noticed for a while but can have a big impact on productivity and satisfaction. Join this session by Christoph Adler to learn how true Microsoft Teams call quality analytics helped other organizations troubleshoot bad calls and identify and fix problems that impacted Teams calls or the use of Microsoft365 in general. See what it can do to keep your users happy and productive! In this session we will cover - Why CQD data alone is not enough to troubleshoot call problems - The importance of attributing call problems to the right call participant - What call quality analytics can do to help you quickly find, fix-, and prevent problems - Why having retrospective detailed insights matters - Real life examples of how others have used Microsoft Teams call quality monitoring to problem shoot problems with their ISP, network, device health and more.

Why Teams call analytics are critical to your entire business

panagenda

CloudStack Secured

1. CloudStack Secured John Kinsella @johnlkinsella Apache CloudStack PPMC Founder, Stratosec Inc.

2. Overview • Code Review • Incident response • Stratosec extras • What’s next

3. LOOKING FOR WEAKNESSES IN ACS

4. Manual review • Process of combing code looking for flaws • “Targeted” manual review can be cheaper, easier • Grepping for known patterns can quickly point to issues in code – “crypt” – “password” – “FIXME” – “this is a hack”

5. This is a hack

6. Manual review, cont • Once we find an area where there’s a “smell,” we investigate closer.

7. Static analysis • Automated! • Automation good, right? • But tools usually not cheap.

8. FoD Overview

9. Fod Source

10. FoD Trace

11. FoD Suspicious

12. What does this get us? So far, not much. • No critical findings discovered • Low issues possible (eg raw error message displayed in UI)

13. Good guys vs bad guys governments $$ Malicious user Community

14. Email from customer

15. Incident response • Report findings to ACS security team (PPMC) • We strive to investigate and respond ASAP • Verified issues • Pre-4.0 issues are forwarded to Citrix • Pre-notification list for critical vendors (Gizoogle cloudstack security response)

16. STRATOSEC EXTRAS

17. SSL • ACS Ships with SSL disabled. • Instructions in ACS wiki under “CloudStack Security”

18. VPNs • SSL is nice, but we like OpenVPN for any administrative access • Con: iOS doesn’t like OpenVPN* *Jailbroken iOS does like OpenVPN

19. Tighter firewalling • If you place unprotected hypervisors on public Internet, after several days, you will find VMs at a grub prompt • Firewall everything. Use VPN, but firewall that too.

20. Testing • Vulnerability scanning • Penetration testing • Important – monitoring for changes

21. IDS • Run snort on hypervisors monitoring bridges • Run OSSEC, monitoring anything sensitive – /etc • AntiVirus? Shouldn’t have to…

22. Two Factor Authentication • Becoming more and more common • Passwords aren’t enough – Guessable – Stealable – Sniffable, when you’re not using SSL/VPN

23. 2FA any day now… • WiKID Systems 2 factor auth • “Mutual HTTPS Authentication” • Code seems to be working, just need to tweak build

24. What’s next • Admin login notification • KVM + SELinux – Working on it – not production ready • After SELinux, auditd • Goal: Provide users with transparency

25. Logging • We collect/analyze logs from – All IDS – Network firewalls – Web application firewalls – Syslog (Management, node, AND VM) collected centrally

26. We’d love help • Security Frameworks • Security plugins (authentication, monitoring) • grsecurity support? • Further xen hardening? • Ideas? http://cloudstack.org

27. Thanks! Questions? John Kinsella @johnlkinsella http://www.slideshare.net/jlkinsel/

Notas del editor

Grepping is basically same as Fortify’s Semantic Analyzer

CloudStack Secured

Recomendados

Recomendados

Más contenido relacionado

La actualidad más candente

La actualidad más candente (20)

Similar a CloudStack Secured

Similar a CloudStack Secured (20)

Más de John Kinsella

Más de John Kinsella (11)

Último

Último (20)

CloudStack Secured

Notas del editor