Real security in a virtual environment - Infosecurity 2011

•

0 likes•2,159 views

David Geens

Technology

Real Security in a Virtual Environment By Mattias GeniarSystem Engineer @Nucleus

So ... Who am I? Mattias Geniar576 𝑦𝑒𝑎𝑟𝑠 𝑜𝑙𝑑 System Engineer at Nucleus (Cloud) Hosting provider http://mattiasgeniar.be @mattiasgeniar

Quote “ Every security system that has ever been breached was once thought infallible.

Oh hai root. root@srv:~# hostname srv.domain.be root@srv:~# vzlist --all CTID NPROC STATUS IP_ADDR HOSTNAME 101 74 running 10.0.2.1 topsecret-srv root@srv:~# vzctl enter 101 -bash-3.1# hostname topsecret-srv.domain.be -bash-3.1# id uid=0(root) gid=0(root)

Quote “ The weakest link in any security system, is the person holding the information

Quote “ Geeks don’t have interests. They have passions.

Thank you. root@mattias:~# logout Twitter: @mattiasgeniar www.nucleus.be Mail: m@ttias.be

What's hot

SSL/TLS for Mortals (DevNexus)

Maarten Mulders

Security Walls in Linux Environment: Practice, Experience, and Results

Igor Beliaiev

Top 6 Practices to Harden Docker Images to Enhance Security

9 series

Proactive Security That Works

Brett L. Scott

Nothing clears out a conference room faster than a discussion around information security. Securing complex computer systems, such as OpenStack clouds, is extremely difficult. To make matters worse, attackers can make many mistakes without consequences. A defender’s single mistake could lead to a breach. Don't let fear rule the discussion around security. Operators need a simple and scalable method for securing OpenStack clouds. That starts with grouping components into compartments and then looking at how those compartments interact with each other. Those interactions form the backbone of security policies and technical controls. In this vendor-neutral talk, Major Hayden, principal architect at Rackspace, will break down the complexity of securing OpenStack clouds using real-world scenarios. Attendees will learn how to: Divide OpenStack deployments into compartments Analyze the interactions between each component Develop security policies and apply technical controls

Holistic Security for OpenStack Clouds

Major Hayden

SSL/TLS for Mortals (JavaOne 2017)

Maarten Mulders

In this session we will take a look on what we need to keep on our radar when we start a new project inside cloud. When not only us, but also clients are new in cloud ecosystem we need to be aware of small things that can make a different or secure the success of the project. Things like security, environment isolation and access controls are just a small part of the things that we need be aware. There will be examples from real life projects and hands-on implementations inside Microsoft Azure. After joining this session, you will have an initial view on what things we shall be aware when we start a new project inside cloud.

Day Zero on a cloud Project Radu Vunvulea Endava Sofia 2018

Radu Vunvulea

Using SSL/TLS the right way is often a big hurdle for developers. We prefer to have that one colleague perform "something with certificates", because he/she knows how that works. But what if "that one colleague" is enjoying vacation and something goes wrong with the certificates? In this session we’ll take a close look at secure communication at the transport level. Starting with what exactly SSL and TLS is, we’ll dive into public/private keys, and signing. We’ll also learn what all this has to do with an unfortunate Dutch notary. Of course, there’ll be plenty of practical tips and tricks as well as demos. Attend this session to become "that one colleague"!

SSL/TLS for Mortals (JAX DE 2018)

Maarten Mulders

What's hot (8)

SSL/TLS for Mortals (DevNexus)

Security Walls in Linux Environment: Practice, Experience, and Results

Top 6 Practices to Harden Docker Images to Enhance Security

Proactive Security That Works

Holistic Security for OpenStack Clouds

SSL/TLS for Mortals (JavaOne 2017)

Day Zero on a cloud Project Radu Vunvulea Endava Sofia 2018

SSL/TLS for Mortals (JAX DE 2018)

Similar to Real security in a virtual environment - Infosecurity 2011

Software developers are screwing up the digital world. Security is often an afterthought, or worse, the job of I.T., who is expected to sprinkle magic fairy dust on an app that magically makes it secure. That's an impossible ask and forces a perimeter-based security model that cannot succeed alone in a world of cloud apps, mobile devices, and distributed data. Developers must embrace security by design principles and fundamentally shift their attitude about who is responsible for security.

Stop expecting magic fairy dust: Make apps secure by design

Patrick Walsh

Security pitfalls in script-able infrastructure pipelines.

DefCamp

LXC, Docker, security: is it safe to run applications in Linux Containers?

Jérôme Petazzoni

The Emergent Cloud Security Toolchain for CI/CD given at RSA Conference 2018 in San Francisco. All organizations want to go faster and decrease friction in their cloud software delivery pipeline. Infosec has an opportunity to change their classic approach from blocker to enabler. This talk will discuss hallmarks of CI/CD and some practical examples for adding security testing across different organizations. The talk will cover emergent patterns, practices and toolchains that bring security to the table. Learning Objectives: 1: Learn the emerging patterns for security in CI/CD pipelines. 2: Receive a pragmatic security toolchain for CI/CD to use in your organization. 3: Understand the real meaning of DevSecOps is without all the hype.

The Emergent Cloud Security Toolchain for CI/CD

James Wickett

Cloud Security Essentials 2.0 at RSA

Shannon Lietz

The Container Security Checklist

LibbySchulze

Containers are becoming increasingly popular. They have many advantages over virtual machines: they boot faster, have less performance overhead, and use less resources. However, those advantages also stem from the fact that containers share the kernel of their host, instead of abstracting an new independent environment. This sharing has significant security implications, as kernel exploits can now lead to host-wide escalations. In this presentation, we will: - Review the actual security risks, in particular for multi-tenant environments running arbitrary applications and code - Discuss how to mitigate those risks - Focus on containers as implemented by Docker and the libcontainer project, but the discussion also stands for plain containers as implemented by LXC

Docker, Linux Containers, and Security: Does It Add Up?

Jérôme Petazzoni

Nate Warfield, Microsoft Ben Ridgway, Microsoft MongoDB, Redis, Elastic, Hadoop, SMBv1, IIS6.0, Samba. What do they all have in common? Thousands of them were pwned. In Azure. In 2017. Attackers have shifted tactics, leveraged nation-state leaked tools and are leveraging ransomware to monetize their attacks. Cloud networks are prime targets; the DMZ is gone, the firewall doesn't exist and customers may not realize they've exposed insecure services to the internet until it's too late. In this talk we'll discuss hunting, finding and remediating compromised customer systems in Azure - a non-trivial task with 1.59million exposed hosts and counting. Remediating system compromise is only the first stage so we'll also cover how we applied the lessons learned to proactively secure Azure Marketplace.

BlueHat v17 || All Your Cloud Are Belong to Us; Hunting Compromise in Azure

BlueHat Security Conference

Virtual machines are generally considered secure. At least, secure enough to power highly multi-tenant, large-scale public clouds, where a single physical machine can host a large number of virtual instances belonging to different customers. Containers have many advantages over virtual machines: they boot faster, have less performance overhead, and use less resources. However, those advantages also stem from the fact that containers share the kernel of their host, instead of abstracting a new independent environment. This sharing has significant security implications, as kernel exploits can now lead to host-wide escalations. We will show techniques to harden Linux Containers; including kernel capabilities, mandatory access control, hardened kernels, user namespaces, and more, and discuss the remaining attack surface.

Docker, Linux Containers (LXC), and security

Jérôme Petazzoni

Security for AWS : Journey to Least Privilege (update)

dhubbard858

Security for AWS: Journey to Least Privilege

Lacework

In today's cloud era, admins struggle to keep their IT infrastructures safe. Cloud security is joint responsibility and what we need is a new approach! In this session, you will learn how to securely deploy and maintain Azure infrastructure solutions, why automation is essential, what network security and encryption options you have, and how access control can prevent you from having sleepless nights. We will successfully attack an Azure environment live on stage, dive deep into Azure Security Center, and see how we can use it to ultimately secure IT infrastructures on premises, hybrid, and on Azure.

Experts Live Norway - Azure Infrastructure Security

Tom Janetscheck

Security & Cryptography In Linux

Ahmed Mekkawy

Nagios Conference 2013 - Spenser Reinhardt - Securing Your Nagios Server

Nagios

Basho and Riak at GOTO Stockholm: "Don't Use My Database."

Basho Technologies

Moving critical workloads into the cloud can be unnerving for security professionals. In reality, though, the cloud offers a whole new set of opportunities for the security team to do things even better than in their on-premises environment. Two seasoned cloud experts will explore the latest real-world, practical tools and techniques for becoming demonstrably more secure as you move to the cloud. (Source: RSA USA 2016-San Francisco)

Aspirin as a Service: Using the Cloud to Cure Security Headaches

Priyanka Aash

Black ops of tcp2005 japan

Dan Kaminsky

Hack wireless internet connections or wifi

Greater Noida Institute Of Technology

Threat stack aws

Jen Andre

It comes to no surprise, that any micro-services, any security controls you use to build applications – will eventually be broken (or fail). Under certain pressure, some components will fail together. The question is – how do we build our systems in a way that security incidents won't happen even if some components fail. And the data leaks won't occur even if penetration tests are successful. "Defense in depth is a security engineering pattern, that suggests building an independent set of security controls aimed at mitigating more risks even if the attacker crosses the outer perimeter. During the talk, we will model threats and risks for the modern web application, and improve it by building multiple lines of defense. We will overview high-level patterns and exact tools from the security engineering world and explain them to the modern web devs ;)

JS Fest 2019. Анастасия Войтова. "Defense in depth": trench warfare principle...

JSFestUA

Similar to Real security in a virtual environment - Infosecurity 2011 (20)

Stop expecting magic fairy dust: Make apps secure by design

Security pitfalls in script-able infrastructure pipelines.

LXC, Docker, security: is it safe to run applications in Linux Containers?

The Emergent Cloud Security Toolchain for CI/CD

Cloud Security Essentials 2.0 at RSA

The Container Security Checklist

Docker, Linux Containers, and Security: Does It Add Up?

BlueHat v17 || All Your Cloud Are Belong to Us; Hunting Compromise in Azure

Docker, Linux Containers (LXC), and security

Security for AWS : Journey to Least Privilege (update)

Security for AWS: Journey to Least Privilege

Experts Live Norway - Azure Infrastructure Security

Security & Cryptography In Linux

Nagios Conference 2013 - Spenser Reinhardt - Securing Your Nagios Server

Basho and Riak at GOTO Stockholm: "Don't Use My Database."

Aspirin as a Service: Using the Cloud to Cure Security Headaches

Black ops of tcp2005 japan

Hack wireless internet connections or wifi

Threat stack aws

JS Fest 2019. Анастасия Войтова. "Defense in depth": trench warfare principle...

Recently uploaded

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

Product Anonymous

Boost Fertility New Invention Ups Success Rates.pdf

sudhanshuwaghmare1

Axa Assurance Maroc - Insurer Innovation Award 2024

The Digital Insurer

Discord is a free app offering voice, video, and text chat functionalities, primarily catering to the gaming community. It serves as a hub for users to create and join servers tailored to their interests. Discord’s ecosystem comprises servers, each functioning as a distinct online community with its own channels dedicated to specific topics or activities. Users can engage in text-based discussions, voice calls, or video chats within these channels. Understanding Discord Servers Discord servers are virtual spaces where users congregate to interact, share content, and build communities. Servers may revolve around gaming, hobbies, interests, or fandoms, providing a platform for like-minded individuals to connect. Communication Features Discord offers a range of communication tools, including text channels for messaging, voice channels for real-time audio conversations, and video channels for face-to-face interactions. These features facilitate seamless communication and collaboration. What Does NSFW Mean? The acronym NSFW stands for “Not Safe For Work,” indicating content that may be inappropriate for professional or public settings. NSFW Content NSFW content encompasses material that is sexually explicit, violent, or otherwise graphic in nature. It often includes nudity, profanity, or depictions of sensitive topics.

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf

UK Journal

BooK Now Call us at +918448380779 to hire a gorgeous and seductive call girl for sex. Take a Delhi Escort Service. The help of our escort agency is mostly meant for men who want sexual Indian Escorts In Delhi NCR. It should be noted that any impersonator will get 100 attention from our Young Girls Escorts in Delhi. They will assume the position of reliable allies. VIP Call Girl With Original Photos Book Tonight +918448380779 Our Cheap Price 1 Hour not available 2 Hours 5000 Full Night 8000 TAG: Call Girls in Delhi, Noida, Gurgaon, Ghaziabad, Connaught Place, Greater Kailash Delhi, Lajpat Nagar Delhi, Mayur Vihar Delhi, Chanakyapuri Delhi, New Friends Colony Delhi, Majnu Ka Tilla, Karol Bagh, Malviya Nagar, Saket, Khan Market, Noida Sector 18, Noida Sector 76, Noida Sector 51, Gurgaon Mg Road, Iffco Chowk Gurgaon, Rajiv Chowk Gurgaon All Delhi Ncr Free Home Deliver

08448380779 Call Girls In Greater Kailash - I Women Seeking Men

Delhi Call girls

How to Troubleshoot Apps for the Modern Connected Worker

ThousandEyes

2024: Domino Containers - The Next Step. News from the Domino Container commu...

Martijn de Jong

In an era where artificial intelligence (AI) stands at the forefront of business innovation, Information Architecture (IA) is at the core of functionality. See “There’s No AI Without IA” – (from 2016 but even more relevant today) Understanding and leveraging how Information Architecture (IA) supports AI synergies between knowledge engineering and prompt engineering is critical for senior leaders looking to successfully deploy AI for internal and externally facing knowledge processes. This webinar be a high-level overview of the methodologies that can elevate AI-driven knowledge processes supporting both employees and customers. Core Insights Include: Strategic Knowledge Engineering: Delve into how structuring AI's knowledge base is required to prevent hallucinations, enable contextual retrieval of accurate information. This will include discussion of gold standard libraries of use cases support testing various LLMs and structures and configurations of knowledge base. Precision in Prompt Engineering: Learn the art of crafting prompts that direct AI to deliver targeted, relevant responses, thereby optimizing customer experiences and business outcomes. Unified Approach for Enhanced AI Performance: Explore the intersection of knowledge and prompt engineering to develop AI systems that are not only more responsive but also aligned with overarching business strategies. Guiding Principles for Implementation: Equip yourself with best practices, ethical guidelines, and strategic considerations for embedding these technologies into your business ecosystem effectively. This webinar is designed to empower business and technology leaders with the knowledge to harness the full potential of AI, ensuring their organizations not only keep pace with digital transformation but lead the charge. Join us to map a roadmap to fully leverage Information Architecture (IA) and AI chart a course towards a future where AI is a key pillar of strategic innovation and business success.

EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx

Earley Information Science

This presentations targets students or working professionals. You may know Google for search, YouTube, Android, Chrome, and Gmail, but did you know Google has many developer tools, platforms & APIs? This comprehensive yet still high-level overview outlines the most impactful tools for where to run your code, store & analyze your data. It will also inspire you as to what's possible. This talk is 50 minutes in length.

Powerful Google developer tools for immediate impact! (2023-24 C)

wesley chun

As privacy and data protection regulations evolve rapidly, organizations operating in multiple jurisdictions face mounting challenges to ensure compliance and safeguard customer data. With state-specific privacy laws coming up in multiple states this year, it is essential to understand what their unique data protection regulations will require clearly. How will data privacy evolve in the US in 2024? How to stay compliant? Our panellists will guide you through the intricacies of these states' specific data privacy laws, clarifying complex legal frameworks and compliance requirements. This webinar will review: - The essential aspects of each state's privacy landscape and the latest updates - Common compliance challenges faced by organizations operating in multiple states and best practices to achieve regulatory adherence - Valuable insights into potential changes to existing regulations and prepare your organization for the evolving landscape

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments

TrustArc

In this session, we will delve into strategic approaches for optimizing knowledge management within Microsoft 365, amidst the evolving landscape of Copilot. From leveraging automatic metadata classification and permission governance with SharePoint Premium, to unlocking Viva Engage for the cultivation of knowledge and communities, you will gain actionable insights to bolster your organization's knowledge-sharing initiatives. In this session, we will also explore how to facilitate solutions to enable your employees to find answers and expertise within Microsoft 365. You will leave equipped with practical techniques and a deeper understanding of how there is more to effective knowledge management than just enabling Copilot, but building actual solutions to prepare the knowledge that Copilot and your employees can use.

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...

Drew Madelung

Enterprise Knowledge’s Urmi Majumder, Principal Data Architecture Consultant, and Fernando Aguilar Islas, Senior Data Science Consultant, presented "Driving Behavioral Change for Information Management through Data-Driven Green Strategy" on March 27, 2024 at Enterprise Data World (EDW) in Orlando, Florida. In this presentation, Urmi and Fernando discussed a case study describing how the information management division in a large supply chain organization drove user behavior change through awareness of the carbon footprint of their duplicated and near-duplicated content, identified via advanced data analytics. Check out their presentation to gain valuable perspectives on utilizing data-driven strategies to influence positive behavioral shifts and support sustainability initiatives within your organization. In this session, participants gained answers to the following questions: - What is a Green Information Management (IM) Strategy, and why should you have one? - How can Artificial Intelligence (AI) and Machine Learning (ML) support your Green IM Strategy through content deduplication? - How can an organization use insights into their data to influence employee behavior for IM? - How can you reap additional benefits from content reduction that go beyond Green IM?

Driving Behavioral Change for Information Management through Data-Driven Gree...

Enterprise Knowledge

🐬 The future of MySQL is Postgres 🐘

RTylerCroy

The Raspberry Pi 5 was announced on October 2023. This new version of the popular embedded device comes with a new iteration of Broadcom’s VideoCore GPU platform, and was released with a fully open source driver stack, developed by Igalia. The presentation will discuss some of the major changes required to support this new Video Core iteration, the challenges we faced in the process and the solutions we provided in order to deliver conformant OpenGL ES and Vulkan drivers. The talk will also cover the next steps for the open source Raspberry Pi 5 graphics stack. (c) Embedded Open Source Summit 2024 April 16-18, 2024 Seattle, Washington (US) https://events.linuxfoundation.org/embedded-open-source-summit/ https://eoss24.sched.com/event/1aBEx

Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...

Igalia

The 7 Things I Know About Cyber Security After 25 Years | April 2024

Rafal Los

Imagine a world where information flows as swiftly as thought itself, making decision-making as fluid as the data driving it. Every moment is critical, and the right tools can significantly boost your organization’s performance. The power of real-time data automation through FME can turn this vision into reality. Aimed at professionals eager to leverage real-time data for enhanced decision-making and efficiency, this webinar will cover the essentials of real-time data and its significance. We’ll explore: FME’s role in real-time event processing, from data intake and analysis to transformation and reporting An overview of leveraging streams vs. automations FME’s impact across various industries highlighted by real-life case studies Live demonstrations on setting up FME workflows for real-time data Practical advice on getting started, best practices, and tips for effective implementation Join us to enhance your skills in real-time data automation with FME, and take your operational capabilities to the next level.

From Event to Action: Accelerate Your Decision Making with Real-Time Automation

Safe Software

How to convert PDF to text with Nanonets

naman860154

How to Troubleshoot Apps for the Modern Connected Worker

ThousandEyes

08448380779 Call Girls In Friends Colony Women Seeking Men

Delhi Call girls

Heather Hedden, Senior Consultant at Enterprise Knowledge, presented “The Role of Taxonomy and Ontology in Semantic Layers” at a webinar hosted by Progress Semaphore on April 16, 2024. Taxonomies at their core enable effective tagging and retrieval of content, and combined with ontologies they extend to the management and understanding of related data. There are even greater benefits of taxonomies and ontologies to enhance your enterprise information architecture when applying them to a semantic layer. A survey by DBP-Institute found that enterprises using a semantic layer see their business outcomes improve by four times, while reducing their data and analytics costs. Extending taxonomies to a semantic layer can be a game-changing solution, allowing you to connect information silos, alleviate knowledge gaps, and derive new insights. Hedden, who specializes in taxonomy design and implementation, presented how the value of taxonomies shouldn’t reside in silos but be integrated with ontologies into a semantic layer. Learn about: - The essence and purpose of taxonomies and ontologies in information and knowledge management; - Advantages of semantic layers leveraging organizational taxonomies; and - Components and approaches to creating a semantic layer, including the integration of taxonomies and ontologies

The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf

Enterprise Knowledge

Recently uploaded (20)

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

Boost Fertility New Invention Ups Success Rates.pdf

Axa Assurance Maroc - Insurer Innovation Award 2024

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf

08448380779 Call Girls In Greater Kailash - I Women Seeking Men

How to Troubleshoot Apps for the Modern Connected Worker

2024: Domino Containers - The Next Step. News from the Domino Container commu...

EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx

Powerful Google developer tools for immediate impact! (2023-24 C)

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...

Driving Behavioral Change for Information Management through Data-Driven Gree...

🐬 The future of MySQL is Postgres 🐘

Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...

The 7 Things I Know About Cyber Security After 25 Years | April 2024

From Event to Action: Accelerate Your Decision Making with Real-Time Automation

How to convert PDF to text with Nanonets

How to Troubleshoot Apps for the Modern Connected Worker

08448380779 Call Girls In Friends Colony Women Seeking Men

The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf

Real security in a virtual environment - Infosecurity 2011

1. Real Security in a Virtual Environment By Mattias GeniarSystem Engineer @Nucleus

2. So ... Who am I? Mattias Geniar576 𝑦𝑒𝑎𝑟𝑠 𝑜𝑙𝑑 System Engineer at Nucleus (Cloud) Hosting provider http://mattiasgeniar.be @mattiasgeniar

3. My comfort zone. root@mattias:~#

4. Not this.

5. Now what’s this about?

6. Preventing this cloud ...

7. From becoming this one.

8. Whatcha talking ‘bout fool?

9. Quote “ Every security system that has ever been breached was once thought infallible.

10. It’s about layers. Many layers.

11. A secure location.

12. With sufficient power.

13. And cooling.

14. That is secure.

15. But that’s just the bottom layer.

16. Don’t forget this.

17. How virtual is ‘virtual’?

18. The heart: storage.

19. Seperate network.

20. But in a good way.

21. Should it be encrypted?

22. On your storage itself?

23. Key management.

24. Or within your VM?

25. Redundant storage. Good x 2.

26. RAIDs

27. Have backups. Lots of them.

28. The kidneys: connectivity.

29. Walls of fire.

30. Firewall your firewall?

31. Secure connections.

32. Know what goes on.

33. Find intruders.

34. IDS & IPS

35. We like graphs. And IDS.

36. And boxes. With info.

37. Even when the cloud ‘moves’.

38. # diff ‘os-virt’ ‘hardware-virt’

39. Oh hai root. root@srv:~# hostname srv.domain.be root@srv:~# vzlist --all CTID NPROC STATUS IP_ADDR HOSTNAME 101 74 running 10.0.2.1 topsecret-srv root@srv:~# vzctl enter 101 -bash-3.1# hostname topsecret-srv.domain.be -bash-3.1# id uid=0(root) gid=0(root)

40. Who’s this?

41.

42. Quote “ The weakest link in any security system, is the person holding the information

43. Developers that care.

44. That don’t do stupid things.

45. With secure API’s.

46. And management.

47. No no. Real management.

48. Quote “ Geeks don’t have interests. They have passions.

49. So. Layers you said?

50. Q & A

51. Thank you. root@mattias:~# logout Twitter: @mattiasgeniar www.nucleus.be Mail: m@ttias.be

Real security in a virtual environment - Infosecurity 2011

Recommended

Recommended

More Related Content

What's hot

What's hot (8)

Similar to Real security in a virtual environment - Infosecurity 2011

Similar to Real security in a virtual environment - Infosecurity 2011 (20)

Recently uploaded

Recently uploaded (20)

Real security in a virtual environment - Infosecurity 2011