The Day After Yesterday
|
|
- Anna Sparks
- 8 years ago
- Views:
Transcription
1 The Day After Yesterday or: How I Learned to Stop Worrying About Securing the Cloud
2 Start at the Beginning Virtualization Security is easy once you understand how hard it is Cloud Security is a topic almost as controversial as the Healthcare Bill, but much more widely debated With all this topic encompasses, I m going to focus only on the practical, and leave theorizing and pontificating about the future of cloud to other pundits
3 The Next 54 Minutes My focus is on the enterprise My focus is largely on virtualization I m only going to talk specifics with regards to the most popular solutions My focus is on what can you do today
4 Topics Practical VirtSec Resources Hypervisor Management Interface Virtual Machines Virtual Networks Practical CloudSec Risks Mitigation EC2 Basics VPC Third-party
5 Virtualization is... Broad term, many uses Abstraction of characteristics of physical compute resources from systems, users, applications Typically: Resource (virtual memory, RAID, SAN) Platform (virtual machines)
6 Cloud is... A nebulous term ;) A collection of, comprised of, that can be rapidly Resources hosted Not a new technology!
7 Cloud is... Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.
8 VirtSec is... Security of virtual infrastructure and the virtual machines running within it Many considerations the same in virtual and physical infrastructure, however Virtualization does introduce unique architecture and a few unique challenges
9 CloudSec is... Defined by individual interpretation and implementation of cloud More process than technology Subject to the same advantages and disadvantaged inherent in cloud
10 VirtSec in Practice
11 Simpler is Better Keep It Simple, Stupid (KISS) Make Your Architecture Simpler to Secure! (MYASS) More moving pieces means more time, effort and money required to implement security completely and effectively Don t let the capabilities of your platform fool you into believing you need all of them
12 Where the Wild Things Are Five primary [sub]systems: Compute, network and storage resources Hypervisor / VMM / vmkernel Virtual machines (guest OS) Service console (COS, dom0) Networking [layer]
13 Secure Your Resources Your virtual infrastructure is only as secure as the resources that comprise it! Securing your compute, network and storage infrastructure is as important as securing the hypervisor and guests
14 Storage and Network Zoning and masking Isolated [dedicated] IP storage networks Mutual CHAP for iscsi, restrict NFS by IP Firewalls throughout, forward and reverse proxies where possible Consider physical log and monitoring servers, IDS/IPS, load balancers
15 Secure Your Hypervisor Not generally user-serviceable Small(ish) attack surface Area of least control (and concern) See hyperjacking See redpill / bluepill The future? Hardware Root of Trust
16 Service Console In ESX, COS is based on RHEL/CentOS Moderately secure out of the box (only authenticated and encrypted management services on by default) Still, needs additional hardening to be considered secure ESXi has BusyBox, no real COS XenServer dom0 is also CentOS
17 ESX Minimum Required Hardening Limit use of su to members of wheel group Enforce use of sudo and use aliases Configure TCP wrappers (hosts.deny) Authenticate via AD or LDAP Replace the default self-signed SSL certs Configure NTP and remote logging
18 Further COS Hardening VMware s Hardening Guides (VI3, vsphere) CIS ESX server benchmark Tripwire s ConfigCheck, OpsCheck XenSource wiki
19
20 Configure NTP & remote logging Configure host to sync time via NTP Configure remote logging (consider Syslog- NG, Splunk, Mitre s CEE) Configure alarms and alerts via SNMP Archive logs to RO medium daily Keep your COS/dom0 patched!
21 Virtual Machines VMs are highly mobile and often short-lived VM sprawl results from creation of new VMs to suit every whim Most organizations have poor change control and/or patch management systems for virtual infrastructure Introspection mechanisms not widely available, deployed
22 The Malignant OS Needs to be hardened / secured just like on physical machines Principles of minimization will lead to smaller, faster, more secure vm s
23 Power. Respect. JEOS. How far will you go to get it? Just Enough Operating System Most effective way to ensure security of virtual infrastructure Difficult to achieve today, not impossible nlite, vlite, LitePC Ubuntu VM Builder, SuSE Studio, Rpath, Arch, Slackware, Gentoo, BSD
24 See the service guides at (ex. Windows 2008 R2 Service Configurations)
25 Guest OS Hardening Consider automated assessment tools, checklists and/or hardening scripts nmap, Nessus, Metasploit, CANVAS 15 Steps to Hardening WS2003 Microsoft Baseline Security Analyzer Bastille Linux
26
27 VM Introspection Examine and understand internal state of a running VM VMSafe XenAccess Virtual Introspection for Xen
28 Virtual Networking Built-in vswitches provide some protection Limit promisc mode Prevent mac changes / forgery Basic VLAN tagging, trunking No native ACLs or firewalling
29 Enhanced Virtual Networking New vswitches provide greatly enhanced functionality and security (Open vswitch, Cisco Nexus 1000v) You can also do a fairly effective job with: Vyatta, LRP, FreeSCO m0n0wall, pfsense, OpenBSD Astaro, IPcop, Untangle
30 Important Considerations Isolated, OOB management network Isolated, OOB ip storage networks Redundant NICs in NIC teams across redundant switches Physical separation between prod and dev Physical interfaces always preferred over VLANs for segmentation
31 UTM-in-a-VM? In addition to firewalls, consider that you may need to provide VM-based IDS / IPS, authentication, NAC, and/or malware protection and content filtering within your virtual networks Astaro and Untangle provide much of this functionality already
32
33 Configuration Management Configuration management and change control are two of the most critical elements in an effective security policy Also the two most frequently overlooked, and/or shoddily implemented processes There are tools available to help, you just have to use them!
34
35
36
37 CloudSec in Practice
38 "Cloud computing is about gracefully losing control while maintaining accountability even if the operational responsibility falls upon one or more third parties. " From the CSA s Security Guidance for Critical Areas of Focus in Cloud Computing
39 Fundamentals K.I.S.S. (M.Y.A.S.S.) Define assets, understand trust models Understanding cloud key to securing cloud 5 cloud characteristics 3 service models 4 deployment models
40 Five characteristics On-demand self-service, Broad network access, Resource pooling, Rapid elasticity, Measured service Three service models SaaS, PaaS, IaaS Four deployment models Public, Community, Private, Hybrid
41 Cloud Security Alliance
42 What Do We Mean By Cloud Security? Infrastructure security? Virtualization security? Application security? Compliance? It s all about the assets
43 What Do You Mean What Do I Mean? Infrastructure, virtualization, application security no less important than before, but managed differently Compliance is important, but useless taken out of context (SAS 70 TII, but with which controls?) Compliance doesn t fully address governance, residency, access
44 The spot where we intend to fight must not be made known; for then the enemy will have to prepare against a possible attack at several different points; Sun Tzu
45 Predominant Risks From ENISA s Benefits, Risks and Recommendations for Information Security Loss of governance [Lack of transparency] Lock-in Isolation failure Compliance risks Management interface compromise Data protection Incomplete or insecure data deletion Malicious insider
46 Barriers Largely questions of governance, residency and compliancy Where is your data? Who has access? Who controls and manages it? How is the data accessed?
47 Mitigation Encrypt locally before storing in the cloud Ensure external key storage and management Keep private data out of cloud Build protection mechanisms directly into your resources in the cloud Host private cloud
48 Encourage Adoption of Open Standards Will help with transparency Will help avoid lock-in Will help in understanding governance Will help in achieving compliancy
49 Required Reading CSA s Security Guidance for Critical Areas of Focus in Cloud Computing ENISA s Benefits, Risks and Recommendations for Information Security CloudSecurity.org RationalSurvivability.com/blog
50 EC2 Security Basics Automate, orchestrate, standardize using RightScale, Puppet, Chef, etc Firewall rules / security groups SSH keys, AWS multi-factor auth Use modern, trusted AMI s, patch regularly Know what you re doing? Roll your own
51 Virtual Private Clouds Connect existing datacenter infrastructure to isolated cloud resources Private, overlay network Extend existing datacenter security and monitoring controls into the cloud Amazon VPC CohesiveFT VPN-Cubed CloudSwitch Google Secure Data Connector
52 More CloudSec EnStratus Extra-cloud key and credential storage and management PerspecSys Apps in the cloud, data at home More solutions coming every day, and I interested in hearing about those I neglected to include or mention!
53 In Conclusion VirtSec and CloudSec follow the same rules that the rest of our infrastructure follows, though they do introduce new surfaces, forms of exposure, and questions about governance and responsibility Secure your resources first, then focus on hardening your guests and instances -- the most likely sources of compromise and/or data loss / theft / manipulation Oh yeah, and don t forget to K.I.S.S. M.Y.A.S.S! ;)
Securely Architecting the Internal Cloud. Rob Randell, CISSP Senior Security and Compliance Specialist VMware, Inc.
Securely Architecting the Internal Cloud Rob Randell, CISSP Senior Security and Compliance Specialist VMware, Inc. Securely Building the Internal Cloud Virtualization is the Key How Virtualization Affects
More informationMitigating Information Security Risks of Virtualization Technologies
Mitigating Information Security Risks of Virtualization Technologies Toon-Chwee, Wee VMWare (Hong Kong) 2009 VMware Inc. All rights reserved Agenda Virtualization Overview Key Components of Secure Virtualization
More informationCompTIA Cloud+ 9318; 5 Days, Instructor-led
CompTIA Cloud+ 9318; 5 Days, Instructor-led Course Description The CompTIA Cloud+ certification validates the knowledge and best practices required of IT practitioners working in cloud computing environments,
More informationHow To Install Eucalyptus (Cont'D) On A Cloud) On An Ubuntu Or Linux (Contd) Or A Windows 7 (Cont') (Cont'T) (Bsd) (Dll) (Amd)
Installing Eucalyptus Past, Present, and Future Eucalyptus Overview Most widely deployed software platform for on-premise IaaS clouds 25,000+ cloud starts as of mid 2011 AWS-compatible, enterprise-deployed
More informationCompTIA Cloud+ Course Content. Length: 5 Days. Who Should Attend:
CompTIA Cloud+ Length: 5 Days Who Should Attend: Project manager, cloud computing services Cloud engineer Manager, data center SAN Business analyst, cloud computing Summary: The CompTIA Cloud+ certification
More informationVMware ESX Server 3 Configuration Guide
Date: 03/03/08 VMware ESX Server 3 Configuration Guide Enterprise Applications Division of the Systems and Network Analysis Center (SNAC) Information Assurance Directorate National Security Agency 9800
More informationSecurity. Environments. Dave Shackleford. John Wiley &. Sons, Inc. s j}! '**»* t i j. l:i. in: i««;
Security N Environments '' J J H -. i ^ s j}! Dave Shackleford '**»* t i j i««; l:i in: John Wiley &. Sons, Inc. Contents Introduction.. : xix Chapter l Fundamentals of Virtualization Security Virtualization
More informationONE Cloud Services Secure Cloud Applications for E-Health
ONE Cloud Services Secure Cloud Applications for E-Health http://cloudbestpractices.net Cloud Solutions Roadmap The Cloud Best Practices Network (CBPN) specializes in pioneering and documenting best practice
More informationCS 356 Lecture 25 and 26 Operating System Security. Spring 2013
CS 356 Lecture 25 and 26 Operating System Security Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control
More informationVMware: Advanced Security
VMware: Advanced Security Course Introduction Course Introduction Chapter 01 - Primer and Reaffirming Our Knowledge Primer and Reaffirming Our Knowledge ESX Networking Components How Virtual Ethernet Adapters
More informationVirtualization System Security
Virtualization System Security Bryan Williams, IBM X-Force Advanced Research Tom Cross, Manager, IBM X-Force Security Strategy 2009 IBM Corporation Overview Vulnerability disclosure analysis Vulnerability
More informationArchitecting and Building a Secure and Compliant Virtual Infrastructure and Private Cloud
Architecting and Building a Secure and Compliant Virtual Infrastructure and Private Cloud Rob Randell, CISSP Principal Systems Engineer Security Specialist Agenda What is the Cloud? Virtualization Basics
More informationRestricted Document. Pulsant Technical Specification
Pulsant Technical Specification Title Pulsant Government Virtual Server IL2 Department Cloud Services Contributors RR Classification Restricted Version 1.0 Overview Pulsant offer two products based on
More informationVMware vsphere-6.0 Administration Training
VMware vsphere-6.0 Administration Training Course Course Duration : 20 Days Class Duration : 3 hours per day (Including LAB Practical) Classroom Fee = 20,000 INR Online / Fast-Track Fee = 25,000 INR Fast
More informationyvette@yvetteagostini.it yvette@yvetteagostini.it
1 The following is merely a collection of notes taken during works, study and just-for-fun activities No copyright infringements intended: all sources are duly listed at the end of the document This work
More informationLearn the Essentials of Virtualization Security
Learn the Essentials of Virtualization Security by Dave Shackleford by Dave Shackleford This paper is the first in a series about the essential security issues arising from virtualization and the adoption
More informationCloud Platform Comparison: CloudStack, Eucalyptus, vcloud Director and OpenStack
Cloud Platform Comparison: CloudStack, Eucalyptus, vcloud Director and OpenStack This vendor-independent research contains a product-by-product comparison of the most popular cloud platforms (along with
More informationArcGIS for Server: In the Cloud
DevSummit DC February 11, 2015 Washington, DC ArcGIS for Server: In the Cloud Bonnie Stayer, Esri Session Outline Cloud Overview - Benefits - Types of clouds ArcGIS in AWS - Cloud Builder - Maintenance
More informationCloud Security Overview
UT DALLAS Erik Jonsson School of Engineering & Computer Science Cloud Security Overview Murat Kantarcioglu Outline Current cloud security techniques Amazon Web services Microsoft Azure Cloud Security Challengers
More informationCloudPlatform (powered by Apache CloudStack) Version 4.2 Administrator's Guide
CloudPlatform (powered by Apache CloudStack) Version 4.2 Administrator's Guide Revised September 7, 2013 10:50 pm Pacific Citrix CloudPlatform CloudPlatform (powered by Apache CloudStack) Version 4.2 Administrator's
More informationvsphere Private Cloud RAZR s Edge Virtualization and Private Cloud Administration
Course Details Level: 1 Course: V6PCRE Duration: 5 Days Language: English Delivery Methods Instructor Led Training Instructor Led Online Training Participants: Virtualization and Cloud Administrators,
More informationVmware VSphere 6.0 Private Cloud Administration
To register or for more information call our office (208) 898-9036 or email register@leapfoxlearning.com Vmware VSphere 6.0 Private Cloud Administration Class Duration 5 Days Introduction This fast paced,
More informationVirtualization Security Checklist
Virtualization Security Checklist This virtualization security checklist is intended for use with enterprise full virtualization environments (as opposed to paravirtualization, application or operating
More informationHow To Extend Security Policies To Public Clouds
What You Will Learn Public sector organizations without the budget to build a private cloud can consider public cloud services. The drawback until now has been tenants limited ability to implement their
More informationThe Virtualization Practice
The Virtualization Practice White Paper: Security Requirements of Hybrid Clouds: A Product Comparison! Edward L. Haletky Analyst Virtualization and Cloud Security! The Virtualization Practice Sponsored
More informationCloudPlatform (powered by Apache CloudStack) Version 4.3.0.2 Administrator's Guide
CloudPlatform (powered by Apache CloudStack) Version 4.3.0.2 Administrator's Guide Revised November 11, 2014 03:00 PM IST Citrix CloudPlatform CloudPlatform (powered by Apache CloudStack) Version 4.3.0.2
More informationCloud computing: benefits, risks and recommendations for information security
Cloud computing: benefits, risks and recommendations for information security Dr Giles Hogben Secure Services Programme Manager European Network and Information Security Agency (ENISA) Goals of my presentation
More informationCloud Models and Platforms
Cloud Models and Platforms Dr. Sanjay P. Ahuja, Ph.D. 2010-14 FIS Distinguished Professor of Computer Science School of Computing, UNF A Working Definition of Cloud Computing Cloud computing is a model
More informationHow to Configure an Initial Installation of the VMware ESXi Hypervisor
How to Configure an Initial Installation of the VMware ESXi Hypervisor I am not responsible for your actions or their outcomes, in any way, while reading and/or implementing this tutorial. I will not provide
More informationSecurely Moving Your Business Into the Cloud
Securely Moving Your Business Into the Cloud Alex Stamos Partner SOURCE Boston April 21, 2010 Your Humble Narrator Alex Stamos Co Founder and Partner of isec LBNL, Loudcloud, @stake UC Berkeley BS EECS
More informationPCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP
solution brief PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP AWS AND PCI DSS COMPLIANCE To ensure an end-to-end secure computing environment, Amazon Web Services (AWS) employs a shared security responsibility
More informationVMware vsphere 4.1 with ESXi and vcenter
VMware vsphere 4.1 with ESXi and vcenter This powerful 5-day class is an intense introduction to virtualization using VMware s vsphere 4.1 including VMware ESX 4.1 and vcenter. Assuming no prior virtualization
More informationLearn the essentials of virtualization security
Learn the essentials of virtualization security White Paper Table of Contents 3 Introduction 4 Hypervisor connectivity and risks 4 Multi-tenancy risks 5 Management and operational network risks 5 Storage
More informationThe growing importance of a secure Cloud environment
The growing importance of a secure Cloud environment Jan Tiri jtiri@vmware.com System Engineer, VMware BeLux 2009 VMware Inc. All rights reserved Cloud components Enterprises Cloud Service Providers Private
More informationCloud Security. Nantawan Wongkachonkitti Electronic Government Agency, Thailand Cloud Security Alliance, Thailand Chapter October 2014
Cloud Security Nantawan Wongkachonkitti Electronic Government Agency, Thailand Cloud Security Alliance, Thailand Chapter October 2014 Agenda Introduction Security Assessment for Cloud Secure Cloud Infrastructure
More informationVirtual Computing and VMWare. Module 4
Virtual Computing and VMWare Module 4 Virtual Computing Cyber Defense program depends on virtual computing We will use it for hands-on learning Cyber defense competition will be hosted on a virtual computing
More informationVMware vsphere 5.0 Boot Camp
VMware vsphere 5.0 Boot Camp This powerful 5-day 10hr/day class is an intensive introduction to VMware vsphere 5.0 including VMware ESX 5.0 and vcenter. Assuming no prior virtualization experience, this
More informationSecuring Privileges in the Cloud. A Clear View of Challenges, Solutions and Business Benefits
A Clear View of Challenges, Solutions and Business Benefits Introduction Cloud environments are widely adopted because of the powerful, flexible infrastructure and efficient use of resources they provide
More informationUnmasking Virtualization Security. Eric A. Hibbard, CISSP, CISA Hitachi Data Systems
Eric A. Hibbard, CISSP, CISA Hitachi Data Systems SNIA Legal Notice The material contained in this tutorial is copyrighted by the SNIA unless otherwise noted. Member companies and individual members may
More informationSecurity Virtual Infrastructure - Cloud
Security Virtual Infrastructure - Cloud Your Name Ramkumar Mohan Head IT & CISO Orbis Financial Corporation Ltd Agenda Cloud Brief Introduction State of Cloud Cloud Challenges Private Cloud Journey to
More informationApplication Security Best Practices. Matt Tavis Principal Solutions Architect
Application Security Best Practices Matt Tavis Principal Solutions Architect Application Security Best Practices is a Complex topic! Design scalable and fault tolerant applications See Architecting for
More informationVirtualization & Cloud Computing (2W-VnCC)
Virtualization & Cloud Computing (2W-VnCC) DETAILS OF THE SYLLABUS: Basics of Networking Types of Networking Networking Tools Basics of IP Addressing Subnet Mask & Subnetting MAC Address Ports : Physical
More informationVirtualization and Cloud Computing
Virtualization and Cloud Computing Security is a Process, not a Product Guillermo Macias CIP Security Auditor, Sr. Virtualization Purpose of Presentation: To inform entities about the importance of assessing
More informationVMware vsphere 5.1 Advanced Administration
Course ID VMW200 VMware vsphere 5.1 Advanced Administration Course Description This powerful 5-day 10hr/day class is an intensive introduction to VMware vsphere 5.0 including VMware ESX 5.0 and vcenter.
More informationTable of Contents. vsphere 4 Suite 24. Chapter Format and Conventions 10. Why You Need Virtualization 15 Types. Why vsphere. Onward, Through the Fog!
Table of Contents Introduction 1 About the VMware VCP Program 1 About the VCP Exam 2 Exam Topics 3 The Ideal VCP Candidate 7 How to Prepare for the Exam 9 How to Use This Book and CD 10 Chapter Format
More informationLecture 02b Cloud Computing II
Mobile Cloud Computing Lecture 02b Cloud Computing II 吳 秀 陽 Shiow-yang Wu T. Sridhar. Cloud Computing A Primer, Part 2: Infrastructure and Implementation Topics. The Internet Protocol Journal, Volume 12,
More informationVX 9000E WiNG Express Manager INSTALLATION GUIDE
VX 9000E WiNG Express Manager INSTALLATION GUIDE 2 VX 9000E WiNG Express Manager Service Information If you have a problem with your equipment, contact support for your region. Support and issue resolution
More informationGetting Started Hacking on OpenNebula
LinuxTag 2013 Berlin, Germany, May 22nd Getting Started Hacking on OpenNebula Carlos Martín Project Engineer Acknowledgments The research leading to these results has received funding from Comunidad de
More informationTHE EUCALYPTUS OPEN-SOURCE PRIVATE CLOUD
THE EUCALYPTUS OPEN-SOURCE PRIVATE CLOUD By Yohan Wadia ucalyptus is a Linux-based opensource software architecture that implements efficiencyenhancing private and hybrid clouds within an enterprise s
More informationVirtualization Security and Best Practices. Rob Randell, CISSP Senior Security Specialist SE
Virtualization Security and Best Practices Rob Randell, CISSP Senior Security Specialist SE Agenda General Virtualization Concepts Hardware Virtualization and Application Virtualization Types of Hardware
More informationCloud Computing. Chapter 1 Introducing Cloud Computing
Cloud Computing Chapter 1 Introducing Cloud Computing Learning Objectives Understand the abstract nature of cloud computing. Describe evolutionary factors of computing that led to the cloud. Describe virtualization
More informationPCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP
SOLUTION BRIEF PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP The benefits of cloud computing are clear and compelling: no upfront investment, low ongoing costs, flexible capacity and fast application
More informationEnterprise. ESXi in the. VMware ESX and. Planning Deployment of. Virtualization Servers. Edward L. Haletky
VMware ESX and ESXi in the Enterprise Planning Deployment of Virtualization Servers Edward L. Haletky PRENTICE HALL Upper Saddle River, NJ Boston Indianapolis San Francisco New York Toronto Montreal London
More informationEffective End-to-End Cloud Security
Effective End-to-End Cloud Security Securing Your Journey to the Cloud Trend Micro SecureCloud A Trend Micro & VMware White Paper August 2011 I. EXECUTIVE SUMMARY This is the first paper of a series of
More informationPresentation for ISACA Chapter NL. Auditing Virtual Servers. VMware: Security and Operations. Gert-Jan Timmer 3. September, 2012
Presentation for ISACA Chapter NL Auditing Virtual Servers VMware: Security and Operations Gert-Jan Timmer 3. September, 2012 Auditing Virtual Servers: Vmware: Security and Operations Presentation today:
More informationSecurity & Cloud Services IAN KAYNE
Security & Cloud Services IAN KAYNE CloudComponents CLOUD SERVICES Dynamically scalable infrastructure, services and software based on broad network accessibility NETWORK ACCESS INTERNAL ESTATE CloudComponents
More informationIdentity and Access Management for the Cloud What You Need to Know About Managing Access to Your Clouds
Identity and Access Management for the Cloud What You Need to Know About Managing Access to Your Clouds Identity & Access Management One of the biggest challenges in information security is Identity and
More informationThe Virtualization Security Landscape: What's Changed?
The Virtualization Security Landscape: What's Changed? Dave Shackleford IANS Session ID: Sect-302 Session Classification: Intermediate Virtualization Security: Then and Now We started this discussion in
More informationSecuring the Journey to the Private Cloud. Dominique Dessy RSA, the Security Division of EMC
Securing the Journey to the Private Cloud Dominique Dessy RSA, the Security Division of EMC June 2010 Securing the Journey to The Private Cloud The Journey IT Production Business Production IT-As-A-Service
More informationCloud Security:Threats & Mitgations
Cloud Security:Threats & Mitgations Vineet Mago Naresh Khalasi Vayana 1 What are we gonna talk about? What we need to know to get started Its your responsibility Threats and Remediations: Hacker v/s Developer
More informationANNEXURE-1 TO THE TENDER ENQUIRY NO.: DPS/AMPU/MIC/1896. Network Security Software Nessus- Technical Details
Sub: Supply, Installation, setup and testing of Tenable Network Security Nessus vulnerability scanner professional version 6 or latest for scanning the LAN, VLAN, VPN and IPs with 3 years License/Subscription
More informationvsphere Security ESXi 6.0 vcenter Server 6.0 EN-001466-04
ESXi 6.0 vcenter Server 6.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions
More informationSecurity Issues in Cloud Computing
Security Issues in Computing CSCI 454/554 Computing w Definition based on NIST: A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources
More informationOvercoming Security Challenges to Virtualize Internet-facing Applications
Intel IT IT Best Practices Cloud Security and Secure ization November 2011 Overcoming Security Challenges to ize Internet-facing Applications Executive Overview To enable virtualization of Internet-facing
More informationHow To Install Vsphere On An Ecx 4 On A Hyperconverged Powerline On A Microsoft Vspheon Vsphee 4 On An Ubuntu Vspheron V2.2.5 On A Powerline
vsphere 4 Implementation Contents Foreword Acknowledgments Introduction xix xxi xxiii 1 Install and Configure ESX 4 Classic 1 WhatlsESX? 3 for ESX Installation 4 Preparing Confirming Physical Settings
More informationCloud Security Through Threat Modeling. Robert M. Zigweid Director of Services for IOActive
Cloud Security Through Threat Modeling Robert M. Zigweid Director of Services for IOActive 1 Key Points Introduction Threat Model Primer Assessing Threats Mitigating Threats Sample Threat Model Exercise
More informationSMS. Cloud Computing. Systems Management Specialists. Grupo SMS www.grupo-sms.com 949.223.9240 option 3 for sales
SMS Systems Management Specialists Cloud Computing Grupo SMS www.grupo-sms.com 949.223.9240 option 3 for sales Cloud Computing The SMS Model: Cloud computing is a model for enabling ubiquitous, convenient,
More informationHow to Create a Virtual Switch in VMware ESXi
How to Create a Virtual Switch in VMware ESXi I am not responsible for your actions or their outcomes, in any way, while reading and/or implementing this tutorial. I will not provide support for the information
More informationVMWARE VSPHERE 5.0 WITH ESXI AND VCENTER
VMWARE VSPHERE 5.0 WITH ESXI AND VCENTER CORPORATE COLLEGE SEMINAR SERIES Date: April 15-19 Presented by: Lone Star Corporate College Format: Location: Classroom instruction 8 a.m.-5 p.m. (five-day session)
More informationSecurity Model for VM in Cloud
Security Model for VM in Cloud 1 Venkataramana.Kanaparti, 2 Naveen Kumar R, 3 Rajani.S, 4 Padmavathamma M, 5 Anitha.C 1,2,3,5 Research Scholars, 4Research Supervisor 1,2,3,4,5 Dept. of Computer Science,
More informationCloud Computing. Adam Barker
Cloud Computing Adam Barker 1 Overview Introduction to Cloud computing Enabling technologies Different types of cloud: IaaS, PaaS and SaaS Cloud terminology Interacting with a cloud: management consoles
More informationOpenNebula Open Souce Solution for DC Virtualization
13 th LSM 2012 7 th -12 th July, Geneva OpenNebula Open Souce Solution for DC Virtualization Constantino Vázquez Blanco OpenNebula.org What is OpenNebula? Multi-tenancy, Elasticity and Automatic Provision
More informationIntroduction to Cloud Computing
Introduction to Cloud Computing Shang Juh Kao Dept. of Computer Science and Engineering National Chung Hsing University 2011/10/27 CSE, NCHU 1 Table of Contents 1. Introduction ( 資 料 取 自 NCHC 自 由 軟 體 實
More informationCovering my IaaS: Security and Extending the Datacenter. Brian Bourne Tadd Axon
Covering my IaaS: Security and Extending the Datacenter Brian Bourne Tadd Axon About Us Tadd Axon - Holds a Bachelor of Business Administration with a minor in Spanish from Wilfrid Laurier University.
More informationNetwork Access Control in Virtual Environments. Technical Note
Contents Security Considerations in.... 3 Addressing Virtualization Security Challenges using NAC and Endpoint Compliance... 3 Visibility and Profiling of VMs.... 4 Identification of Rogue or Unapproved
More informationVMWARE Introduction ESX Server Architecture and the design of Virtual Machines
Introduction........................................................................................ 2 ESX Server Architecture and the design of Virtual Machines........................................
More informationNetwork Troubleshooting & Configuration in vsphere 5.0. 2010 VMware Inc. All rights reserved
Network Troubleshooting & Configuration in vsphere 5.0 2010 VMware Inc. All rights reserved Agenda Physical Network Introduction to Virtual Network Teaming - Redundancy and Load Balancing VLAN Implementation
More informationCisco Hybrid Cloud Solution: Deploy an E-Business Application with Cisco Intercloud Fabric for Business Reference Architecture
Reference Architecture Cisco Hybrid Cloud Solution: Deploy an E-Business Application with Cisco Intercloud Fabric for Business Reference Architecture 2015 Cisco and/or its affiliates. All rights reserved.
More informationUnderstanding Cisco Cloud Fundamentals CLDFND v1.0; 5 Days; Instructor-led
Understanding Cisco Cloud Fundamentals CLDFND v1.0; 5 Days; Instructor-led Course Description Understanding Cisco Cloud Fundamentals (CLDFND) v1.0 is a five-day instructor-led training course that is designed
More informationNETWORK ACCESS CONTROL AND CLOUD SECURITY. Tran Song Dat Phuc SeoulTech 2015
NETWORK ACCESS CONTROL AND CLOUD SECURITY Tran Song Dat Phuc SeoulTech 2015 Table of Contents Network Access Control (NAC) Network Access Enforcement Methods Extensible Authentication Protocol IEEE 802.1X
More informationOpenNebula Open Souce Solution for DC Virtualization
OSDC 2012 25 th April, Nürnberg OpenNebula Open Souce Solution for DC Virtualization Constantino Vázquez Blanco OpenNebula.org What is OpenNebula? Multi-tenancy, Elasticity and Automatic Provision on Virtualized
More informationData Centers and Cloud Computing
Data Centers and Cloud Computing CS377 Guest Lecture Tian Guo 1 Data Centers and Cloud Computing Intro. to Data centers Virtualization Basics Intro. to Cloud Computing Case Study: Amazon EC2 2 Data Centers
More informationCLOUD COMPUTING OVERVIEW
CLOUD COMPUTING OVERVIEW http://www.tutorialspoint.com/cloud_computing/cloud_computing_overview.htm Copyright tutorialspoint.com Cloud Computing provides us a means by which we can access the applications
More informationUnleash the IaaS Cloud About VMware vcloud Director and more VMUG.BE June 1 st 2012
Unleash the IaaS Cloud About VMware vcloud Director and more VMUG.BE June 1 st 2012 2 Who? Viktor van den Berg Consultant @ PQR Former Dutch VMUG Leader Blogger at www.viktorious.nl Twitter @viktoriousss
More informationMeeting the Challenges of Virtualization Security
Meeting the Challenges of Virtualization Security Coordinate Security. Server Defense for Virtual Machines A Trend Micro White Paper August 2009 I. INTRODUCTION Virtualization enables your organization
More informationVMware Security Briefing. Rob Randell, CISSP Senior Security Specialist SE
VMware Security Briefing Rob Randell, CISSP Senior Security Specialist SE Agenda Security Advantages of Virtualization Security Concepts in Virtualization Architecture Operational Security Issues with
More informationOpenNebula Open Souce Solution for DC Virtualization. C12G Labs. Online Webinar
OpenNebula Open Souce Solution for DC Virtualization C12G Labs Online Webinar What is OpenNebula? Multi-tenancy, Elasticity and Automatic Provision on Virtualized Environments I m using virtualization/cloud,
More informationHost Hardening. Presented by. Douglas Couch & Nathan Heck Security Analysts for ITaP 1
Host Hardening Presented by Douglas Couch & Nathan Heck Security Analysts for ITaP 1 Background National Institute of Standards and Technology Draft Guide to General Server Security SP800-123 Server A
More informationBoas Betzler. Planet. Globally Distributed IaaS Platform Examples AWS and SoftLayer. November 9, 2015. 20014 IBM Corporation
Boas Betzler Cloud IBM Distinguished Computing Engineer for a Smarter Planet Globally Distributed IaaS Platform Examples AWS and SoftLayer November 9, 2015 20014 IBM Corporation Building Data Centers The
More informationHow To Create A Cloud Based System For Aaas (Networking)
1 3.1 IaaS Definition IaaS: Infrastructure as a Service Through the internet, provide IT server, storage, computing power and other infrastructure capacity to the end users and the service fee based on
More informationCisco Intercloud Fabric for Business
Data Sheet Cisco Intercloud Fabric for Business Combining the Benefits of Public and Private Clouds in a Hybrid Cloud Cisco Intercloud Fabric for Business enables enterprises to create a seamless hybrid
More informationAn Introduction to Cloud Computing Concepts
Software Engineering Competence Center TUTORIAL An Introduction to Cloud Computing Concepts Practical Steps for Using Amazon EC2 IaaS Technology Ahmed Mohamed Gamaleldin Senior R&D Engineer-SECC ahmed.gamal.eldin@itida.gov.eg
More informationDeployment of Private, Hybrid & Public Clouds with OpenNebula
EL / LAK (FOSS) 2010 May 14th, 2010 Deployment of Private, Hybrid & Public Clouds with OpenNebula University Complutense of Madrid The Anatomy of an IaaS Cloud Deployment of Private, Hybrid & Public Clouds
More informationVirtualization and Cloud Computing
Written by Zakir Hossain, CS Graduate (OSU) CEO, Data Group Fed Certifications: PFA (Programming Foreign Assistance), COR (Contracting Officer), AOR (Assistance Officer) Oracle Certifications: OCP (Oracle
More informationVirtualization Impact on Compliance and Audit
2009 Reflex Systems, LLC Virtualization Impact on Compliance and Audit Michael Wronski, CISSP VP Product Management Reflex Systems Agenda Introduction Virtualization? Cloud? Risks and Challenges? Compliance
More informationGE Measurement & Control. Cyber Security for NEI 08-09
GE Measurement & Control Cyber Security for NEI 08-09 Contents Cyber Security for NEI 08-09...3 Cyber Security Solution Support for NEI 08-09...3 1.0 Access Contols...4 2.0 Audit And Accountability...4
More informationProtecting Virtual Endpoints with McAfee Server Security Suite Essentials
Sponsored by McAfee Protecting Virtual Endpoints with McAfee Server Security Suite Essentials December 2013 A SANS Analyst Whitepaper Written by Dave Shackleford Capability Sets for Virtualization Security
More informationPrivate Cloud for WebSphere Virtual Enterprise Application Hosting
Private Cloud for WebSphere Virtual Enterprise Application Hosting Tracy Smith Nationwide Insurance February 7, 2013 Session Number 12884 www.linkedin.com/in/tracysmith2 smitht40@nationwide.com Private
More informationDeploy XenApp 7.5 and 7.6 and XenDesktop 7.5 and 7.6 with Amazon VPC
XenApp 7.5 and 7.6 and XenDesktop 7.5 and 7.6 Deploy XenApp 7.5 and 7.6 and XenDesktop 7.5 and 7.6 with Amazon VPC Prepared by: Peter Bats Commissioning Editor: Linda Belliveau Version: 5.0 Last Updated:
More informationPreparing an RFI for. This RFI has been updated to reflect the new requirements in Version 3.0 of the PCI DSS, which took effect January 2015.
Preparing an RFI for Protecting cardholder data is a critical and mandatory requirement for all organizations that process, store or transmit information on credit or debit cards. Requirements and guidelines
More information