OpenStack Cloud Security+code

Купить бумажную книгу и читать

Название: OpenStack Cloud Security

Автор: Fabio Alessandro

Издательство:

Год: 2015

Страниц:160

Язык: English

Формат: pdf+code

Размер: 1,7 Mb

If you are an OpenStack administrator or developer, or wish to build solutions to protect your OpenStack environment, then this book is for you.

Experience of Linux administration and familiarity with different OpenStack components is assumed.

About This Book

Design, implement, and deliver a safe and sound OpenStack cluster using best practices

Create a production-ready environment and protect your data on the cloud

A step-by-step tutorial packed with real-world solutions that helps you learn easily and quickly

Who This Book Is For

If you are an OpenStack administrator or developer, or wish to build solutions to protect your OpenStack environment, then this book is for you. Experience of Linux administration and familiarity with different OpenStack components is assumed.

Table of Contents

1: First Things First – Creating a Safe Environment

2: OpenStack Security Challenges

3: Securing OpenStack Networking

4: Securing OpenStack Communications and Its API

5: Securing the OpenStack Identification and Authentication System and Its Dashboard

6: Securing OpenStack Storage

7: Securing the Hypervisor

What You Will Learn

Secure your servers, data center, and network to improve your environment for the cloud

Gain insights into ISP intercept and social engineering

Explore automated attacks with the help of mass phishing, brute force, and automated exploitation tools

Secure your OpenStack installation from a networking perspective at both low and high levels

Get to know how to secure your OpenStack to use only encrypted communications for APIs

Configure secure communications on the OpenStack API

Harden OpenStack Keystone and Horizon for a more secure environment

Protect the Swift replication mechanism through network hardening

In Detail

OpenStack is a system that controls large pools of computing, storage, and networking resources, allowing its users to provision resources through a user-friendly interface. OpenStack helps developers with features such as rolling upgrades, federated identity, and software reliability.

You will begin with basic security policies, such as MAC, MLS, and MCS, and explore the structure of OpenStack and virtual networks with Neutron. Next, you will configure secure communications on the OpenStack API with HTTP connections. You will also learn how to set OpenStack Keystone and OpenStack Horizon and gain a deeper understanding of the similarities/differences between OpenStack Cinder and OpenStack Swift.

By the end of this book, you will be able to tweak your hypervisor to make it safer and a smart choice based on your needs.

Authors

Fabio Alessandro Locati

Fabio Alessandro Locati is an Italian IT external consultant. His main areas of expertise are Linux, networking, security, data centers, and OpenStack. With more than 10 years of working experience in this field, he has experienced different IT roles, technologies, and languages. Fabio has worked for many different companies, starting from a one-man company to huge companies such as Tech Data and Samsung. This has allowed him to consider various technologies from different points of view, helping him develop critical thinking and understand whether a particular technology is the correct one in a very short span of time.

Since he is always looking for better technologies, he also tries new technologies to see their advantages over the old ones. Two of the most important things Fabio evaluates in a technology are its internal security and the possibility of additional security through configuration or interaction with the other technologies. For virtualization, he often uses OpenStack due to its power and simplicity, ever since he first tried it in 2011. Fabio has used OpenStack for the public-facing cloud, as well as the internal clouds.

Contents¶

Introduction

Acknowledgements

Why and how we wrote this book

Introduction to OpenStack

Security boundaries and threats

Introduction to case studies

System documentation

System documentation requirements

Case studies

Management

Continuous systems management

Integrity life-cycle

Management interfaces

Case studies

Secure communication

Introduction to TLS and SSL

TLS proxies and HTTP services

Secure reference architectures

Case studies

API endpoints

API endpoint configuration recommendations

Case studies

Identity

Authentication

Authentication methods

Authorization

Policies

Tokens

Domains

Federated keystone

Checklist

Case studies

Dashboard

Domain names, dashboard upgrades, and basic web server configuration

HTTPS, HSTS, XSS, and SSRF

Front-end caching and session back end

Static media

Secret key

Cookies

Cross Origin Resource Sharing (CORS)

Debug

Case studies

Compute

Hypervisor selection

Hardening the virtualization layers

Hardening Compute deployments

Vulnerability awareness

How to select virtual consoles

Case studies

Checklist

Block Storage

Checklist

Networking

Networking architecture

Networking services

Networking services security best practices

Securing OpenStack networking services

Case studies

Object Storage

First thing to secure: the network

Securing services: general

Securing storage services

Securing proxy services

Object Storage authentication

Other notable items

Message queuing

Messaging security

Case studies

Data processing

Introduction to Data processing

Deployment

Configuration and hardening

Case studies

Databases

Database back end considerations

Database access control

Database transport security

Case studies

Tenant data privacy

Data privacy concerns

Data encryption

Key management

Case studies

Instance security management

Security services for instances

Case studies

Monitoring and logging

Forensics and incident response

Case studies

Compliance

Compliance overview

Understanding the audit process

Compliance activities

Certification and compliance statements

Privacy

Case studies

Community support

Documentation

ask.openstack.org

OpenStack mailing lists

The OpenStack wiki

The Launchpad Bugs area

The OpenStack IRC channel

Documentation feedback

OpenStack distribution packages

Glossary