OpenStack Cloud Security+code

Название: OpenStack Cloud Security
Автор: Fabio Alessandro
Издательство:
Год: 2015
Страниц:160
Язык: English
Формат: pdf+code
Размер: 1,7 Mb
If you are an OpenStack administrator or developer, or wish to build solutions to protect your OpenStack environment, then this book is for you.
Experience of Linux administration and familiarity with different OpenStack components is assumed.
About This Book
Design, implement, and deliver a safe and sound OpenStack cluster using best practices
Create a production-ready environment and protect your data on the cloud
A step-by-step tutorial packed with real-world solutions that helps you learn easily and quickly
Who This Book Is For
If you are an OpenStack administrator or developer, or wish to build solutions to protect your OpenStack environment, then this book is for you. Experience of Linux administration and familiarity with different OpenStack components is assumed.
Table of Contents
1: First Things First – Creating a Safe Environment
2: OpenStack Security Challenges
3: Securing OpenStack Networking
4: Securing OpenStack Communications and Its API
5: Securing the OpenStack Identification and Authentication System and Its Dashboard
6: Securing OpenStack Storage
7: Securing the Hypervisor
What You Will Learn
Secure your servers, data center, and network to improve your environment for the cloud
Gain insights into ISP intercept and social engineering
Explore automated attacks with the help of mass phishing, brute force, and automated exploitation tools
Secure your OpenStack installation from a networking perspective at both low and high levels
Get to know how to secure your OpenStack to use only encrypted communications for APIs
Configure secure communications on the OpenStack API
Harden OpenStack Keystone and Horizon for a more secure environment
Protect the Swift replication mechanism through network hardening
In Detail
OpenStack is a system that controls large pools of computing, storage, and networking resources, allowing its users to provision resources through a user-friendly interface. OpenStack helps developers with features such as rolling upgrades, federated identity, and software reliability.
You will begin with basic security policies, such as MAC, MLS, and MCS, and explore the structure of OpenStack and virtual networks with Neutron. Next, you will configure secure communications on the OpenStack API with HTTP connections. You will also learn how to set OpenStack Keystone and OpenStack Horizon and gain a deeper understanding of the similarities/differences between OpenStack Cinder and OpenStack Swift.
By the end of this book, you will be able to tweak your hypervisor to make it safer and a smart choice based on your needs.
Authors
Fabio Alessandro Locati
Fabio Alessandro Locati is an Italian IT external consultant. His main areas of expertise are Linux, networking, security, data centers, and OpenStack. With more than 10 years of working experience in this field, he has experienced different IT roles, technologies, and languages. Fabio has worked for many different companies, starting from a one-man company to huge companies such as Tech Data and Samsung. This has allowed him to consider various technologies from different points of view, helping him develop critical thinking and understand whether a particular technology is the correct one in a very short span of time.
Since he is always looking for better technologies, he also tries new technologies to see their advantages over the old ones. Two of the most important things Fabio evaluates in a technology are its internal security and the possibility of additional security through configuration or interaction with the other technologies. For virtualization, he often uses OpenStack due to its power and simplicity, ever since he first tried it in 2011. Fabio has used OpenStack for the public-facing cloud, as well as the internal clouds.
Contents¶
Introduction
Acknowledgements
Why and how we wrote this book
Introduction to OpenStack
Security boundaries and threats
Introduction to case studies
System documentation
System documentation requirements
Case studies
Management
Continuous systems management
Integrity life-cycle
Management interfaces
Case studies
Secure communication
Introduction to TLS and SSL
TLS proxies and HTTP services
Secure reference architectures
Case studies
API endpoints
API endpoint configuration recommendations
Case studies
Identity
Authentication
Authentication methods
Authorization
Policies
Tokens
Domains
Federated keystone
Checklist
Case studies
Dashboard
Domain names, dashboard upgrades, and basic web server configuration
HTTPS, HSTS, XSS, and SSRF
Front-end caching and session back end
Static media
Secret key
Cookies
Cross Origin Resource Sharing (CORS)
Debug
Case studies
Compute
Hypervisor selection
Hardening the virtualization layers
Hardening Compute deployments
Vulnerability awareness
How to select virtual consoles
Case studies
Checklist
Block Storage
Checklist
Networking
Networking architecture
Networking services
Networking services security best practices
Securing OpenStack networking services
Case studies
Object Storage
First thing to secure: the network
Securing services: general
Securing storage services
Securing proxy services
Object Storage authentication
Other notable items
Message queuing
Messaging security
Case studies
Data processing
Introduction to Data processing
Deployment
Configuration and hardening
Case studies
Databases
Database back end considerations
Database access control
Database transport security
Case studies
Tenant data privacy
Data privacy concerns
Data encryption
Key management
Case studies
Instance security management
Security services for instances
Case studies
Monitoring and logging
Forensics and incident response
Case studies
Compliance
Compliance overview
Understanding the audit process
Compliance activities
Certification and compliance statements
Privacy
Case studies
Community support
Documentation
ask.openstack.org
OpenStack mailing lists
The OpenStack wiki
The Launchpad Bugs area
The OpenStack IRC channel
Documentation feedback
OpenStack distribution packages
Glossary
depositfiles.com
turbobit.net