real security in a virtual environment
DESCRIPTION
A general overview on the pitfalls in cloud security and everything that surrounds it.TRANSCRIPT
![Page 1: Real Security in a Virtual Environment](https://reader036.vdocument.in/reader036/viewer/2022070320/5588fc31d8b42a321a8b4666/html5/thumbnails/1.jpg)
Real Security in a Virtual EnvironmentBy Mattias GeniarSystem Engineer @Nucleus
![Page 2: Real Security in a Virtual Environment](https://reader036.vdocument.in/reader036/viewer/2022070320/5588fc31d8b42a321a8b4666/html5/thumbnails/2.jpg)
Mattias Geniar
System Engineer at Nucleus(Cloud) Hosting provider
http://mattiasgeniar.be@mattiasgeniar
So ... Who am I?
![Page 3: Real Security in a Virtual Environment](https://reader036.vdocument.in/reader036/viewer/2022070320/5588fc31d8b42a321a8b4666/html5/thumbnails/3.jpg)
root@mattias:~#
My comfort zone.
![Page 4: Real Security in a Virtual Environment](https://reader036.vdocument.in/reader036/viewer/2022070320/5588fc31d8b42a321a8b4666/html5/thumbnails/4.jpg)
Not this.
![Page 5: Real Security in a Virtual Environment](https://reader036.vdocument.in/reader036/viewer/2022070320/5588fc31d8b42a321a8b4666/html5/thumbnails/5.jpg)
Now what’s this about?
![Page 6: Real Security in a Virtual Environment](https://reader036.vdocument.in/reader036/viewer/2022070320/5588fc31d8b42a321a8b4666/html5/thumbnails/6.jpg)
First: what is cloud computing?
![Page 7: Real Security in a Virtual Environment](https://reader036.vdocument.in/reader036/viewer/2022070320/5588fc31d8b42a321a8b4666/html5/thumbnails/7.jpg)
Infrastructure-as-a-Service
![Page 8: Real Security in a Virtual Environment](https://reader036.vdocument.in/reader036/viewer/2022070320/5588fc31d8b42a321a8b4666/html5/thumbnails/8.jpg)
Software-as-a-Service
![Page 9: Real Security in a Virtual Environment](https://reader036.vdocument.in/reader036/viewer/2022070320/5588fc31d8b42a321a8b4666/html5/thumbnails/9.jpg)
Platform-as-a-Service
![Page 10: Real Security in a Virtual Environment](https://reader036.vdocument.in/reader036/viewer/2022070320/5588fc31d8b42a321a8b4666/html5/thumbnails/10.jpg)
Hey dude, security?!
![Page 11: Real Security in a Virtual Environment](https://reader036.vdocument.in/reader036/viewer/2022070320/5588fc31d8b42a321a8b4666/html5/thumbnails/11.jpg)
Preventing this cloud ...
![Page 12: Real Security in a Virtual Environment](https://reader036.vdocument.in/reader036/viewer/2022070320/5588fc31d8b42a321a8b4666/html5/thumbnails/12.jpg)
From becoming this one.
![Page 13: Real Security in a Virtual Environment](https://reader036.vdocument.in/reader036/viewer/2022070320/5588fc31d8b42a321a8b4666/html5/thumbnails/13.jpg)
Whatcha talking ‘bout fool?
![Page 14: Real Security in a Virtual Environment](https://reader036.vdocument.in/reader036/viewer/2022070320/5588fc31d8b42a321a8b4666/html5/thumbnails/14.jpg)
Quote
Every security system that hasever been breached was oncethought infallible.
“
![Page 15: Real Security in a Virtual Environment](https://reader036.vdocument.in/reader036/viewer/2022070320/5588fc31d8b42a321a8b4666/html5/thumbnails/15.jpg)
It’s about layers. Many layers.
![Page 16: Real Security in a Virtual Environment](https://reader036.vdocument.in/reader036/viewer/2022070320/5588fc31d8b42a321a8b4666/html5/thumbnails/16.jpg)
A secure location.
![Page 17: Real Security in a Virtual Environment](https://reader036.vdocument.in/reader036/viewer/2022070320/5588fc31d8b42a321a8b4666/html5/thumbnails/17.jpg)
With sufficient power.
![Page 18: Real Security in a Virtual Environment](https://reader036.vdocument.in/reader036/viewer/2022070320/5588fc31d8b42a321a8b4666/html5/thumbnails/18.jpg)
And cooling.
![Page 19: Real Security in a Virtual Environment](https://reader036.vdocument.in/reader036/viewer/2022070320/5588fc31d8b42a321a8b4666/html5/thumbnails/19.jpg)
That is secure.
![Page 20: Real Security in a Virtual Environment](https://reader036.vdocument.in/reader036/viewer/2022070320/5588fc31d8b42a321a8b4666/html5/thumbnails/20.jpg)
But that’s just the bottom layer.
![Page 21: Real Security in a Virtual Environment](https://reader036.vdocument.in/reader036/viewer/2022070320/5588fc31d8b42a321a8b4666/html5/thumbnails/21.jpg)
Don’t forget this.
![Page 22: Real Security in a Virtual Environment](https://reader036.vdocument.in/reader036/viewer/2022070320/5588fc31d8b42a321a8b4666/html5/thumbnails/22.jpg)
How virtual is ‘virtual’?
![Page 23: Real Security in a Virtual Environment](https://reader036.vdocument.in/reader036/viewer/2022070320/5588fc31d8b42a321a8b4666/html5/thumbnails/23.jpg)
The heart: storage.
![Page 24: Real Security in a Virtual Environment](https://reader036.vdocument.in/reader036/viewer/2022070320/5588fc31d8b42a321a8b4666/html5/thumbnails/24.jpg)
Seperate network.
![Page 25: Real Security in a Virtual Environment](https://reader036.vdocument.in/reader036/viewer/2022070320/5588fc31d8b42a321a8b4666/html5/thumbnails/25.jpg)
But in a good way.
![Page 26: Real Security in a Virtual Environment](https://reader036.vdocument.in/reader036/viewer/2022070320/5588fc31d8b42a321a8b4666/html5/thumbnails/26.jpg)
Should it be encrypted?
![Page 27: Real Security in a Virtual Environment](https://reader036.vdocument.in/reader036/viewer/2022070320/5588fc31d8b42a321a8b4666/html5/thumbnails/27.jpg)
On your storage itself?
![Page 28: Real Security in a Virtual Environment](https://reader036.vdocument.in/reader036/viewer/2022070320/5588fc31d8b42a321a8b4666/html5/thumbnails/28.jpg)
Or within your VM?
![Page 29: Real Security in a Virtual Environment](https://reader036.vdocument.in/reader036/viewer/2022070320/5588fc31d8b42a321a8b4666/html5/thumbnails/29.jpg)
Key management.
![Page 30: Real Security in a Virtual Environment](https://reader036.vdocument.in/reader036/viewer/2022070320/5588fc31d8b42a321a8b4666/html5/thumbnails/30.jpg)
Redundant storage. Good x 2.
![Page 31: Real Security in a Virtual Environment](https://reader036.vdocument.in/reader036/viewer/2022070320/5588fc31d8b42a321a8b4666/html5/thumbnails/31.jpg)
RAIDs
![Page 32: Real Security in a Virtual Environment](https://reader036.vdocument.in/reader036/viewer/2022070320/5588fc31d8b42a321a8b4666/html5/thumbnails/32.jpg)
Have backups. Lots of them.
![Page 33: Real Security in a Virtual Environment](https://reader036.vdocument.in/reader036/viewer/2022070320/5588fc31d8b42a321a8b4666/html5/thumbnails/33.jpg)
The kidneys: connectivity.
![Page 34: Real Security in a Virtual Environment](https://reader036.vdocument.in/reader036/viewer/2022070320/5588fc31d8b42a321a8b4666/html5/thumbnails/34.jpg)
Walls of fire.
![Page 35: Real Security in a Virtual Environment](https://reader036.vdocument.in/reader036/viewer/2022070320/5588fc31d8b42a321a8b4666/html5/thumbnails/35.jpg)
Subnet example
This is youIP: 10.0.0.100Subnet: 255.255.255.0Gateway: 10.0.0.1
This is evil meIP: 10.0.0.105Subnet: 255.255.255.0Gateway: 10.0.0.1
The firewall: 10.0.0.1
![Page 36: Real Security in a Virtual Environment](https://reader036.vdocument.in/reader036/viewer/2022070320/5588fc31d8b42a321a8b4666/html5/thumbnails/36.jpg)
Firewall your firewall?
![Page 37: Real Security in a Virtual Environment](https://reader036.vdocument.in/reader036/viewer/2022070320/5588fc31d8b42a321a8b4666/html5/thumbnails/37.jpg)
Secure connections.
![Page 38: Real Security in a Virtual Environment](https://reader036.vdocument.in/reader036/viewer/2022070320/5588fc31d8b42a321a8b4666/html5/thumbnails/38.jpg)
Know what goes on.
![Page 39: Real Security in a Virtual Environment](https://reader036.vdocument.in/reader036/viewer/2022070320/5588fc31d8b42a321a8b4666/html5/thumbnails/39.jpg)
Find intruders.
![Page 40: Real Security in a Virtual Environment](https://reader036.vdocument.in/reader036/viewer/2022070320/5588fc31d8b42a321a8b4666/html5/thumbnails/40.jpg)
IDS & IPS
![Page 41: Real Security in a Virtual Environment](https://reader036.vdocument.in/reader036/viewer/2022070320/5588fc31d8b42a321a8b4666/html5/thumbnails/41.jpg)
We like graphs. And IDS.
![Page 42: Real Security in a Virtual Environment](https://reader036.vdocument.in/reader036/viewer/2022070320/5588fc31d8b42a321a8b4666/html5/thumbnails/42.jpg)
And boxes. With info.
![Page 43: Real Security in a Virtual Environment](https://reader036.vdocument.in/reader036/viewer/2022070320/5588fc31d8b42a321a8b4666/html5/thumbnails/43.jpg)
Even when the cloud ‘moves’.
![Page 44: Real Security in a Virtual Environment](https://reader036.vdocument.in/reader036/viewer/2022070320/5588fc31d8b42a321a8b4666/html5/thumbnails/44.jpg)
# diff ‘os-virt’ ‘hardware-virt’
![Page 45: Real Security in a Virtual Environment](https://reader036.vdocument.in/reader036/viewer/2022070320/5588fc31d8b42a321a8b4666/html5/thumbnails/45.jpg)
Oh hai root.root@srv:~# hostnamesrv.domain.be
root@srv:~# vzlist --allCTID NPROC STATUS IP_ADDR HOSTNAME 101 74 running 10.0.2.1 topsecret-srv
root@srv:~# vzctl enter 101-bash-3.1# hostnametopsecret-srv.domain.be-bash-3.1# iduid=0(root) gid=0(root)
![Page 46: Real Security in a Virtual Environment](https://reader036.vdocument.in/reader036/viewer/2022070320/5588fc31d8b42a321a8b4666/html5/thumbnails/46.jpg)
Who’s this?
![Page 47: Real Security in a Virtual Environment](https://reader036.vdocument.in/reader036/viewer/2022070320/5588fc31d8b42a321a8b4666/html5/thumbnails/47.jpg)
![Page 48: Real Security in a Virtual Environment](https://reader036.vdocument.in/reader036/viewer/2022070320/5588fc31d8b42a321a8b4666/html5/thumbnails/48.jpg)
Quote
The weakest link in any security system, is the person holding the information
“
![Page 49: Real Security in a Virtual Environment](https://reader036.vdocument.in/reader036/viewer/2022070320/5588fc31d8b42a321a8b4666/html5/thumbnails/49.jpg)
Developers that care.
![Page 50: Real Security in a Virtual Environment](https://reader036.vdocument.in/reader036/viewer/2022070320/5588fc31d8b42a321a8b4666/html5/thumbnails/50.jpg)
That don’t do stupid things.
![Page 51: Real Security in a Virtual Environment](https://reader036.vdocument.in/reader036/viewer/2022070320/5588fc31d8b42a321a8b4666/html5/thumbnails/51.jpg)
With secure API’s.
![Page 52: Real Security in a Virtual Environment](https://reader036.vdocument.in/reader036/viewer/2022070320/5588fc31d8b42a321a8b4666/html5/thumbnails/52.jpg)
And management.
![Page 53: Real Security in a Virtual Environment](https://reader036.vdocument.in/reader036/viewer/2022070320/5588fc31d8b42a321a8b4666/html5/thumbnails/53.jpg)
No no. Real management.
![Page 54: Real Security in a Virtual Environment](https://reader036.vdocument.in/reader036/viewer/2022070320/5588fc31d8b42a321a8b4666/html5/thumbnails/54.jpg)
Quote
Geeks don’t have interests.They have passions.
“
![Page 55: Real Security in a Virtual Environment](https://reader036.vdocument.in/reader036/viewer/2022070320/5588fc31d8b42a321a8b4666/html5/thumbnails/55.jpg)
So. Layers you said?
![Page 56: Real Security in a Virtual Environment](https://reader036.vdocument.in/reader036/viewer/2022070320/5588fc31d8b42a321a8b4666/html5/thumbnails/56.jpg)
Q & A