1 / 43

Cloud and Virtualization Security

Cloud and Virtualization Security. Lecture 6 – Building a Cloud Piotr T. Zbiegiel. Introduction. Recall that a private cloud deployment means that a company has built a cloud system contained entirely within the company and is not utilizing a third-party CSP.

Download Presentation

Cloud and Virtualization Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Cloud and Virtualization Security Lecture 6 – Building a Cloud Piotr T. Zbiegiel

  2. Introduction

  3. Recall that a private cloud deployment means that a company has built a cloud system contained entirely within the company and is not utilizing a third-party CSP. These types of system can range in size from massive datacenter size systems to a tiny cluster used for virtualizing a few servers within the company. Since definitions of cloud are fluid we will accept a range of possibilities here. What is a Private Cloud?

  4. Most of the time these types of systems are built using server virtualization to gain efficiency. But a company can still choose to deliver all three types of service models. (IaaS, PaaS, or SaaS). The systems within the cloud may be used for internal customers only, external customers only, or a combination of systems. What is a Private Cloud? cont’d

  5. Comparing the cost of a private cloud infrastructure with a similar infrastructure utilizing a public CSP the public CSP will win out in almost all cases. • There may be other advantages too. • The public CSP may provide greater elasticity for absorbing traffic or other workload spikes. • But as with all things in life there is more to this decision. Why a Private Cloud?

  6. Many concerns center around data security issues. A company may want to retain control of their data, keep it within their borders. There may be legal or regulatory requirements that prevent you from moving information assets to a third-party CSP even if you can adequately secure them. Why a Private Cloud? cont’d

  7. A private cloud system is a marriage of flexibility and control of information assets. But companies should tread carefully because the benefits of private cloud will be realized based on the scale of the system and how it is utilized within the company. Why a Private Cloud? cont’d

  8. Some CSPs offer the ability to create a “private cloud” within their service offering. (e.g. Amazon Virtual Private Cloud (VPC)) Carefully consider whether there is still adequate cost-benefit with this option. In the end, even if this type of service is more cost effective, other factors may still make building a private cloud within the company the preferred option. What about CSPs with “Private Cloud” offerings?

  9. As mentioned before they cost savings are likely not as great as going public. • But a private cloud will still save money over traditional IT architecture. • Less equipment • Less staff • Lower DC costs (power, cooling, etc.) • Lower lifecycle costs (realized through repeated patterns in infrastructure.) Cost Savings of Private Cloud

  10. Shared resources vs more traditional dedicated resources lead to more than cost savings. Consolidation of servers into a private cloud system can simplify and streamline management of the systems. It can also allow for more effective application of security controls including identity management, centralized logging, network monitoring, etc. Private Clouds Can Benefit Security

  11. A private cloud can be flexible in delivering customized cloud services to different parts of the organization. The pull to provide customized solutions will be especially strong when consolidating existing IT resources to a private cloud. When virtualizing existing servers there will be a natural temptation to replicate the existing infrastructure in its entirety. Customization in Private Cloud

  12. Remember that one of the effects of customizing an environment is reduced operational efficiency. Customization can lead to variations in cloud components. Too much customization can a negate cost savings. The larger the system scale the more careful and organization must be about customization. Customization in Private Cloud cont’d

  13. Much of the cost savings of cloud systems comes from managing identical systems. • Supporting specialized server hardware or storage can spoil those cost savings. • Not to mention muddling security effectiveness. • Configuration management • Patching • Monitoring • Etc. Customization – Hardware Variation

  14. Cost savings and operational efficiency are affected by network variation as well. There may be significant reason to segregate some users of departments due to data classification or sensitivity of data processing that will be occurring. If that is the case it is better to attempt segregation on natural physical boundaries such as between individual racks or groups of racks within a cloud infrastructure. Customization – Network Variation

  15. Virtualization makes it much easier to handle multiple OSes and customized systems. Supporting such systems may be a necessity when moving existing physical infrastructure to a virtualized system. But in most cases users should be steered toward a subset of operating systems which the cloud operations team maintains. Customization – Software Platform Variation

  16. These systems can be built from “golden” images that have been reviewed for configuration security. Having limited variation in VM operating systems and configurations simplifies management, security testing, auditing, etc. Customization – Software Platform Variation cont’d

  17. A group of users or a department may need to have their VMs isolated from others. The cloud system may be configured to only allow their VMs to run on a specified set of hardware. This type of variation does not result in the same kind of isolation as separating networks but may make sense in some cases. Customization – Allocation Boundaries

  18. Customization and Variation on Magellan

  19. More variation in allocated resources increases the chance of mistakes • Having different storage pools could result in data being stored in a storage area with improper controls. • A misconfiguration could cause network traffic to flow over the wrong segments. Risks of Customizing

  20. Elasticity and resilience of a cloud system relies on the system having unutilized capacity that can be used when necessary. • Creating numerous pools of resources means more need for unutilized capacity unique to each pool. • This can mean less elasticity for each individual pool (or higher costs for buying and maintaining additional hardware) • And, of course, too much customization can also cause security controls to be less effective. Risks of Customizing cont’d

  21. The cloud’s use of architectural and operational patterns can enable security • Cookie-cutter infrastructure can make audit, vulnerability scans, anomaly detection, and other security controls easier to manage. • Centralizing resources in a cloud lets you justify buying bigger security tools. • Centralized logging and SIEM • Centralized auth • Bigger vulnerability scanners and IDS systems Cost Advantages for Security in Private Cloud

  22. There are several areas of security criteria to consider when designing a private cloud. • Network • Datacenter • Operational Security Criteria for Private Cloud

  23. First and foremost you must decide whether the private cloud will talk to the Internet, internal networks, or both • This should be documented in the security policy for the system. • After that you can consider various issues of isolation: • Ingress and Egress Filtering • Network Isolation • Physical Isolation • Logical Isolation Network Considerations

  24. Ingress and Egress filtering should be defined at the cloud border. • Whitelist or blacklist? (Whitelist preferred, of course). • If security needs are more serious the system could require authenticated ingress. (Using VPN, for instance.) • Don’t forget about filtering egress traffic. • Servers usually don’t need access to the whole Internet. • Egress filtering could thwart a back-channel or reverse shell connection should one of the VMs get compromised • Blocked outbound connections could be an indication of trouble. Ingress and Egress Filtering

  25. It can be very dangerous to use the same network to move internal and external traffic in a private cloud. Effort should be made to keep the two communication channels separate to prevent any potential exposure of enterprise data to a public user. This should include data storage and data processing instances that may handle enterprise data vs user data. A Few Words about Network Isolation and Routing

  26. When considering network isolation for private cloud we need to go beyond internal vs external. • The sensitivity of functional areas may drive segmentation and isolation decisions. • There are numerous ways to achieve segmentation • Physical network segregation • VLANs Network Isolation

  27. Will traffic be routed between network segments? • Ingress point for a network segment can have access controls. • Firewall • VPN • Remember to test network isolation regularly to make sure it is configured as expected. • Configuration changes over time can potentially introduce mistakes or simply lead away from the original planned intended plan for isolating networks within the cloud system. Network Isolation cont’d

  28. Parts of a system may need to be physically isolated from one another. There may be many reasons that this may be needed. For example, if data processing for internal users cannot (due to the Security Policy) occur on the same storage and VMs as external user data then it makes sense to physically isolation portions of the cloud system. Physical isolation may be easiest to accomplish by dividing the system at the rack level. Physical Isolation

  29. It may make sense to logically divide portions of the cloud. • Dev -> Test -> Prod • Departmental • This allows the application of differing security policies and controls depending on the requirements. • This allows establishing an SOA (Service-oriented Architecture) Logical Isolation

  30. Service-oriented Architecture

  31. A service-oriented architecture allows us to define how cross-boundary sharing of data will be accomplished between differing logically isolated segments of a cloud. Rules and policies are defined to govern the transfer of data between departments. Data transfer rules use the concept of least-privilege to strictly define the data that will be released to other departments. Logical Isolation and SOA

  32. A physically separate management network is a key design element A separate network allows whitelisting of administrator traffic to physical cloud systems. Physical isolation guarantees management traffic does not travel over the same networks and regular user or customer traffic. It also allows additional security controls to be applied specifically to the management network. (such as two-factor authentication) Management Network

  33. There are numerous considerations to keep mind when preparing the physical space for a private cloud system. Many of these are the same you may consider for more traditional IT infrastructure. But given the server consolidation within a cloud system there is even more riding on a well designed space for the system. Datacenter Considerations

  34. Geographic Disparity

  35. Server consolidation in the cloud increases the risk that hardware failure could impact multiple services instead of being confined to a single server. Virtualization and the flexibility of the cloud can actually play a crucial role in business continuity planning However, that is only the case if plans were made ahead of time on how to recover effectively. Business Continuity and Disaster Recovery

  36. Business Impact Analysis

  37. Physical Security

  38. Video Surveillance

  39. Datacenter should contain numerous sensor networks to monitor conditions within the space. Fire and smoke sensors. Humidity and temperature sensors. Sensors should be monitored by a NOC for deviation from the norm. In some cases it may make sense to have the systems monitor environmental readings and take action to lower the thermal load if conditions in the datacenter become critical. Environmental Sensors

  40. Smaller cloud installs may simply be tied to existing fire suppression systems in an office building. Larger systems would benefit from a dedicated from a gaseous fire suppression system. Fire Suppression

  41. Redundant power feeds to the datacenter • Less chance of disruption due to weather, construction, etc. • Can allow power work with less disruption of operations. • UPS Power • Standby generators and adequate fuel • Cooling capacity Power and Cooling

  42. Operational Security Considerations

  43. Conclusion

More Related