Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Building an OpenStack Security Group

Bryan Payne
October 18, 2012
Technology
0
79

Building an OpenStack Security Group

OpenStack Summit, Fall 2012. As OpenStack continues to mature, it is increasingly important for the community to be proactive in improving security. The OpenStack Security Group (OSSG) is a new effort led by Nebula and HP to bring together security professionals who can work to address this need. Our goal is to create a group that complements the Vulnerability Management Team by working to improve the security in each project's software architecture, contributing software to address security relevant blueprints and bugs, and providing cross-project security assessments. This talk will introduce the OSSG and describe some of our early success stories, while starting a conversation about the best path forward for OpenStack security. https://www.openstack.org/summit/san-diego-2012/openstack-summit-sessions/presentation/building-an-openstack-security-group

Bryan Payne

October 18, 2012
Tweet

More Decks by Bryan Payne

See All by Bryan Payne
Fail, Learn, Fix: Improving Security The Old-Fashioned Way
bdpayne
0
260
BLESS: Better Security and Ops for SSH Access
bdpayne
3
740
Securing Containers the Netflix Way
bdpayne
1
2.3k
PKI at Scale Using Short-Lived Certificates
bdpayne
0
870
Platform Security Jobs at Netflix
bdpayne
0
870
Improving Cloud Security with Attacker Profiling
bdpayne
2
820
Key Management in AWS: How Netflix Secures Sensitive Data Without Its Own Data Center
bdpayne
4
1.9k
Security at Different Layers of Abstractions: Application, Operating Systems, and Hardware
bdpayne
0
200
Platform Security at Netflix: Securing Microservices from the Ground Up
bdpayne
0
5.8k

Other Decks in Technology

See All in Technology
ドメインの本質を掴む / Get the essence of the domain
sinsoku
2
150
iOS/Androidで同じUI体験をネ イティブで作成する際に気をつ けたい落とし穴
fumiyasac0921
1
110
SREによる隣接領域への越境とその先の信頼性
shonansurvivors
2
510
複雑なState管理からの脱却
sansantech
PRO
1
140
Security-JAWS【第35回】勉強会クラウドにおけるマルウェアやコンテンツ改ざんへの対策
4su_para
0
170
透過型SMTPプロキシによる送信メールの可観測性向上: Update Edition / Improved observability of outgoing emails with transparent smtp proxy: Update edition
linyows
2
210
【若手エンジニア応援LT会】ソフトウェアを学んできた私がインフラエンジニアを目指した理由
kazushi_ohata
0
150
元旅行会社の情シス部員が教えるおすすめなre:Inventへの行き方 / What is the most efficient way to re:Invent
naospon
2
330
Exadata Database Service on Dedicated Infrastructure(ExaDB-D) UI スクリーン・キャプチャ集
oracle4engineer
PRO
2
3.2k
B2B SaaSから見た最近のC#/.NETの進化
sansantech
PRO
0
670
エンジニア人生の拡張性を高める 「探索型キャリア設計」の提案
tenshoku_draft
1
120
初心者向けAWS Securityの勉強会mini Security-JAWSを9ヶ月ぐらい実施してきての近況
cmusudakeisuke
0
120

Featured

See All Featured
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
356
29k
Build The Right Thing And Hit Your Dates
maggiecrowley
33
2.4k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
28
2k
Embracing the Ebb and Flow
colly
84
4.5k
Teambox: Starting and Learning
jrom
133
8.8k
Visualization
eitanlees
145
15k
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
329
21k
Scaling GitHub
holman
458
140k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
280
13k
Fontdeck: Realign not Redesign
paulrobertlloyd
82
5.2k
Principles of Awesome APIs and How to Build Them.
keavy
126
17k
Bash Introduction
62gerente
608
210k

Transcript

  1. Bryan  D.  Payne,  Nebula   Robert  Clark,  HP   Building

     an  OpenStack  Security  Group  

  2. 10/17/12   2  

  3. 10/17/12   3  

  4. •  Alarm  system?   •  Bars  on  the  windows?  

    •  Dog?   •  Security  Cameras?   •  Move?   10/17/12   4  

  5. •  Alarm  system?   •  Bars  on  the  windows?  

    •  Dog?   •  Security  Cameras?   •  Move?   10/17/12   5  

  6. •  Alarm  system?   •  Bars  on  the  windows?  

    •  Dog?   •  Security  Cameras?   •  Move?   10/17/12   6  

  7. •  Alarm  system?   •  Bars  on  the  windows?  

    •  Dog?   •  Security  Cameras?   •  Move?   10/17/12   7  

  8. •  Alarm  system?   •  Bars  on  the  windows?  

    •  Dog?   •  Security  Cameras?   •  Move?   10/17/12   8  

  9. This  Is  Hard   10/17/12   9  

  10. SoSware  Must  Be  Easier,  Right?   10/17/12   10  

  11. But  Who  Wants  to  Hack  OpenStack?   10/17/12   11

     

  12. 10/17/12   12  

  13. Computer  Security:  What  We  Know   Be#er   Worse  

    Design  for  security  from  the  start   Retrofit  security  when  it’s  important   Understand  your  threats   Just  make  it  secure   Understand  your  goals   Seriously,  just  add  some  security   Pervasive  security  culture   That  paranoid  guy  has  it  under  control   10/17/12   13  

  14. Current  Approach   •  Vulnerability   Management  Team    

    •  People  star_ng  to  think   about  security     10/17/12   14  

  15. OpenStack  Security  Challenges   •  Security  as  an  aSerthought  

    •  Security  as  silos   •  Security  by  non-­‐experts     10/17/12   15  

  16. OpenStack  Security  Group  (OSSG)   •  Security  expert  resource  for

     OS   •  Build  security  culture  within  OS  community   10/17/12   16  

  17. 10/17/12   17   OSSG   Game  Plan  

  18. OSSG  Details   •  Place  at  least  one  security  engineer

     on  each  core  project   –  Code  review   –  Implement  blueprints   –  Design  blueprints   •  Have  at  least  one  person  working  cross  project   –  Write  technical  documenta_on   –  Integra_ng  security  into  con_nuous  integra_on   –  Iden_fy  cross  project  security  concerns   •  Mailing  list  to  have  security  discussions   10/17/12   18  

  19. Case  Study:  HTTPS  Support   10/17/12   19  

  20. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained

    herein is subject to change without notice. Observations from Summit 2012

  21. Crypt Enthusiastic Developer + Hash Algorithm + Async Crypt !=

    Secure Design

  22. Common Mistakes Let us help

  23. OSSG  Next  Steps   •  Will  require  community-­‐level  involvement  

    •  Now  “hiring”  for  OSSG!!   – Security  Engineers   – Technical  Writers   – OpenStack  Deployment  Exper_se   10/17/12   23  

  24. hhps://launchpad.net/~openstack-­‐ossg   10/17/12   24   Please  Join  Us!  

    Bryan  D.  Payne   [email protected]   Robert  Clark   [email protected]