SlideShare une entreprise Scribd logo

CloudPassage Halo Installfest Title Optimization

CloudPassage
CloudPassage

Slides presented at CloudPassage Halo Installfest 03/28/12

Technologie
1  sur  38
Télécharger pour lire hors ligne
CloudPassage Halo Installfest 1
Quick Intro • Thanks for coming out! • Enjoy the free food ☺ • Focus on security issues with IaaS cloud • Interweave that with installing Halo • We’re here to help! – Ask questions – Staff will be handy if you need us – Any and all feedback greatly appreciated CloudPassage Halo Installfest 2
Where Can I Get These Slides? community.cloudpassage.com CloudPassage Halo Installfest 3
Tonight’s Focus • Infrastructure as a Service (IaaS) – Can apply to PaaS and SaaS from a provider’s perspective • Mostly geared to public cloud – Although applicable to private • Tenant security concerns – We’ll skip physical security CloudPassage Halo Installfest 4
What You Need For The Labs • Laptop or tablet • Root equiv access to a Linux VM – Local or public is fine – Spin up now if needed • Internet access – Wifi settings: As Posted CloudPassage Halo Installfest 5
Houston… We Have a Problem All network security benefits Lost in migration: • Firewall – Filter port level access • Firewall – Control rootkit transfer • Proxy – Control app level data • NIDS – Inspect stream for attacks • Sniffer – Audit trail of network traffic CloudPassage Halo Installfest 6
Delineation of Responsibility IaaS PaaS SaaS Interface Interface Interface Application Application Application Solution Stack Solution Stack Solution Stack Tenant Operating System Operating System Operating System Hypervisor Hypervisor Hypervisor Provider Compute & Storage Compute & Storage Compute & Storage Network Network Network Facility Facility Facility CloudPassage Halo Installfest 7
What Are My Options? CloudPassage Halo Installfest 8
Issues to Address • No firewall control • Vulnerability management • Provider image may not meet corporate standards – Configuration settings – Accounts • Detect intrusions CloudPassage Halo Installfest 9
Extending The LAN Into The Cloud CloudPassage Halo Installfest 10
LAN Extended Challenges • Increases load on corporate link – Today we’re mobile – Limits public cloud scaling • Increase load on perimeter infrastructure • Negates network benefits – Provider load balancing – Multi-peer points – Geo-location DNS – Higher latency • No protection within virtual infrastructure CloudPassage Halo Installfest 11
Virtual Appliance Management CloudPassage Halo Installfest 12
Virtual Appliance Architecture CloudPassage Halo Installfest 13
What About Introspection? • Hypervisor based security – Has visibility into all VMs • Single point of control – For a specific hypervisor deployment • Public - Do you want other tenants to have access to your hypervisor? • Do you want your provider to have non- auditable access to your VMs? • Can break segregation of duties CloudPassage Halo Installfest 14
Host-Based Architecture Consistent architecture (and risk abatement) regardless of deployment CloudPassage Halo Installfest 15
Why Host Based Firewalls? • Tenant controlled – Provider gains no additional access • Mitigate potential risks from vswitch or VLANs • Supported across all cloud infrastructures – Consistent management regardless of deployment • Security Is portable with the VM • This is the model supported by Halo CloudPassage Halo Installfest 16
Why restrict Admin Ports? Dshield.org data Green = # of IPs looking for open SSH ports Red = # of IPs hit by SSH scan CloudPassage Halo Installfest 17
Halo Firewall Interface Cloak the port till these users authenticate CloudPassage Halo Installfest 18
Issues to Address • No firewall control • Vulnerability management • Provider image may not meet corporate standards – Configuration settings – Accounts • Detect intrusions CloudPassage Halo Installfest 19
Image Deployment • Provider images usually not patched • Some 3rd party images are pre-patched – To the time of the image's release – Which 3rd parties can you trust? • Auto-patching usually disabled • Some known vulnerabilities may not yet be patched – But it may be possible to mitigate risk is known CloudPassage Halo Installfest 20
Vulnerability Wire Testing • Some providers have restrictions – May be limited by terms of service – May be limited to specific products • Targeting concerns – What if your IP’s are not continuous? – What if the IP changes? • Does not detect local exploits CloudPassage Halo Installfest 21
Host Based Vulnerability Checking • Validate compliances within the VM itself • Can check remote and local vulnerabilities • Typically lower cost to deploy – Less billable utilization • Can false negative if patch not loaded – Kernel updates • This is the model Halo uses CloudPassage Halo Installfest 22
Halo Software Risks CloudPassage Halo Installfest 23
Issues to Address • No firewall control • Vulnerability management • Provider image may not meet corporate standards – Configuration settings – Accounts • Detect intrusions CloudPassage Halo Installfest 24
Configuration Settings • Are only required processes running? – Are they securely configured? • Is password aging enforced? • Is root permitted direct SSH access? • Proper permissions on critical files? • Is sudo or wheel properly configured? • Any changes since deployment? CloudPassage Halo Installfest 25
Creating A Halo Check CloudPassage Halo Installfest 26
Halo Check Results CloudPassage Halo Installfest 27
System Accounts • What accounts are on the system? • Did the provider modify the default accounts? – ec2-user • Which accounts have root level access? • Who has accounts on which servers? • How do you add/delete accounts for many servers simultaneously? CloudPassage Halo Installfest 28
Halo Server Access CloudPassage Halo Installfest 29
Expanded Details CloudPassage Halo Installfest 30
Issues to Address • No firewall control • Vulnerability management • Provider image may not meet corporate standards – Configuration settings – Accounts • Detect intrusions CloudPassage Halo Installfest 31
Clues To An Attack • Some file changes indicate a compromise • Static Web server files • /etc/passwd has new account • /etc/sudoers has new entries • ssh_known_hosts has new entries • authorized_keys has new entries • Halo uses SHA-256 to detect changes CloudPassage Halo Installfest 32
Define Files to Check CloudPassage Halo Installfest 33
Halo FIM Reporting CloudPassage Halo Installfest 34
Event Reporting CloudPassage Halo Installfest 35
Alert Reporting CloudPassage Halo Installfest 36
Lab Time Let’s Install Halo! CloudPassage Halo Installfest 37
Start Here to Create an Account CloudPassage Halo Installfest 38

Recommandé

F5 Meetup presentation automation 2017
F5 Meetup presentation automation 2017F5 Meetup presentation automation 2017
F5 Meetup presentation automation 2017Guy Brown
 
Latest Trends in Web Application Security
Latest Trends in Web Application SecurityLatest Trends in Web Application Security
Latest Trends in Web Application SecurityCloudflare
 
F5 Web Application Security
F5 Web Application SecurityF5 Web Application Security
F5 Web Application SecurityMarketingArrowECS_CZ
 
Migrating from Akamai to Incapsula: What You Need to Know
Migrating from Akamai to Incapsula: What You Need to KnowMigrating from Akamai to Incapsula: What You Need to Know
Migrating from Akamai to Incapsula: What You Need to KnowImperva Incapsula
 
Cloudflare Load Balancing for Monitoring Origin Server Health and Automatic F...
Cloudflare Load Balancing for Monitoring Origin Server Health and Automatic F...Cloudflare Load Balancing for Monitoring Origin Server Health and Automatic F...
Cloudflare Load Balancing for Monitoring Origin Server Health and Automatic F...Cloudflare
 
An Inside Look at a Sophisticated Multi-Vector DDoS Attack
An Inside Look at a Sophisticated Multi-Vector DDoS AttackAn Inside Look at a Sophisticated Multi-Vector DDoS Attack
An Inside Look at a Sophisticated Multi-Vector DDoS AttackImperva Incapsula
 
New Products Overview: Use Cases and Demos
New Products Overview: Use Cases and DemosNew Products Overview: Use Cases and Demos
New Products Overview: Use Cases and DemosCaitlin Magat
 
Azure F5 Solutions
Azure F5 SolutionsAzure F5 Solutions
Azure F5 SolutionsMarketingArrowECS_CZ
 

Recommandé

F5 Meetup presentation automation 2017
F5 Meetup presentation automation 2017F5 Meetup presentation automation 2017
F5 Meetup presentation automation 2017Guy Brown
 
Latest Trends in Web Application Security
Latest Trends in Web Application SecurityLatest Trends in Web Application Security
Latest Trends in Web Application SecurityCloudflare
 
F5 Web Application Security
F5 Web Application SecurityF5 Web Application Security
F5 Web Application SecurityMarketingArrowECS_CZ
 
Migrating from Akamai to Incapsula: What You Need to Know
Migrating from Akamai to Incapsula: What You Need to KnowMigrating from Akamai to Incapsula: What You Need to Know
Migrating from Akamai to Incapsula: What You Need to KnowImperva Incapsula
 
Cloudflare Load Balancing for Monitoring Origin Server Health and Automatic F...
Cloudflare Load Balancing for Monitoring Origin Server Health and Automatic F...Cloudflare Load Balancing for Monitoring Origin Server Health and Automatic F...
Cloudflare Load Balancing for Monitoring Origin Server Health and Automatic F...Cloudflare
 
An Inside Look at a Sophisticated Multi-Vector DDoS Attack
An Inside Look at a Sophisticated Multi-Vector DDoS AttackAn Inside Look at a Sophisticated Multi-Vector DDoS Attack
An Inside Look at a Sophisticated Multi-Vector DDoS AttackImperva Incapsula
 
New Products Overview: Use Cases and Demos
New Products Overview: Use Cases and DemosNew Products Overview: Use Cases and Demos
New Products Overview: Use Cases and DemosCaitlin Magat
 
Azure F5 Solutions
Azure F5 SolutionsAzure F5 Solutions
Azure F5 SolutionsMarketingArrowECS_CZ
 
CENTRAL MANAGEMENT OF NETWORK AND CALL SERVICES
CENTRAL MANAGEMENT OF NETWORK AND CALL SERVICESCENTRAL MANAGEMENT OF NETWORK AND CALL SERVICES
CENTRAL MANAGEMENT OF NETWORK AND CALL SERVICESNazmul Hossain Rakib
 
Cloud Application Security: Lessons Learned
Cloud Application Security: Lessons LearnedCloud Application Security: Lessons Learned
Cloud Application Security: Lessons LearnedJason Chan
 
Securing your telco cloud
Securing your telco cloud Securing your telco cloud
Securing your telco cloud OPNFV
 
F5 TMOS v13.0
F5 TMOS v13.0F5 TMOS v13.0
F5 TMOS v13.0MarketingArrowECS_CZ
 
Reston Virtualization Group 9-18-2014
Reston Virtualization Group 9-18-2014 Reston Virtualization Group 9-18-2014
Reston Virtualization Group 9-18-2014 VMwareJenn
 
Self service it with v realizeautomation and nsx
Self service it with v realizeautomation and nsxSelf service it with v realizeautomation and nsx
Self service it with v realizeautomation and nsxsolarisyougood
 
The Top 10 Most Common Weaknesses in Serverless Applications 2018
The Top 10 Most Common Weaknesses in Serverless Applications 2018The Top 10 Most Common Weaknesses in Serverless Applications 2018
The Top 10 Most Common Weaknesses in Serverless Applications 2018PureSec
 
Protecting Your IP with Perforce Helix and Interset
Protecting Your IP with Perforce Helix and IntersetProtecting Your IP with Perforce Helix and Interset
Protecting Your IP with Perforce Helix and IntersetPerforce
 
Sullivan heartbleed-defcon22 2014
Sullivan heartbleed-defcon22 2014Sullivan heartbleed-defcon22 2014
Sullivan heartbleed-defcon22 2014Cloudflare
 
WebGoat.SDWAN.Net in Depth: SD-WAN Security Assessment
WebGoat.SDWAN.Net in Depth: SD-WAN Security Assessment WebGoat.SDWAN.Net in Depth: SD-WAN Security Assessment
WebGoat.SDWAN.Net in Depth: SD-WAN Security Assessment Sergey Gordeychik
 
UCS Management APIs A Technical Deep Dive
UCS Management APIs A Technical Deep DiveUCS Management APIs A Technical Deep Dive
UCS Management APIs A Technical Deep DiveCisco DevNet
 
VMworld 2013: Technical Deep Dive: Build a Collapsed DMZ Architecture for Opt...
VMworld 2013: Technical Deep Dive: Build a Collapsed DMZ Architecture for Opt...VMworld 2013: Technical Deep Dive: Build a Collapsed DMZ Architecture for Opt...
VMworld 2013: Technical Deep Dive: Build a Collapsed DMZ Architecture for Opt...VMworld
 
Cloud Security at Netflix
Cloud Security at NetflixCloud Security at Netflix
Cloud Security at NetflixJason Chan
 
Introduction to Zabbix - Company, Product, Services and Use Cases
Introduction to Zabbix - Company, Product, Services and Use CasesIntroduction to Zabbix - Company, Product, Services and Use Cases
Introduction to Zabbix - Company, Product, Services and Use CasesZabbix
 
Achieve Full API Lifecycle Management Using NGINX Controller – EMEA
Achieve Full API Lifecycle Management Using NGINX Controller – EMEAAchieve Full API Lifecycle Management Using NGINX Controller – EMEA
Achieve Full API Lifecycle Management Using NGINX Controller – EMEANGINX, Inc.
 
Extracting Credentials From Windows
Extracting Credentials From WindowsExtracting Credentials From Windows
Extracting Credentials From WindowsNetSPI
 
Perforce on Tour 2015 - Securing the Helix Platform at Citrix
Perforce on Tour 2015 - Securing the Helix Platform at CitrixPerforce on Tour 2015 - Securing the Helix Platform at Citrix
Perforce on Tour 2015 - Securing the Helix Platform at CitrixPerforce
 
Nsx security deep dive
Nsx security deep diveNsx security deep dive
Nsx security deep divesolarisyougood
 
ModSecurity and NGINX: Tuning the OWASP Core Rule Set (Updated)
ModSecurity and NGINX: Tuning the OWASP Core Rule Set (Updated)ModSecurity and NGINX: Tuning the OWASP Core Rule Set (Updated)
ModSecurity and NGINX: Tuning the OWASP Core Rule Set (Updated)NGINX, Inc.
 
Going outside the application
Going outside the applicationGoing outside the application
Going outside the applicationMatthew Saltzman
 
Yes, you can be pci compliant using a public iaas cloud a case study by phi...
Yes, you can be pci compliant using a public iaas cloud a case study by phi...Yes, you can be pci compliant using a public iaas cloud a case study by phi...
Yes, you can be pci compliant using a public iaas cloud a case study by phi...Khazret Sapenov
 
Checkpoint Firewall for Dummies
Checkpoint Firewall for Dummies Checkpoint Firewall for Dummies
Checkpoint Firewall for Dummies sushmil123
 

Contenu connexe

Tendances

CENTRAL MANAGEMENT OF NETWORK AND CALL SERVICES
CENTRAL MANAGEMENT OF NETWORK AND CALL SERVICESCENTRAL MANAGEMENT OF NETWORK AND CALL SERVICES
CENTRAL MANAGEMENT OF NETWORK AND CALL SERVICESNazmul Hossain Rakib
 
Cloud Application Security: Lessons Learned
Cloud Application Security: Lessons LearnedCloud Application Security: Lessons Learned
Cloud Application Security: Lessons LearnedJason Chan
 
Securing your telco cloud
Securing your telco cloud Securing your telco cloud
Securing your telco cloud OPNFV
 
Reston Virtualization Group 9-18-2014
Reston Virtualization Group 9-18-2014 Reston Virtualization Group 9-18-2014
Reston Virtualization Group 9-18-2014 VMwareJenn
 
Self service it with v realizeautomation and nsx
Self service it with v realizeautomation and nsxSelf service it with v realizeautomation and nsx
Self service it with v realizeautomation and nsxsolarisyougood
 
The Top 10 Most Common Weaknesses in Serverless Applications 2018
The Top 10 Most Common Weaknesses in Serverless Applications 2018The Top 10 Most Common Weaknesses in Serverless Applications 2018
The Top 10 Most Common Weaknesses in Serverless Applications 2018PureSec
 
Protecting Your IP with Perforce Helix and Interset
Protecting Your IP with Perforce Helix and IntersetProtecting Your IP with Perforce Helix and Interset
Protecting Your IP with Perforce Helix and IntersetPerforce
 
Sullivan heartbleed-defcon22 2014
Sullivan heartbleed-defcon22 2014Sullivan heartbleed-defcon22 2014
Sullivan heartbleed-defcon22 2014Cloudflare
 
WebGoat.SDWAN.Net in Depth: SD-WAN Security Assessment
WebGoat.SDWAN.Net in Depth: SD-WAN Security Assessment WebGoat.SDWAN.Net in Depth: SD-WAN Security Assessment
WebGoat.SDWAN.Net in Depth: SD-WAN Security Assessment Sergey Gordeychik
 
UCS Management APIs A Technical Deep Dive
UCS Management APIs A Technical Deep DiveUCS Management APIs A Technical Deep Dive
UCS Management APIs A Technical Deep DiveCisco DevNet
 
VMworld 2013: Technical Deep Dive: Build a Collapsed DMZ Architecture for Opt...
VMworld 2013: Technical Deep Dive: Build a Collapsed DMZ Architecture for Opt...VMworld 2013: Technical Deep Dive: Build a Collapsed DMZ Architecture for Opt...
VMworld 2013: Technical Deep Dive: Build a Collapsed DMZ Architecture for Opt...VMworld
 
Cloud Security at Netflix
Cloud Security at NetflixCloud Security at Netflix
Cloud Security at NetflixJason Chan
 
Introduction to Zabbix - Company, Product, Services and Use Cases
Introduction to Zabbix - Company, Product, Services and Use CasesIntroduction to Zabbix - Company, Product, Services and Use Cases
Introduction to Zabbix - Company, Product, Services and Use CasesZabbix
 
Achieve Full API Lifecycle Management Using NGINX Controller – EMEA
Achieve Full API Lifecycle Management Using NGINX Controller – EMEAAchieve Full API Lifecycle Management Using NGINX Controller – EMEA
Achieve Full API Lifecycle Management Using NGINX Controller – EMEANGINX, Inc.
 
Extracting Credentials From Windows
Extracting Credentials From WindowsExtracting Credentials From Windows
Extracting Credentials From WindowsNetSPI
 
Perforce on Tour 2015 - Securing the Helix Platform at Citrix
Perforce on Tour 2015 - Securing the Helix Platform at CitrixPerforce on Tour 2015 - Securing the Helix Platform at Citrix
Perforce on Tour 2015 - Securing the Helix Platform at CitrixPerforce
 
Nsx security deep dive
Nsx security deep diveNsx security deep dive
Nsx security deep divesolarisyougood
 
ModSecurity and NGINX: Tuning the OWASP Core Rule Set (Updated)
ModSecurity and NGINX: Tuning the OWASP Core Rule Set (Updated)ModSecurity and NGINX: Tuning the OWASP Core Rule Set (Updated)
ModSecurity and NGINX: Tuning the OWASP Core Rule Set (Updated)NGINX, Inc.
 
Going outside the application
Going outside the applicationGoing outside the application
Going outside the applicationMatthew Saltzman
 

Tendances (20)

CENTRAL MANAGEMENT OF NETWORK AND CALL SERVICES
CENTRAL MANAGEMENT OF NETWORK AND CALL SERVICESCENTRAL MANAGEMENT OF NETWORK AND CALL SERVICES
CENTRAL MANAGEMENT OF NETWORK AND CALL SERVICES
 
Cloud Application Security: Lessons Learned
Cloud Application Security: Lessons LearnedCloud Application Security: Lessons Learned
Cloud Application Security: Lessons Learned
 
Securing your telco cloud
Securing your telco cloud Securing your telco cloud
Securing your telco cloud
 
F5 TMOS v13.0
F5 TMOS v13.0F5 TMOS v13.0
F5 TMOS v13.0
 
Reston Virtualization Group 9-18-2014
Reston Virtualization Group 9-18-2014 Reston Virtualization Group 9-18-2014
Reston Virtualization Group 9-18-2014
 
Self service it with v realizeautomation and nsx
Self service it with v realizeautomation and nsxSelf service it with v realizeautomation and nsx
Self service it with v realizeautomation and nsx
 
The Top 10 Most Common Weaknesses in Serverless Applications 2018
The Top 10 Most Common Weaknesses in Serverless Applications 2018The Top 10 Most Common Weaknesses in Serverless Applications 2018
The Top 10 Most Common Weaknesses in Serverless Applications 2018
 
Protecting Your IP with Perforce Helix and Interset
Protecting Your IP with Perforce Helix and IntersetProtecting Your IP with Perforce Helix and Interset
Protecting Your IP with Perforce Helix and Interset
 
Sullivan heartbleed-defcon22 2014
Sullivan heartbleed-defcon22 2014Sullivan heartbleed-defcon22 2014
Sullivan heartbleed-defcon22 2014
 
WebGoat.SDWAN.Net in Depth: SD-WAN Security Assessment
WebGoat.SDWAN.Net in Depth: SD-WAN Security Assessment WebGoat.SDWAN.Net in Depth: SD-WAN Security Assessment
WebGoat.SDWAN.Net in Depth: SD-WAN Security Assessment
 
UCS Management APIs A Technical Deep Dive
UCS Management APIs A Technical Deep DiveUCS Management APIs A Technical Deep Dive
UCS Management APIs A Technical Deep Dive
 
VMworld 2013: Technical Deep Dive: Build a Collapsed DMZ Architecture for Opt...
VMworld 2013: Technical Deep Dive: Build a Collapsed DMZ Architecture for Opt...VMworld 2013: Technical Deep Dive: Build a Collapsed DMZ Architecture for Opt...
VMworld 2013: Technical Deep Dive: Build a Collapsed DMZ Architecture for Opt...
 
Cloud Security at Netflix
Cloud Security at NetflixCloud Security at Netflix
Cloud Security at Netflix
 
Introduction to Zabbix - Company, Product, Services and Use Cases
Introduction to Zabbix - Company, Product, Services and Use CasesIntroduction to Zabbix - Company, Product, Services and Use Cases
Introduction to Zabbix - Company, Product, Services and Use Cases
 
Achieve Full API Lifecycle Management Using NGINX Controller – EMEA
Achieve Full API Lifecycle Management Using NGINX Controller – EMEAAchieve Full API Lifecycle Management Using NGINX Controller – EMEA
Achieve Full API Lifecycle Management Using NGINX Controller – EMEA
 
Extracting Credentials From Windows
Extracting Credentials From WindowsExtracting Credentials From Windows
Extracting Credentials From Windows
 
Perforce on Tour 2015 - Securing the Helix Platform at Citrix
Perforce on Tour 2015 - Securing the Helix Platform at CitrixPerforce on Tour 2015 - Securing the Helix Platform at Citrix
Perforce on Tour 2015 - Securing the Helix Platform at Citrix
 
Nsx security deep dive
Nsx security deep diveNsx security deep dive
Nsx security deep dive
 
ModSecurity and NGINX: Tuning the OWASP Core Rule Set (Updated)
ModSecurity and NGINX: Tuning the OWASP Core Rule Set (Updated)ModSecurity and NGINX: Tuning the OWASP Core Rule Set (Updated)
ModSecurity and NGINX: Tuning the OWASP Core Rule Set (Updated)
 
Going outside the application
Going outside the applicationGoing outside the application
Going outside the application
 

Similaire à CloudPassage Halo Installfest Title Optimization

Yes, you can be pci compliant using a public iaas cloud a case study by phi...
Yes, you can be pci compliant using a public iaas cloud a case study by phi...Yes, you can be pci compliant using a public iaas cloud a case study by phi...
Yes, you can be pci compliant using a public iaas cloud a case study by phi...Khazret Sapenov
 
Checkpoint Firewall for Dummies
Checkpoint Firewall for Dummies Checkpoint Firewall for Dummies
Checkpoint Firewall for Dummies sushmil123
 
Security and Compliance for Enterprise Cloud Infrastructure
Security and Compliance for Enterprise Cloud InfrastructureSecurity and Compliance for Enterprise Cloud Infrastructure
Security and Compliance for Enterprise Cloud InfrastructureCloudPassage
 
Security in the cloud Workshop HSTC 2014
Security in the cloud Workshop HSTC 2014Security in the cloud Workshop HSTC 2014
Security in the cloud Workshop HSTC 2014Akash Mahajan
 
RightScale Webinar: Security and Compliance in the Cloud
RightScale Webinar: Security and Compliance in the CloudRightScale Webinar: Security and Compliance in the Cloud
RightScale Webinar: Security and Compliance in the CloudRightScale
 
Cloud for agile_sw_projects-final
Cloud for agile_sw_projects-finalCloud for agile_sw_projects-final
Cloud for agile_sw_projects-finalAlain Delafosse
 
VMworld 2013: Three Advantages of Running Cloud Foundry in a VMware Private C...
VMworld 2013: Three Advantages of Running Cloud Foundry in a VMware Private C...VMworld 2013: Three Advantages of Running Cloud Foundry in a VMware Private C...
VMworld 2013: Three Advantages of Running Cloud Foundry in a VMware Private C...VMworld
 
Moving Windows Applications to the Cloud
Moving Windows Applications to the CloudMoving Windows Applications to the Cloud
Moving Windows Applications to the CloudRightScale
 
Cloud Hosting for Government Agencies: Drupal Platform as a Service
Cloud Hosting for Government Agencies: Drupal Platform as a ServiceCloud Hosting for Government Agencies: Drupal Platform as a Service
Cloud Hosting for Government Agencies: Drupal Platform as a ServiceAcquia
 
Challenges Scaling DevOps
Challenges Scaling DevOpsChallenges Scaling DevOps
Challenges Scaling DevOpsRachel Maxwell
 
Oracle IaaS including OCM and Ravello
Oracle IaaS including OCM and RavelloOracle IaaS including OCM and Ravello
Oracle IaaS including OCM and RavelloAndrey Akulov
 
Integrating OpenStack To Existing Infrastructure
Integrating OpenStack To Existing InfrastructureIntegrating OpenStack To Existing Infrastructure
Integrating OpenStack To Existing InfrastructureHui Cheng
 
Migrating IBM i Systems to the Cloud: Exploring the Pros and Cons
Migrating IBM i Systems to the Cloud: Exploring the Pros and ConsMigrating IBM i Systems to the Cloud: Exploring the Pros and Cons
Migrating IBM i Systems to the Cloud: Exploring the Pros and ConsPrecisely
 
Securing Servers in Public and Hybrid Clouds
Securing Servers in Public and Hybrid CloudsSecuring Servers in Public and Hybrid Clouds
Securing Servers in Public and Hybrid CloudsRightScale
 
RapidScale CloudServer
RapidScale CloudServerRapidScale CloudServer
RapidScale CloudServerRapidScale
 
Flintstones or Jetsons? Jump Start Your Virtual Test Lab
Flintstones or Jetsons? Jump Start Your Virtual Test LabFlintstones or Jetsons? Jump Start Your Virtual Test Lab
Flintstones or Jetsons? Jump Start Your Virtual Test LabTechWell
 
The Future of SDN in CloudStack by Chiradeep Vittal
The Future of SDN in CloudStack by Chiradeep VittalThe Future of SDN in CloudStack by Chiradeep Vittal
The Future of SDN in CloudStack by Chiradeep Vittalbuildacloud
 

Similaire à CloudPassage Halo Installfest Title Optimization (20)

Yes, you can be pci compliant using a public iaas cloud a case study by phi...
Yes, you can be pci compliant using a public iaas cloud a case study by phi...Yes, you can be pci compliant using a public iaas cloud a case study by phi...
Yes, you can be pci compliant using a public iaas cloud a case study by phi...
 
Checkpoint Firewall for Dummies
Checkpoint Firewall for Dummies Checkpoint Firewall for Dummies
Checkpoint Firewall for Dummies
 
Security and Compliance for Enterprise Cloud Infrastructure
Security and Compliance for Enterprise Cloud InfrastructureSecurity and Compliance for Enterprise Cloud Infrastructure
Security and Compliance for Enterprise Cloud Infrastructure
 
Security in the cloud Workshop HSTC 2014
Security in the cloud Workshop HSTC 2014Security in the cloud Workshop HSTC 2014
Security in the cloud Workshop HSTC 2014
 
RightScale Webinar: Security and Compliance in the Cloud
RightScale Webinar: Security and Compliance in the CloudRightScale Webinar: Security and Compliance in the Cloud
RightScale Webinar: Security and Compliance in the Cloud
 
Cloud for agile_sw_projects-final
Cloud for agile_sw_projects-finalCloud for agile_sw_projects-final
Cloud for agile_sw_projects-final
 
VMworld 2013: Three Advantages of Running Cloud Foundry in a VMware Private C...
VMworld 2013: Three Advantages of Running Cloud Foundry in a VMware Private C...VMworld 2013: Three Advantages of Running Cloud Foundry in a VMware Private C...
VMworld 2013: Three Advantages of Running Cloud Foundry in a VMware Private C...
 
12-Factor Apps
12-Factor Apps12-Factor Apps
12-Factor Apps
 
Moving Windows Applications to the Cloud
Moving Windows Applications to the CloudMoving Windows Applications to the Cloud
Moving Windows Applications to the Cloud
 
Cloud Hosting for Government Agencies: Drupal Platform as a Service
Cloud Hosting for Government Agencies: Drupal Platform as a ServiceCloud Hosting for Government Agencies: Drupal Platform as a Service
Cloud Hosting for Government Agencies: Drupal Platform as a Service
 
Challenges Scaling DevOps
Challenges Scaling DevOpsChallenges Scaling DevOps
Challenges Scaling DevOps
 
Oracle IaaS including OCM and Ravello
Oracle IaaS including OCM and RavelloOracle IaaS including OCM and Ravello
Oracle IaaS including OCM and Ravello
 
Integrating OpenStack To Existing Infrastructure
Integrating OpenStack To Existing InfrastructureIntegrating OpenStack To Existing Infrastructure
Integrating OpenStack To Existing Infrastructure
 
Migrating IBM i Systems to the Cloud: Exploring the Pros and Cons
Migrating IBM i Systems to the Cloud: Exploring the Pros and ConsMigrating IBM i Systems to the Cloud: Exploring the Pros and Cons
Migrating IBM i Systems to the Cloud: Exploring the Pros and Cons
 
Securing Servers in Public and Hybrid Clouds
Securing Servers in Public and Hybrid CloudsSecuring Servers in Public and Hybrid Clouds
Securing Servers in Public and Hybrid Clouds
 
RapidScale CloudServer
RapidScale CloudServerRapidScale CloudServer
RapidScale CloudServer
 
10052016115136.pptx
10052016115136.pptx10052016115136.pptx
10052016115136.pptx
 
Process for joining to the FIWARE Lab
Process for joining to the FIWARE LabProcess for joining to the FIWARE Lab
Process for joining to the FIWARE Lab
 
Flintstones or Jetsons? Jump Start Your Virtual Test Lab
Flintstones or Jetsons? Jump Start Your Virtual Test LabFlintstones or Jetsons? Jump Start Your Virtual Test Lab
Flintstones or Jetsons? Jump Start Your Virtual Test Lab
 
The Future of SDN in CloudStack by Chiradeep Vittal
The Future of SDN in CloudStack by Chiradeep VittalThe Future of SDN in CloudStack by Chiradeep Vittal
The Future of SDN in CloudStack by Chiradeep Vittal
 

Plus de CloudPassage

Best Practices for Workload Security: Securing Servers in Modern Data Center ...
Best Practices for Workload Security: Securing Servers in Modern Data Center ...Best Practices for Workload Security: Securing Servers in Modern Data Center ...
Best Practices for Workload Security: Securing Servers in Modern Data Center ...CloudPassage
 
CloudPassage Careers
CloudPassage CareersCloudPassage Careers
CloudPassage CareersCloudPassage
 
Transforming the CSO Role to Business Enabler
Transforming the CSO Role to Business EnablerTransforming the CSO Role to Business Enabler
Transforming the CSO Role to Business EnablerCloudPassage
 
Rethinking Security: The Cloud Infrastructure Effect
Rethinking Security: The Cloud Infrastructure EffectRethinking Security: The Cloud Infrastructure Effect
Rethinking Security: The Cloud Infrastructure EffectCloudPassage
 
Webinar compiled powerpoint
Webinar compiled powerpointWebinar compiled powerpoint
Webinar compiled powerpointCloudPassage
 
SecDevOps: The New Black of IT
SecDevOps: The New Black of ITSecDevOps: The New Black of IT
SecDevOps: The New Black of ITCloudPassage
 
Technologies You Need to Safely Use the Cloud
Technologies You Need to Safely Use the CloudTechnologies You Need to Safely Use the Cloud
Technologies You Need to Safely Use the CloudCloudPassage
 
Cloud Security: Make Your CISO Successful
Cloud Security: Make Your CISO SuccessfulCloud Security: Make Your CISO Successful
Cloud Security: Make Your CISO SuccessfulCloudPassage
 
Secure Cloud Development Resources with DevOps
Secure Cloud Development Resources with DevOpsSecure Cloud Development Resources with DevOps
Secure Cloud Development Resources with DevOpsCloudPassage
 
45 Minutes to PCI Compliance in the Cloud
45 Minutes to PCI Compliance in the Cloud45 Minutes to PCI Compliance in the Cloud
45 Minutes to PCI Compliance in the CloudCloudPassage
 
Comprehensive Cloud Security Requires an Automated Approach
Comprehensive Cloud Security Requires an Automated ApproachComprehensive Cloud Security Requires an Automated Approach
Comprehensive Cloud Security Requires an Automated ApproachCloudPassage
 
Security that works with, not against, your SaaS business
Security that works with, not against, your SaaS businessSecurity that works with, not against, your SaaS business
Security that works with, not against, your SaaS businessCloudPassage
 
Integrating Security into DevOps
Integrating Security into DevOpsIntegrating Security into DevOps
Integrating Security into DevOpsCloudPassage
 
What You Need To Know About The New PCI Cloud Guidelines
What You Need To Know About The New PCI Cloud GuidelinesWhat You Need To Know About The New PCI Cloud Guidelines
What You Need To Know About The New PCI Cloud GuidelinesCloudPassage
 
What You Haven't Heard (Yet) About Cloud Security
What You Haven't Heard (Yet) About Cloud SecurityWhat You Haven't Heard (Yet) About Cloud Security
What You Haven't Heard (Yet) About Cloud SecurityCloudPassage
 
Meeting PCI DSS Requirements with AWS and CloudPassage
Meeting PCI DSS Requirements with AWS and CloudPassageMeeting PCI DSS Requirements with AWS and CloudPassage
Meeting PCI DSS Requirements with AWS and CloudPassageCloudPassage
 
Delivering Secure OpenStack IaaS for SaaS Products
Delivering Secure OpenStack IaaS for SaaS ProductsDelivering Secure OpenStack IaaS for SaaS Products
Delivering Secure OpenStack IaaS for SaaS ProductsCloudPassage
 
CloudPassage Overview
CloudPassage OverviewCloudPassage Overview
CloudPassage OverviewCloudPassage
 
Automating Security for the Cloud - Make it Easy, Make it Safe
Automating Security for the Cloud - Make it Easy, Make it SafeAutomating Security for the Cloud - Make it Easy, Make it Safe
Automating Security for the Cloud - Make it Easy, Make it SafeCloudPassage
 

Plus de CloudPassage (20)

Best Practices for Workload Security: Securing Servers in Modern Data Center ...
Best Practices for Workload Security: Securing Servers in Modern Data Center ...Best Practices for Workload Security: Securing Servers in Modern Data Center ...
Best Practices for Workload Security: Securing Servers in Modern Data Center ...
 
CloudPassage Careers
CloudPassage CareersCloudPassage Careers
CloudPassage Careers
 
Transforming the CSO Role to Business Enabler
Transforming the CSO Role to Business EnablerTransforming the CSO Role to Business Enabler
Transforming the CSO Role to Business Enabler
 
Rethinking Security: The Cloud Infrastructure Effect
Rethinking Security: The Cloud Infrastructure EffectRethinking Security: The Cloud Infrastructure Effect
Rethinking Security: The Cloud Infrastructure Effect
 
Webinar compiled powerpoint
Webinar compiled powerpointWebinar compiled powerpoint
Webinar compiled powerpoint
 
SecDevOps: The New Black of IT
SecDevOps: The New Black of ITSecDevOps: The New Black of IT
SecDevOps: The New Black of IT
 
Technologies You Need to Safely Use the Cloud
Technologies You Need to Safely Use the CloudTechnologies You Need to Safely Use the Cloud
Technologies You Need to Safely Use the Cloud
 
Cloud Security: Make Your CISO Successful
Cloud Security: Make Your CISO SuccessfulCloud Security: Make Your CISO Successful
Cloud Security: Make Your CISO Successful
 
Secure Cloud Development Resources with DevOps
Secure Cloud Development Resources with DevOpsSecure Cloud Development Resources with DevOps
Secure Cloud Development Resources with DevOps
 
45 Minutes to PCI Compliance in the Cloud
45 Minutes to PCI Compliance in the Cloud45 Minutes to PCI Compliance in the Cloud
45 Minutes to PCI Compliance in the Cloud
 
Comprehensive Cloud Security Requires an Automated Approach
Comprehensive Cloud Security Requires an Automated ApproachComprehensive Cloud Security Requires an Automated Approach
Comprehensive Cloud Security Requires an Automated Approach
 
Security that works with, not against, your SaaS business
Security that works with, not against, your SaaS businessSecurity that works with, not against, your SaaS business
Security that works with, not against, your SaaS business
 
Integrating Security into DevOps
Integrating Security into DevOpsIntegrating Security into DevOps
Integrating Security into DevOps
 
What You Need To Know About The New PCI Cloud Guidelines
What You Need To Know About The New PCI Cloud GuidelinesWhat You Need To Know About The New PCI Cloud Guidelines
What You Need To Know About The New PCI Cloud Guidelines
 
What You Haven't Heard (Yet) About Cloud Security
What You Haven't Heard (Yet) About Cloud SecurityWhat You Haven't Heard (Yet) About Cloud Security
What You Haven't Heard (Yet) About Cloud Security
 
Meeting PCI DSS Requirements with AWS and CloudPassage
Meeting PCI DSS Requirements with AWS and CloudPassageMeeting PCI DSS Requirements with AWS and CloudPassage
Meeting PCI DSS Requirements with AWS and CloudPassage
 
Delivering Secure OpenStack IaaS for SaaS Products
Delivering Secure OpenStack IaaS for SaaS ProductsDelivering Secure OpenStack IaaS for SaaS Products
Delivering Secure OpenStack IaaS for SaaS Products
 
CloudPassage Overview
CloudPassage OverviewCloudPassage Overview
CloudPassage Overview
 
PCI and the Cloud
PCI and the CloudPCI and the Cloud
PCI and the Cloud
 
Automating Security for the Cloud - Make it Easy, Make it Safe
Automating Security for the Cloud - Make it Easy, Make it SafeAutomating Security for the Cloud - Make it Easy, Make it Safe
Automating Security for the Cloud - Make it Easy, Make it Safe
 

Dernier

Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 

Dernier (20)

Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 

CloudPassage Halo Installfest Title Optimization

  • 1. CloudPassage Halo Installfest 1
  • 2. Quick Intro • Thanks for coming out! • Enjoy the free food ☺ • Focus on security issues with IaaS cloud • Interweave that with installing Halo • We’re here to help! – Ask questions – Staff will be handy if you need us – Any and all feedback greatly appreciated CloudPassage Halo Installfest 2
  • 3. Where Can I Get These Slides? community.cloudpassage.com CloudPassage Halo Installfest 3
  • 4. Tonight’s Focus • Infrastructure as a Service (IaaS) – Can apply to PaaS and SaaS from a provider’s perspective • Mostly geared to public cloud – Although applicable to private • Tenant security concerns – We’ll skip physical security CloudPassage Halo Installfest 4
  • 5. What You Need For The Labs • Laptop or tablet • Root equiv access to a Linux VM – Local or public is fine – Spin up now if needed • Internet access – Wifi settings: As Posted CloudPassage Halo Installfest 5
  • 6. Houston… We Have a Problem All network security benefits Lost in migration: • Firewall – Filter port level access • Firewall – Control rootkit transfer • Proxy – Control app level data • NIDS – Inspect stream for attacks • Sniffer – Audit trail of network traffic CloudPassage Halo Installfest 6
  • 7. Delineation of Responsibility IaaS PaaS SaaS Interface Interface Interface Application Application Application Solution Stack Solution Stack Solution Stack Tenant Operating System Operating System Operating System Hypervisor Hypervisor Hypervisor Provider Compute & Storage Compute & Storage Compute & Storage Network Network Network Facility Facility Facility CloudPassage Halo Installfest 7
  • 8. What Are My Options? CloudPassage Halo Installfest 8
  • 9. Issues to Address • No firewall control • Vulnerability management • Provider image may not meet corporate standards – Configuration settings – Accounts • Detect intrusions CloudPassage Halo Installfest 9
  • 10. Extending The LAN Into The Cloud CloudPassage Halo Installfest 10
  • 11. LAN Extended Challenges • Increases load on corporate link – Today we’re mobile – Limits public cloud scaling • Increase load on perimeter infrastructure • Negates network benefits – Provider load balancing – Multi-peer points – Geo-location DNS – Higher latency • No protection within virtual infrastructure CloudPassage Halo Installfest 11
  • 12. Virtual Appliance Management CloudPassage Halo Installfest 12
  • 13. Virtual Appliance Architecture CloudPassage Halo Installfest 13
  • 14. What About Introspection? • Hypervisor based security – Has visibility into all VMs • Single point of control – For a specific hypervisor deployment • Public - Do you want other tenants to have access to your hypervisor? • Do you want your provider to have non- auditable access to your VMs? • Can break segregation of duties CloudPassage Halo Installfest 14
  • 15. Host-Based Architecture Consistent architecture (and risk abatement) regardless of deployment CloudPassage Halo Installfest 15
  • 16. Why Host Based Firewalls? • Tenant controlled – Provider gains no additional access • Mitigate potential risks from vswitch or VLANs • Supported across all cloud infrastructures – Consistent management regardless of deployment • Security Is portable with the VM • This is the model supported by Halo CloudPassage Halo Installfest 16
  • 17. Why restrict Admin Ports? Dshield.org data Green = # of IPs looking for open SSH ports Red = # of IPs hit by SSH scan CloudPassage Halo Installfest 17
  • 18. Halo Firewall Interface Cloak the port till these users authenticate CloudPassage Halo Installfest 18
  • 19. Issues to Address • No firewall control • Vulnerability management • Provider image may not meet corporate standards – Configuration settings – Accounts • Detect intrusions CloudPassage Halo Installfest 19
  • 20. Image Deployment • Provider images usually not patched • Some 3rd party images are pre-patched – To the time of the image's release – Which 3rd parties can you trust? • Auto-patching usually disabled • Some known vulnerabilities may not yet be patched – But it may be possible to mitigate risk is known CloudPassage Halo Installfest 20
  • 21. Vulnerability Wire Testing • Some providers have restrictions – May be limited by terms of service – May be limited to specific products • Targeting concerns – What if your IP’s are not continuous? – What if the IP changes? • Does not detect local exploits CloudPassage Halo Installfest 21
  • 22. Host Based Vulnerability Checking • Validate compliances within the VM itself • Can check remote and local vulnerabilities • Typically lower cost to deploy – Less billable utilization • Can false negative if patch not loaded – Kernel updates • This is the model Halo uses CloudPassage Halo Installfest 22
  • 23. Halo Software Risks CloudPassage Halo Installfest 23
  • 24. Issues to Address • No firewall control • Vulnerability management • Provider image may not meet corporate standards – Configuration settings – Accounts • Detect intrusions CloudPassage Halo Installfest 24
  • 25. Configuration Settings • Are only required processes running? – Are they securely configured? • Is password aging enforced? • Is root permitted direct SSH access? • Proper permissions on critical files? • Is sudo or wheel properly configured? • Any changes since deployment? CloudPassage Halo Installfest 25
  • 26. Creating A Halo Check CloudPassage Halo Installfest 26
  • 27. Halo Check Results CloudPassage Halo Installfest 27
  • 28. System Accounts • What accounts are on the system? • Did the provider modify the default accounts? – ec2-user • Which accounts have root level access? • Who has accounts on which servers? • How do you add/delete accounts for many servers simultaneously? CloudPassage Halo Installfest 28
  • 29. Halo Server Access CloudPassage Halo Installfest 29
  • 30. Expanded Details CloudPassage Halo Installfest 30
  • 31. Issues to Address • No firewall control • Vulnerability management • Provider image may not meet corporate standards – Configuration settings – Accounts • Detect intrusions CloudPassage Halo Installfest 31
  • 32. Clues To An Attack • Some file changes indicate a compromise • Static Web server files • /etc/passwd has new account • /etc/sudoers has new entries • ssh_known_hosts has new entries • authorized_keys has new entries • Halo uses SHA-256 to detect changes CloudPassage Halo Installfest 32
  • 33. Define Files to Check CloudPassage Halo Installfest 33
  • 34. Halo FIM Reporting CloudPassage Halo Installfest 34
  • 37. Lab Time Let’s Install Halo! CloudPassage Halo Installfest 37
  • 38. Start Here to Create an Account CloudPassage Halo Installfest 38