Date post: | 22-Nov-2014 |
Category: |
Documents |
Upload: | openstack-foundation |
View: | 1,147 times |
Download: | 5 times |
Bryan D. Payne, Nebula Robert Clark, HP
Building an OpenStack Security Group
10/17/12 2
10/17/12 3
• Alarm system? • Bars on the windows? • Dog? • Security Cameras? • Move?
10/17/12 4
• Alarm system? • Bars on the windows? • Dog? • Security Cameras? • Move?
10/17/12 5
• Alarm system? • Bars on the windows? • Dog? • Security Cameras? • Move?
10/17/12 6
• Alarm system? • Bars on the windows? • Dog? • Security Cameras? • Move?
10/17/12 7
• Alarm system? • Bars on the windows? • Dog? • Security Cameras? • Move?
10/17/12 8
This Is Hard
10/17/12 9
SoSware Must Be Easier, Right?
10/17/12 10
But Who Wants to Hack OpenStack?
10/17/12 11
10/17/12 12
Computer Security: What We Know Be#er Worse
Design for security from the start Retrofit security when it’s important
Understand your threats Just make it secure
Understand your goals Seriously, just add some security
Pervasive security culture That paranoid guy has it under control
10/17/12 13
Current Approach • Vulnerability Management Team
• People star_ng to think about security
10/17/12 14
OpenStack Security Challenges
• Security as an aSerthought • Security as silos • Security by non-‐experts
10/17/12 15
OpenStack Security Group (OSSG)
• Security expert resource for OS • Build security culture within OS community
10/17/12 16
10/17/12 17
OSSG Game Plan
OSSG Details • Place at least one security engineer on each core project
– Code review – Implement blueprints – Design blueprints
• Have at least one person working cross project – Write technical documenta_on – Integra_ng security into con_nuous integra_on – Iden_fy cross project security concerns
• Mailing list to have security discussions
10/17/12 18
Case Study: HTTPS Support
10/17/12 19
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Observations from Summit 2012
Crypt
Enthusiastic Developer + Hash Algorithm + Async Crypt != Secure Design
Common Mistakes
Let us help
OSSG Next Steps • Will require community-‐level involvement • Now “hiring” for OSSG!!
– Security Engineers – Technical Writers – OpenStack Deployment Exper_se
10/17/12 23
hhps://launchpad.net/~openstack-‐ossg
10/17/12 24
Please Join Us!
Bryan D. Payne [email protected]
Robert Clark [email protected]