[Openstack-security] Host and Network Intrusion detection
Clark, Robert Graham
robert.clark at hp.com
Mon Feb 16 15:35:19 UTC 2015
Unfortunately all the solutions available at the moment are deployment specific, there aren’t any nicely documented “standard” ways of managing multi-tenant aware, compute-level IDS with OpenStack today.
There are some options depending on technology choices. For example, in a deployment that uses Open vSwitch one could use an additional OVS instance on each compute host to act as a bump in the wire network tap between the hypervisor and the Neutron OVS instance – you can pretty much build any IPS infrastructure you like on top of that and with a little additional magic you can make your IDS system understand the multi tenant nature of the traffic being collected.
-Rob
From: Matt Joyce <matt at nycresistor.com<mailto:matt at nycresistor.com>>
Date: Saturday, 14 February 2015 23:17
To: Sriram Subramanian <sriram at sriramhere.com<mailto:sriram at sriramhere.com>>
Cc: "openstack-security at lists.openstack.org<mailto:openstack-security at lists.openstack.org>" <openstack-security at lists.openstack.org<mailto:openstack-security at lists.openstack.org>>
Subject: Re: [Openstack-security] Host and Network Intrusion detection
tap as a service will be very useful in this if it ever gets written and merged. =/
On Sat, Feb 14, 2015 at 12:31 PM, Sriram Subramanian <sriram at sriramhere.com<mailto:sriram at sriramhere.com>> wrote:
Tim - did you get any response on this?
On Tue, Jan 6, 2015 at 10:39 AM, Tim Bell <Tim.Bell at cern.ch<mailto:Tim.Bell at cern.ch>> wrote:
I asked on the operators list but someone suggested I ask here.
Does anyone have experience of open source host and network intrusion detection with OpenStack ?
The security guide has mention of a few systems but it is not clear on the operational and performance impact of the different choices. The aim would be to identify anomalous traffic out of the permitted computing policies over 1000s of hypervisors.
Tim
_______________________________________________
Openstack-security mailing list
Openstack-security at lists.openstack.org<mailto:Openstack-security at lists.openstack.org>
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-security
--
Thanks,
-Sriram
425-610-8465<tel:425-610-8465>
www.sriramhere.com<http://www.sriramhere.com> | www.clouddon.com<http://www.clouddon.com>
_______________________________________________
Openstack-security mailing list
Openstack-security at lists.openstack.org<mailto:Openstack-security at lists.openstack.org>
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-security
More information about the Openstack-security
mailing list