[Openstack-security] Host and Network Intrusion detection
Dan Lambright
dlambrig at redhat.com
Wed Feb 18 01:11:43 UTC 2015
> Date: Mon, 16 Feb 2015 15:35:19 +0000
> From: "Clark, Robert Graham" <robert.clark at hp.com>
> To: matt <matt at nycresistor.com>, Sriram Subramanian
> <sriram at sriramhere.com>
> Cc: "openstack-security at lists.openstack.org"
> <openstack-security at lists.openstack.org>
> Subject: Re: [Openstack-security] Host and Network Intrusion detection
> Message-ID: <D106AE74.14FE9%robert.clark at hp.com>
> Content-Type: text/plain; charset="Windows-1252"
>
> Unfortunately all the solutions available at the moment are deployment
> specific, there aren?t any nicely documented ?standard? ways of managing
> multi-tenant aware, compute-level IDS with OpenStack today.
>
> There are some options depending on technology choices. For example, in a
> deployment that uses Open vSwitch one could use an additional OVS instance
> on each compute host to act as a bump in the wire network tap between the
> hypervisor and the Neutron OVS instance ? you can pretty much build any IPS
> infrastructure you like on top of that and with a little additional magic
> you can make your IDS system understand the multi tenant nature of the
> traffic being collected.
>
I'm putting together some configurations of Snort + OpenStack (technically akin to what Rob described), and hope to publish something in Vancouver in May in a talk I've proposed. I'll keep this mailing list updated.
Dan
dlambrig at redhat.com
More information about the Openstack-security
mailing list