Integration with GuardianKey
Hi all, We are trying to integrate OpenStack (Horizon or Keystone) with GuardianKey. However, we have doubts related to the best way to do this and the best point in the code for this integration. GuardianKey is a solution to protect systems against authentication attacks. It uses Machine Learning and analyses the user's behavior, threat intelligence and psychometrics (or behavioral biometrics). The protected system (in the concrete case, OpenStack admin interface) must send an event via REST for the GuardianKey on each login attempt. More info at https:// guardiankey.io . The best way to integrate would be on having a hook in the procedure that process the user credentials submission in OpenStack (the script that receives the POST), something such as: if(<POST IN AUTH FORM>) { boolean loginFailed = checkLogin(); GuardianKeyEvent event = createEventForGuardianKey(username,loginFailed); boolean GuardianKeyValidation = checkGuardianKeyViaREST(event); if(GuardianKeyValidation){ // Allow access } else { // Deny access } } Where is the best place to create this integration? Horizon or Keystone? Is there a way to create a hook for this purpose? Should we create an extension? Any help is welcome. Thank you in advance. Best regards, Paulo Angelo
Tagging with relevant projects for visibility. On 3/30/19 3:54 PM, Paulo Angelo wrote:
Hi all,
We are trying to integrate OpenStack (Horizon or Keystone) with GuardianKey. However, we have doubts related to the best way to do this and the best point in the code for this integration.
GuardianKey is a solution to protect systems against authentication attacks. It uses Machine Learning and analyses the user's behavior, threat intelligence and psychometrics (or behavioral biometrics). The protected system (in the concrete case, OpenStack admin interface) must send an event via REST for the GuardianKey on each login attempt. More info at https://guardiankey.io <https://guardiankey.io>.
The best way to integrate would be on having a hook in the procedure that process the user credentials submission in OpenStack (the script that receives the POST), something such as:
if(<POST IN AUTH FORM>) {
boolean loginFailed = checkLogin();
GuardianKeyEvent event = createEventForGuardianKey(username,loginFailed);
boolean GuardianKeyValidation = checkGuardianKeyViaREST(event);
if(GuardianKeyValidation){
// Allow access
} else {
// Deny access
}
}
Where is the best place to create this integration? Horizon or Keystone? Is there a way to create a hook for this purpose? Should we create an extension?
Any help is welcome.
Thank you in advance.
Best regards,
Paulo Angelo
On Fri, Apr 5, 2019, at 06:38, Ben Nemec wrote:
Tagging with relevant projects for visibility.
On 3/30/19 3:54 PM, Paulo Angelo wrote:
Hi all,
We are trying to integrate OpenStack (Horizon or Keystone) with GuardianKey. However, we have doubts related to the best way to do this and the best point in the code for this integration.
GuardianKey is a solution to protect systems against authentication attacks. It uses Machine Learning and analyses the user's behavior, threat intelligence and psychometrics (or behavioral biometrics). The protected system (in the concrete case, OpenStack admin interface) must send an event via REST for the GuardianKey on each login attempt. More info at https://guardiankey.io <https://guardiankey.io>.
The best way to integrate would be on having a hook in the procedure that process the user credentials submission in OpenStack (the script that receives the POST), something such as:
if(<POST IN AUTH FORM>) {
boolean loginFailed = checkLogin();
GuardianKeyEvent event = createEventForGuardianKey(username,loginFailed);
boolean GuardianKeyValidation = checkGuardianKeyViaREST(event);
if(GuardianKeyValidation){
// Allow access
} else {
// Deny access
}
}
Where is the best place to create this integration? Horizon or Keystone? Is there a way to create a hook for this purpose? Should we create an extension?
Keystone would be the best place for this. Horizon is only one way a user can log in to OpenStack, so hooking into Horizon would not cover your attack vector. Keystone has a built-in auditing system specifically for this, using CADF notifications to emit events when a user logs in: https://docs.openstack.org/keystone/latest/admin/event_notifications.html All you need to do is create a consumer for those notifications. Colleen
Any help is welcome.
Thank you in advance.
Best regards,
Paulo Angelo
participants (3)
-
Ben Nemec
-
Colleen Murphy
-
Paulo Angelo