[openstack-dev] [Neutron][FWaaS]Firewall Web Services Research Thesis and OpenStack Applicability - UPDATED
sumitnaiksatam at gmail.com
Thu Aug 14 01:52:26 UTC 2014
Thanks for keeping us in the loop on the progress at your end. This is
very nice work. I quickly read through the section you referenced in
your email, and it does capture the current state of the work in
On Wed, Aug 13, 2014 at 6:05 PM, Michael Grima <mike.r.grima at gmail.com> wrote:
> Hi Everyone,
> Not sure if you remember, but a few months ago, I made the following
> thread on here titled: "Firewall Web Services Research Thesis
> Applicability to the OpenStack Project"
> To provide a recap, this is a thesis that I am researching, and
> examines the potential advantages of exposing a host's firewall via a
> web service. The purpose of which is to improve the security of IaaS
> environments by now providing the ability for external security
> appliances, such as vulnerability scanners and IDS's, the ability to
> dynamically (and perhaps automatically) respond to incidents and close
> open ports to problematic virtual machines. My thesis examines the
> perspective of the "infrastructure administrator", as opposed to the
> "domain administrator".
> At the time I made the initial post, I was actively writing my thesis,
> and I am happy to report that it is effectively "done".
> You can download the PDF here:
> I have a section that specifically mentions OpenStack (Page 44,
> Section 5.3). Please review that section and let me know if it
> accurately and properly describes the OpenStack effort and
> corresponding projects (FWaaS, and Neutron).
> Of course, if you find any issues, please don't hesitate to point them out.
> Below are screen-videos showcasing my thesis in action:
> 1.) Demo 1: Adding new rules/policies and manipulating traffic
> 2.) Demo 2: Same as Demo 1, but showcasing platform independence by
> applying rules to a Windows Server 2008 R2 VM
> 3.) Sample OpenVAS Scenario where a VM can --only-- operate a HTTP
> server on port 80. Any other server that is detected is a
> violation of policy and would need to be blocked.
> 4.) OpenVAS Heartbleed Demo (as described above):
> 5.) Earlier prototype of my thesis working with XEN instead of KVM:
> I would be happy to answer any questions you may have.
> Thank You
> Mike Grima, RHCE
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
More information about the OpenStack-dev