[openstack-dev] [Policy][Group-based-policy] Policy violations investigation

Ariel Zeitlin ariel.zeitlin at gmail.com
Tue Jan 27 16:19:06 UTC 2015


Hi,
I want to propose an idea of investigation of policy violations (for
white-list policies defined by GBP) by, for instance, redirecting the
violating sessions to a HoneyPot.
Meaning, that if the only communication between Group A and Group B is by
port 80 (as described in the GPB) then an access to port 22 from Group A to
Group B will be redirected to and answered by a HoneyPot that will
investigate the real reason for policy violation, or simply log and drop
the violating connection attempt.

In tightly defined policies world as achieved through GBP an attacker
trying to propagate inside the network is more likely to hit a wall and
then actually create a "golden lead" for his detection.

Do you think this concept can/should to be part of GBP and what would be
the best way to promote it (sorry, I am pretty new to OpenStack and GBP
specifically).

Thanks,
Ariel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20150127/cc5004e1/attachment.html>


More information about the OpenStack-dev mailing list