[Openstack] Customer Portal Security from Hackers

Anne Gentle anne at openstack.org
Mon May 20 21:21:02 UTC 2013


On Mon, May 20, 2013 at 3:22 PM, Matt Joyce <matt.joyce at cloudscaling.com>wrote:

> Chris,
>
> Someone will probably denounce this email as heresy for using this
> analogy, but so be it.
>
> Try to think of OpenStack as you would a motor vehicle's engine.  It has
> many components that all tie together to allow the engine to operate.
> Sometimes it has different configurations such as having a turbo charger or
> a specific custom intake.
>
> But, by itself OpenStack is just that... an engine.  Think of the OS as
> being the frame or chasis of the Car.  Now you have a chasis with an
> engine.  Maybe Horizon is the Dashboard.  Awesome.  Now we have most of
> what we need to move this vehicle from place to place.
>
> However, there's no seat belts, no windows, no a/c, or stereo, no bumpers,
> no breaks, no... etc etc.
>
> OpenStack by itself is just one component of a larger thing, be it an
> SaaS, IaaS, whatever... solution.
>
> You need to add the pieces to your cloud vehicle as you build it, or
> alternatively buy a cloud vehicle from one of the many fine purveyor's of
> OpenStack products.
>
> As far as basic security goes...   I put together a basic introduction to
> security targetting for OpenStack for shmoocon earlier this year.  It's
> very folsom specific and very high level.
>
> That's here:  http://www.youtube.com/watch?v=TkFsBvymiNM
>
> Not sure if that is enough. A long time ago I wrote a security primer for
> OpenStack, probably around the cactus release time frame.  I'll try to
> write something up for grizzly if I have time.  It would probably be
> helpful to have something like that in Docs.
>
>
There's a book sprint for a hardening guide happening next month... at an
undisclosed location because they're secure like that. Matt, you might want
to see if you can free up your schedule to write or review or anything you
like. I'll connect you off-list.

I'd like a cloud vehicle in sky blue please.
Anne


> -Matt
>
>
>
>
> On Mon, May 20, 2013 at 12:54 PM, Chris Bartels <
> chris at christopherbartels.com> wrote:
>
>> Hi,****
>>
>> ** **
>>
>> I’m interested in learning more about how to implement a customer portal
>> for an OpenStack installation, and would like to know specifically about
>> how the customer portal is safe from would-be hackers when exposed in the
>> wild. I don’t know if there are any additional measures I would have to add
>> like perhaps my own login page with its own security to protect the
>> management page, or if it comes with its own login system for example. **
>> **
>>
>> ** **
>>
>> How can I make the security of my VPS service a selling point when I’m
>> using OpenStack for the backend?****
>>
>> ** **
>>
>> Mind you I don’t know anything about OpenStack yet, aside from what I see
>> in videos on the OpenStack Foundation YouTube channel, and I haven’t seen
>> anything addressing this issue as of yet. I don’t even know if OpenStack
>> comes with a customer portal I can deploy or if I have to design one using
>> the API.****
>>
>> ** **
>>
>> I hope to have servers arrive this week which I can use to build
>> prototypes of my production setup, where I can test hardening
>> configurations. But I don’t know where to begin. All I can think of is
>> fail2ban, and I don’t think that would apply in this case.****
>>
>> ** **
>>
>> What can people tell me that would help me get a handle on this issue?***
>> *
>>
>> ** **
>>
>> ** **
>>
>> Thanks in advance.****
>>
>> ** **
>>
>> -Chris****
>>
>> _______________________________________________
>> Mailing list: https://launchpad.net/~openstack
>> Post to     : openstack at lists.launchpad.net
>> Unsubscribe : https://launchpad.net/~openstack
>> More help   : https://help.launchpad.net/ListHelp
>>
>>
>
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to     : openstack at lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20130520/c4d76bd4/attachment.html>


More information about the Openstack mailing list