OpenStack Cloud Security
Published on July 28, 2015
Authored by Fabio Alessandro Locati
Published by Packt Publishing Limited
OpenStack is a system that controls large pools of computing and networking resources, along with cloud storage, allowing its users to provision resources through a user-friendly interface. OpenStack helps developers with features such as rolling upgrades, federated identity, and software reliability.
You will begin with basic security policies, such as MAC, MLS, and MCS, and explore the structure of OpenStack and virtual networks with Neutron. Next, you will configure secure communications on the OpenStack API with HTTP connections. You will also learn how to set OpenStack Keystone and OpenStack Horizon and gain a deeper understanding of the similarities/differences between OpenStack Cinder and OpenStack Swift.
By the end of this book, you will be able to take full control of your hypervisor to make it safer and a smart choice based on your needs. You can be confident that your cloud storage and wider pool of resources will be secure from today’s many security threats.
Table of Contents
- First things first – creating a safe environment
- OpenStack security challenges
- Securing OpenStack networking
- Securing OpenStack communications and its api
- Securing the OpenStack identification and authentication system and its dashboard
- Securing OpenStack storage
- Securing the hypervisor
What You Will Learn
- Secure your servers, data center, and network to improve your environment for the cloud
- Gain insights into ISP intercept and social engineering
- Explore automated attacks with the help of mass phishing, brute force, and automated exploitation tools
- Secure your OpenStack installation from a networking perspective at both low and high levels
- Get to know how to secure your OpenStack to use only encrypted communications for APIs
- Configure secure communications on the OpenStack API
- Harden OpenStack Keystone and Horizon for a more secure environment
- Protect the Swift replication mechanism through network hardening