Halo Installfest Slides
0 likes•593 views
This document provides an overview of a CloudPassage Halo installfest event. It discusses security issues with infrastructure as a service (IaaS) cloud computing models including lack of firewall control, vulnerability management challenges, and difficulty detecting intrusions. It introduces CloudPassage Halo as a host-based security solution that can address these issues by providing firewall rules, vulnerability scanning, configuration monitoring, and event detection across virtual machines. The installfest will guide participants on installing and using CloudPassage Halo to gain security visibility and control over their cloud infrastructure.
Halo Installfest Slides
- 1. CloudPassage Halo Installfest 1
- 2. Quick Intro • Thanks for coming out! • Enjoy the free food ☺ • Focus on security issues with IaaS cloud • Interweave that with installing Halo • We’re here to help! – Ask questions – Staff will be handy if you need us – Any and all feedback greatly appreciated CloudPassage Halo Installfest 2
- 3. Where Can I Get These Slides? community.cloudpassage.com CloudPassage Halo Installfest 3
- 4. Tonight’s Focus • Infrastructure as a Service (IaaS) – Can apply to PaaS and SaaS from a provider’s perspective • Mostly geared to public cloud – Although applicable to private • Tenant security concerns – We’ll skip physical security CloudPassage Halo Installfest 4
- 5. What You Need For The Labs • Laptop or tablet • Root equiv access to a Linux VM – Local or public is fine – Spin up now if needed • Internet access – Wifi settings: As Posted CloudPassage Halo Installfest 5
- 6. Houston… We Have a Problem All network security benefits Lost in migration: • Firewall – Filter port level access • Firewall – Control rootkit transfer • Proxy – Control app level data • NIDS – Inspect stream for attacks • Sniffer – Audit trail of network traffic CloudPassage Halo Installfest 6
- 7. Delineation of Responsibility IaaS PaaS SaaS Interface Interface Interface Application Application Application Solution Stack Solution Stack Solution Stack Tenant Operating System Operating System Operating System Hypervisor Hypervisor Hypervisor Provider Compute & Storage Compute & Storage Compute & Storage Network Network Network Facility Facility Facility CloudPassage Halo Installfest 7
- 8. What Are My Options? CloudPassage Halo Installfest 8
- 9. Issues to Address • No firewall control • Vulnerability management • Provider image may not meet corporate standards – Configuration settings – Accounts • Detect intrusions CloudPassage Halo Installfest 9
- 10. Extending The LAN Into The Cloud CloudPassage Halo Installfest 10
- 11. LAN Extended Challenges • Increases load on corporate link – Today we’re mobile – Limits public cloud scaling • Increase load on perimeter infrastructure • Negates network benefits – Provider load balancing – Multi-peer points – Geo-location DNS – Higher latency • No protection within virtual infrastructure CloudPassage Halo Installfest 11
- 12. Virtual Appliance Management CloudPassage Halo Installfest 12
- 13. Virtual Appliance Architecture CloudPassage Halo Installfest 13
- 14. What About Introspection? • Hypervisor based security – Has visibility into all VMs • Single point of control – For a specific hypervisor deployment • Public - Do you want other tenants to have access to your hypervisor? • Do you want your provider to have non- auditable access to your VMs? • Can break segregation of duties CloudPassage Halo Installfest 14
- 15. Host-Based Architecture Consistent architecture (and risk abatement) regardless of deployment CloudPassage Halo Installfest 15
- 16. Why Host Based Firewalls? • Tenant controlled – Provider gains no additional access • Mitigate potential risks from vswitch or VLANs • Supported across all cloud infrastructures – Consistent management regardless of deployment • Security Is portable with the VM • This is the model supported by Halo CloudPassage Halo Installfest 16
- 17. Why restrict Admin Ports? Dshield.org data Green = # of IPs looking for open SSH ports Red = # of IPs hit by SSH scan CloudPassage Halo Installfest 17
- 18. Halo Firewall Interface Cloak the port till these users authenticate CloudPassage Halo Installfest 18
- 19. Issues to Address • No firewall control • Vulnerability management • Provider image may not meet corporate standards – Configuration settings – Accounts • Detect intrusions CloudPassage Halo Installfest 19
- 20. Image Deployment • Provider images usually not patched • Some 3rd party images are pre-patched – To the time of the image's release – Which 3rd parties can you trust? • Auto-patching usually disabled • Some known vulnerabilities may not yet be patched – But it may be possible to mitigate risk is known CloudPassage Halo Installfest 20
- 21. Vulnerability Wire Testing • Some providers have restrictions – May be limited by terms of service – May be limited to specific products • Targeting concerns – What if your IP’s are not continuous? – What if the IP changes? • Does not detect local exploits CloudPassage Halo Installfest 21
- 22. Host Based Vulnerability Checking • Validate compliances within the VM itself • Can check remote and local vulnerabilities • Typically lower cost to deploy – Less billable utilization • Can false negative if patch not loaded – Kernel updates • This is the model Halo uses CloudPassage Halo Installfest 22
- 23. Halo Software Risks CloudPassage Halo Installfest 23
- 24. Issues to Address • No firewall control • Vulnerability management • Provider image may not meet corporate standards – Configuration settings – Accounts • Detect intrusions CloudPassage Halo Installfest 24
- 25. Configuration Settings • Are only required processes running? – Are they securely configured? • Is password aging enforced? • Is root permitted direct SSH access? • Proper permissions on critical files? • Is sudo or wheel properly configured? • Any changes since deployment? CloudPassage Halo Installfest 25
- 26. Creating A Halo Check CloudPassage Halo Installfest 26
- 27. Halo Check Results CloudPassage Halo Installfest 27
- 28. System Accounts • What accounts are on the system? • Did the provider modify the default accounts? – ec2-user • Which accounts have root level access? • Who has accounts on which servers? • How do you add/delete accounts for many servers simultaneously? CloudPassage Halo Installfest 28
- 29. Halo Server Access CloudPassage Halo Installfest 29
- 30. Expanded Details CloudPassage Halo Installfest 30
- 31. Issues to Address • No firewall control • Vulnerability management • Provider image may not meet corporate standards – Configuration settings – Accounts • Detect intrusions CloudPassage Halo Installfest 31
- 32. Clues To An Attack • Some file changes indicate a compromise • Static Web server files • /etc/passwd has new account • /etc/sudoers has new entries • ssh_known_hosts has new entries • authorized_keys has new entries • Halo uses SHA-256 to detect changes CloudPassage Halo Installfest 32
- 33. Define Files to Check CloudPassage Halo Installfest 33
- 34. Halo FIM Reporting CloudPassage Halo Installfest 34
- 35. Event Reporting CloudPassage Halo Installfest 35
- 36. Alert Reporting CloudPassage Halo Installfest 36
- 37. Lab Time Let’s Install Halo! CloudPassage Halo Installfest 37
- 38. Start Here to Create an Account CloudPassage Halo Installfest 38