Академический Документы
Профессиональный Документы
Культура Документы
The team
Cloud Platform Engineering
Symantec Compliance Suite
Symantec Validation and ID Production (VIP)
Symantec Product Security Group
Global Security Organization (InfoSec)
Keystone Security OpenStack Summit Atlanta
OpenStack
Service
Validate Identity
Authentic
ate
Identity
token
Identit
y token
Passwords
Keys
Certs
Tokens
DoS
Infrastructure
Operating System
Auditing
Ap
pli
ca
tio
n
Environmen
t
Threat Modeling
Security Scans
Compliance
Process
6
Process
Threat Modeling
Could someone spoof the
LDAP server?
Mitigation option: LDAP
server authentication
Spoofing
Tampering
Repudiation
Information Disclosure
Denial of Service
Elevation of Privileges
1
0
Security
Build
Deploy
Patch
Environment
1
2
1
3
Keystone Compliance
G
N
I
N
E
D
R
A
H
Config
Files
Log Files
Ports
Executable
s
Environme
nt
G
N
I
T
I
D
U
A
Every deployment is
different. Start by
following the trail from
keystone.conf
Were using Symantec
Data Center Security for
Linux and OpenStack
compliance.
Other tools are out
there as well: SELinux,
Tripwire, etc.
1
4
1
5
Keysto
ne
Nova
Cinder
Swift
1
6
Application
1
7
Who is attacking
me? attack?
Will I know when
Im under
(and I will be)
What is their target?
How do I stop them?
Keystone Security OpenStack Summit Atlanta
1
8
Rate limiting to
impede brute force
attacks
Challenges to foil
automated attacks
Aggregate logs in a
central location
Perform analytics,
correlation
Prevention
Forensics
1
9
2
0
LDAP
Server
MySQL
DB
RSA
SecureI
D
RADIUS Server
Backend Driver
Identity Provider
LDAP
Server
LDAP
Driver
SQL
Driver
VIP
Service
Symantec
VIP Gateway
RADIUS
Driver
Keyston
e
2
1
How do I delegate?
2
2
Autonomous Authentication
Keysto
ne
Credenti
als
Service
Token
Nova
Considerations:
Secure cached
credentials
Limit scope
Expiration
Management
Delegation
Potential Solutions:
Cached passwords
EC2 key
Trusts
Keys
Certificates
?
2
3
Standards
2
4
Benefits
Single sign on
Improved integration
Control over credentials
Unified authentication experience
2
5
Parting thoughts
2
6
Q&A
2
7
Thank you!
Keith Newstadt
keith_newstadt@symantec.com
Copyright 2013 Symantec Corporation. All rights reserved.Symantec and the Symantec Logo are trademarks or registered trademarks
of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.
This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this
document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to
change without notice.
2
8