OpenStack Security Guide

OpenStack Foundation

Copyright © 2013 OpenStack Foundation

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License

http://creativecommons.org/licenses/by/3.0/legalcode

This book provides best practices and conceptual information about securing an OpenStack cloud.

Conventions
Document change history

1. Acknowledgments

2. Why and how we wrote this book

Objectives
How
How to contribute to this book

3. Introduction to OpenStack

Cloud types
OpenStack service overview

4. Security Boundaries and Threats

Security Domains
Bridging Security Domains
Threat Classification, Actors and Attack Vectors

5. Introduction to Case Studies

Case Study : Alice the private cloud builder
Case Study : Bob the public cloud provider

6. System Documentation Requirements

System Roles & Types
System Inventory
Network Topology
Services, Protocols and Ports

7. Case Studies: System Documentation

Alice's Private Cloud
Bob's Public Cloud

8. Management Introduction

9. Continuous Systems Management

Vulnerability Management
Configuration Management
Secure Backup and Recovery
Security Auditing Tools

10. Integrity Life-cycle

Secure Bootstrapping
Runtime Verification

11. Management Interfaces

Dashboard
OpenStack API
Secure Shell (SSH)
Management Utilities
Out-of-Band Management Interface

12. Case Studies: Management Interfaces

Alice's Private Cloud
Bob's Public Cloud

13. Introduction to SSL/TLS

Certification Authorities
SSL/TLS Libraries
Cryptographic Algorithms, Cipher Modes, and Protocols
Summary

14. Case Studies: PKI and Certificate Management

Alice's Private Cloud
Bob's Public Cloud

15. SSL Proxies and HTTP Services

Examples
nginx
HTTP Strict Transport Security

16. API Endpoint Configuration Recommendations

Internal API Communications
Paste and Middleware
API Endpoint Process Isolation & Policy

17. Case Studies: API Endpoints

Alice's Private Cloud
Bob's Public Cloud

18. Identity

Authentication
Authentication Methods
Authorization
Policies
Tokens
Future

19. Dashboard

Basic Web Server Configuration
HTTPS
HTTP Strict Transport Security (HSTS)
Front end Caching
Domain Names
Static Media
Secret Key
Session Backend
Allowed Hosts
Cookies
Password Auto Complete
Cross Site Request Forgery (CSRF)
Cross Site Scripting (XSS)
Cross Origin Resource Sharing (CORS)
Horizon Image Upload
Upgrading
Debug

20. Compute

Virtual Console Selection

21. Object Storage

First thing to secure – the network
Securing services – general
Securing storage services
Securing proxy services
Object storage authentication
Other notable items

22. Case Studies: Identity Management

Alice's Private Cloud
Bob's Public Cloud

23. State of Networking

24. Networking Architecture

OS Networking Service placement on Physical Servers

25. Networking Services

L2 Isolation using VLANs and Tunneling
Network Services
Network Services Extensions
Networking Services Limitations

26. Securing OpenStack Networking Services

OpenStack Networking Service Configuration

27. Networking Services Security Best Practices

Tenant Network Services Workflow
Networking Resource Policy Engine
Security Groups
Quotas

28. Case Studies: Networking

Alice's Private Cloud
Bob's Public Cloud

29. Message Queuing Architecture

30. Messaging Security

Messaging Transport Security
Queue Authentication and Access Control
Message Queue Process Isolation & Policy

31. Case Studies: Messaging

Alice's Private Cloud
Bob's Public Cloud

32. Database Backend Considerations

Security References for Database Backends

33. Database Access Control

OpenStack Database Access Model
Database Authentication and Access Control
Require User Accounts to Require SSL Transport
Authentication with X.509 Certificates
OpenStack Service Database Configuration
Nova Conductor

34. Database Transport Security

Database Server IP Address Binding
Database Transport
MySQL SSL Configuration
PostgreSQL SSL Configuration

35. Case Studies: Database

Alice's Private Cloud
Bob's Public Cloud

36. Data Privacy Concerns

Data Residency
Data Disposal

37. Data Encryption

Object Storage Objects
Block Storage Volumes & Instance Ephemeral Filesystems
Network Data

38. Key Management

References:

39. Case Studies: Tenant Data

Alice's Private Cloud
Bob's Public Cloud

40. Hypervisor Selection

Hypervisors in OpenStack
Selection Criteria

41. Hardening the Virtualization Layers

Physical Hardware (PCI Passthrough)
Virtual Hardware (QEMU)
sVirt: SELinux + Virtualization

42. Case Studies: Instance Isolation

Alice's Private Cloud
Bob's Public Cloud

43. Security Services for Instances

Entropy To Instances
Scheduling Instances to Nodes
Trusted Images
Instance Migrations

44. Case Studies: Instance Management

Alice's Private Cloud
Bob's Public Cloud

45. Forensics and Incident Response

Monitoring Use Cases
References

46. Case Studies: Monitoring and Logging

Alice's Private Cloud
Bob's Public Cloud

47. Compliance Overview

Security Principles

48. Understanding the Audit Process

Determining Audit Scope
Internal Audit
Prepare for External Audit
External Audit
Compliance Maintenance

49. Compliance Activities

Information Security Management System (ISMS)
Risk Assessment
Access & Log Reviews
Backup and Disaster Recovery
Security Training
Security Reviews
Vulnerability Management
Data Classification
Exception Process

50. Certification & Compliance Statements

Commercial Standards
SOC 3
ISO 27001/2
HIPAA / HITECH
Government Standards

51. Privacy

52. Case Studies: Compliance

Alice's Private Cloud
Bob's Public Cloud

A. Community support

Documentation
ask.openstack.org
OpenStack mailing lists
The OpenStack wiki
The Launchpad Bugs area
The OpenStack IRC channel
Documentation feedback
OpenStack distribution packages

List of Figures

21.1. An example diagram from the OpenStack Object Storage Administration Guide (2013)
21.2. Object storage network architecture with a management node (OSAM)

Questions? Discuss on ask.openstack.org
Found an error? Report a bug against this page

loading table of contents...

Search Highlighter (On/Off)