OpenStack Cloud Security

Build a secure OpenStack cloud to withstand all common attacks

About This Book

• Design, implement, and deliver a safe and sound OpenStack cluster using best practices
• Create a production-ready environment and protect your data on the cloud
• A step-by-step tutorial packed with real-world solutions that helps you learn easily and quickly

Who This Book Is For

If you are an OpenStack administrator or developer, or wish to build solutions to protect your OpenStack environment, then this book is for you. Experience of Linux administration and familiarity with different OpenStack components is assumed.

What You Will Learn

• Secure your servers, data center, and network to improve your environment for the cloud
• Gain insights into ISP intercept and social engineering
• Explore automated attacks with the help of mass phishing, brute force, and automated exploitation tools
• Secure your OpenStack installation from a networking perspective at both low and high levels
• Get to know how to secure your OpenStack to use only encrypted communications for APIs
• Configure secure communications on the OpenStack API
• Harden OpenStack Keystone and Horizon for a more secure environment
• Protect the Swift replication mechanism through network hardening

In Detail

OpenStack is a system that controls large pools of computing, storage, and networking resources, allowing its users to provision resources through a user-friendly interface. OpenStack helps developers with features such as rolling upgrades, federated identity, and software reliability.

You will begin with basic security policies, such as MAC, MLS, and MCS, and explore the structure of OpenStack and virtual networks with Neutron. Next, you will configure secure communications on the OpenStack API with HTTP connections. You will also learn how to set OpenStack Keystone and OpenStack Horizon and gain a deeper understanding of the similarities/differences between OpenStack Cinder and OpenStack Swift.

By the end of this book, you will be able to tweak your hypervisor to make it safer and a smart choice based on your needs.

建立一個安全的OpenStack雲端，以抵禦所有常見攻擊

關於本書
- 使用最佳實踐設計、實施和提供安全的OpenStack叢集
- 建立可投入生產環境並保護雲端上的資料
- 提供實際解決方案的逐步教學，幫助您輕鬆快速地學習

本書適合對象
- 如果您是OpenStack管理員或開發人員，或者希望建立解決方案以保護OpenStack環境，那麼本書適合您。需要具備Linux管理經驗和對不同OpenStack組件的熟悉。

您將學到什麼
- 保護伺服器、資料中心和網路，以改善雲端環境
- 了解ISP攔截和社交工程的見解
- 使用大規模釣魚、暴力破解和自動化利用工具探索自動化攻擊
- 從網路角度保護您的OpenStack安裝，包括低層和高層
- 了解如何使您的OpenStack僅使用加密通訊進行API
- 配置OpenStack API的安全通訊
- 強化OpenStack Keystone和Horizon，以獲得更安全的環境
- 通過網路強化保護Swift複製機制

詳細內容
OpenStack是一個控制大型計算、儲存和網路資源的系統，允許使用者通過使用者友好的介面來配置資源。OpenStack通過提供滾動升級、聯合身份和軟體可靠性等功能，幫助開發人員。

您將從基本的安全策略開始，例如MAC、MLS和MCS，並探索OpenStack和虛擬網路結構。接下來，您將使用HTTP連接配置OpenStack API的安全通訊。您還將學習如何設置OpenStack Keystone和OpenStack Horizon，並更深入地了解OpenStack Cinder和OpenStack Swift之間的相似性/差異。

通過閱讀本書，您將能夠根據自己的需求調整您的虛擬化監控器，使其更安全且更智能。