open source private cloud management with openstack and security evaluation with intrusion...
TRANSCRIPT
02/05/2023
1
Open Source Private Cloud Management with OpenStack and Security Evaluation with Intrusion Detection/Prevention Systems
Penetration Testing for Evaluation of Cloud’s Security
02/05/2023
2
Taking a sneak peek on cloud computing definition•Key technology for sharing resources
•Web as a space where computing has been preinstalled and exists as a service
Data centres, storage, operating systems, applications and processing power ALL shared on the web.
02/05/2023
3
Virtualization in Cloud Systems•Almost complete simulation of the actual
Hardware to allow Software to run unmodified
•Example: We have a desktop computer with Ubuntu OS and with virtualization technology we can run another Ubuntu OS, inside the Host machine, as a complete fully functional second desktop computer inside ours
02/05/2023
4
How is cloud connected to virtualization?•Easy to understand. Cloud Computing
provides: on-demand resources and dynamically
Virtualization provides : on-demand resources (you can create a virtual machine whenever you need or delete one) and dynamically (change your resources as you like, example 1) CPU, 2) CPUs, 3) CPUs
02/05/2023
5
Our Project’s Goal !•Create a Cloud using virtualization
Hardware•Specifically Using OpenStack Cloud
Management System•Secure our Cloud System with Security
software and tools
02/05/2023
6
Architecture of our Cloud System(1)•Initial plan •3 virtualized OpenStack nodes •1 OSSEC server monitoring the physical
network and servers, plus the virtualized network and servers
•Deployment of Fortification/security measures on the physical and virtualized Servers
•Testing by means of offense
02/05/2023
7
•OpenStack Networking (Neutron) Architecture
•OSSEC server-client architecture
02/05/2023
8
Architecture of our Cloud Systems(2)•Final plan:
•1 virtualized OpenStack node
•1virtualized OSSEC server
•Deployment of Fortification/security measures on the physical and virtualized Servers
•Testing by means of offense
02/05/2023
9
•DevStack OpenStack Cloud Management Architecture
•OSSEC server-client architecture
02/05/2023
10
OSSEC Features•File integrity checking•Log Monitoring •Rootkit Detection•Active Response
02/05/2023
11
OSSEC Compliance Requirements•Detect + AlertsReasons :•Unauthorized filesystem modifications•Malicious behaviour in log files
02/05/2023
12
Fortification/security measures of servers•SSH configurations for high security •Firewall rules modifications for inbound
traffic•Iptables rules modifications•Apache server security hardening with
Mod Security•Logwatch for the operating systems•Rkhunter rootkit scanner
02/05/2023
13
Attacking Scenario No.1•Sqlmap toolset. •This tool focuses primarily on exploiting
an SQL database. •The Goal of this test was to check if our
Cloud has any vulnerabilities against SQL attack methods, like SQL injections.
•Example attack command: •python sqlmap.py -u
"http://www.site.com/section.php?id=51"
02/05/2023
14
•The next method of attack is by sqlmap again trying to reach any database entries from the Dashboard (Horizon)
•The example command is:•Sqlmap –u “http://192.168.100.50” --db
02/05/2023
15
Attacking Scenario No.2•THC Hydra toolset • This tool focuses on cracking login
information •It supports quite plenty of protocols, such as
HTTP, HTTPS, SFTP, SSH (v1 and v2) SSHKEY, POSTGRE and etc.
•A first method of attack is by trying to attempt logging in as a root user on an SSH server.
•#hydra –l root –P /usr/share/wordlists/metasploit/unix_passwords.txt –t 6 ssh://192.168.100.50
02/05/2023
16
Security Evaluation of our Cloud•It endured any attack from the two scenarios. •This means the fortification is quite satisfying•Unfortunately there were not more attacking
methods in order to cover a larger area of security issues.
The result is : Our Private DevStack Cloud has achieved to stand against threats.
GOALS ACHIEVED!
02/05/2023
17
Conclusions•There is no “Best Security Strategy” for a
Cloud System.•To secure a Cloud we shall:
Be open-minded, adopt and other security products, methods used by others.
Fuse our strategy with other existing effective strategies.
Bear in mind, one wooden stick can be broken, 20 wooden sticks, will never be broken, or even worse, bend.
02/05/2023
18
Conclusions•Securing the Cloud’s infrastructure is sensible.•Securing the probable Servers hosting Cloud’s
components is sensible. •INSENSIBLE would be if only securing one of
these two. •Nevertheless, our project scope was to deploy
security measures on the Servers of the Cloud. •However, future work, shall be to research,
design and deploy the security technologies on the Cloud’s platform.
02/05/2023
19
Conclusions•Final step : Deploy and implement complementary
security technologies on the Cloud too. At last, after a lot of effort, it shall be
ready for migration to real environment.