Openstack Cloud at Yahoo Scale: How to Avoid Disaster

by Anders Beitnes
Sept. 21, 2017 1 comment Black Hat belen_caty Apps & Hardening openstack yahoo

OpenStack is an Open Source project that allows you to manage a cloud of VMs that has grown into a widely adopted platform. The issue with having a centralized Infrastructure As A Service (IAAS) is that if you compromise the management cluster you can attack everything it controls, which is a lot at Yahoo scale. How do you keep your OpenStack cluster safe? What do you do when a management system, hypervisor, or VM is compromised? This talk will discuss specific things that you can do to harden your cluster and make it more difficult for a large compromise to happen. If a compromise is detected, there are specific steps you can take to reduce the impact as well as to gather intelligence you can take action on. The impact of different network architectures on OpenStack security will also be discussed.

Irina Alexandra Negrii 4 months ago

extremelly interesant and well documented paper...i really enjoyed it ..good job