How to Secure an OpenStack Cloud
Providing security in OpenStack is not as easy as simply deploying a firewall and enabling antivirus; many additional controls need to be deployed, Clark said. He advocates the use of defense in depth—multiple layers and combinations of tools and techniques. "In all of our threat analysis and designs, at least at HP, we assume that all the virtual machines want to hurt us," Clark said. "We assume that everything is completely hostile." Reducing the attack surface throughout the stack is very important. To that end, one key recommendation from Clark is to deploy only the applications needed on OpenStack nodes to deliver a specific service, rather than a full Linux distribution. Looking specifically at VM breakouts, like the recent VENOM exploit, Clark provided a number of recommendations on technologies and configurations that can be used to minimize risk.Since VM breakouts happen, there is a need to have VM containment strategies in place. One way to handle VM containment is with mandatory access controls, including Security Enhanced Linux (SELinux) and AppArmor. Mandatory access controls define how a process should behave and can block rogue processes and alert administrators when a process attempts to step outside of policy. Looking beyond SELinux and AppArmor, Clark discussed the benefits of Secure Computing Mode (SECCOMP), which provides application sandboxing within Linux. Linux also has an isolation technology, known as namespaces. Clark explained that with Linux namespace isolation, a defined namespace within Linux can be isolated from other namespaces. Linux Control Groups (CGroups) also can be used to limit and isolate resource use for a given Linux process. Even with security controls in place to limit the risk of potential vulnerabilities, the ability to also update and patch a server is also important, Clark said. "Controls don't fix things like VENOM. They just buy you time to react without breaking your business," he said. While multiple sets of controls and policies can be used to help secure an OpenStack cloud, "don't use the default passwords," Clark said. Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.
"VM breakouts aren't unicorns; they actually happen fairly regularly in the wild," Clark said.