Remerciez-le!

Remerciez @Admin pour avoir partagé cet document gratuitement, de la manière la plus simple, en partageant sur les réseaux sociaux.

Security guide 1 OpenStack Security Guide March havana OpenStack Security Guide havana - - Copyright ? OpenStack Foundation Some rights reserved This book provides best practices and conceptual information about securing an OpenStack cloud Except where ot

OpenStack Security Guide March havana OpenStack Security Guide havana - - Copyright ? OpenStack Foundation Some rights reserved This book provides best practices and conceptual information about securing an OpenStack cloud Except where otherwise noted this document is licensed under Creative Commons Attribution License http creativecommons org licenses by legalcode i TM C COpenStack Security Guide March havana Table of Contents Preface Conventions Document change history Acknowledgments Why and how we wrote this book Objectives How How to contribute to this book Introduction to OpenStack Cloud types OpenStack service overview Security Boundaries and Threats Security Domains Bridging Security Domains Threat Classi ?cation Actors and Attack Vectors Introduction to Case Studies Case Study Alice the private cloud builder Case Study Bob the public cloud provider System Documentation Requirements System Roles Types System Inventory Network Topology Services Protocols and Ports Case Studies System Documentation Alice's Private Cloud Bob's Public Cloud Management Introduction Continuous Systems Management Vulnerability Management Con ?guration Management Secure Backup and Recovery Security Auditing Tools Integrity Life-cycle Secure Bootstrapping Runtime Veri ?cation Management Interfaces Dashboard OpenStack API Secure Shell SSH Management Utilities Out- of-Band Management Interface iii COpenStack Security Guide March havana Case Studies Management Interfaces Alice's Private Cloud Bob's Public Cloud Introduction to SSL TLS Certi ?cation Authorities SSL TLS Libraries Cryptographic Algorithms Cipher Modes and Protocols Summary Case Studies PKI and Certi ?cate Management Alice's Private Cloud Bob's Public Cloud SSL Proxies and HTTP Services Examples nginx HTTP Strict Transport Security API Endpoint Con ?guration Recommendations Internal API Communications Paste and Middleware API Endpoint Process Isolation Policy Case Studies API Endpoints Alice's Private Cloud Bob's Public Cloud Identity Authentication Authentication Methods Authorization Policies Tokens Future Dashboard Basic Web Server Con ?guration HTTPS HTTP Strict Transport Security HSTS Front end Caching Domain Names Static Media Secret Key Session Backend Allowed Hosts Cookies Password Auto Complete Cross Site Request Forgery CSRF Cross Site Scripting XSS iv COpenStack Security Guide March havana Cross Origin Resource Sharing CORS Horizon Image Upload Upgrading Debug Compute Virtual Console Selection Object Storage First thing to secure ?? the network Securing services ?? general Securing storage services Securing proxy services Object storage authentication Other notable items Case Studies Identity Management Alice's Private Cloud Bob's Public Cloud State of Networking Networking Architecture OS Networking Service placement on Physical Servers Networking Services L Isolation using VLANs and Tunneling Network Services Network Services Extensions Networking Services Limitations Securing OpenStack Networking Services OpenStack Networking Service Con ?guration Networking Services Security Best Practices Tenant Network Services Work ow Networking Resource Policy Engine Security Groups Quotas Case Studies Networking Alice's Private Cloud Bob's Public Cloud Message Queuing Architecture Messaging Security Messaging Transport Security Queue Authentication and Access Control Message Queue Process Isolation Policy Case Studies Messaging Alice's Private Cloud Bob's Public Cloud Database Backend Considerations v COpenStack Security Guide March havana Security References for Database Backends Database Access Control OpenStack Database Access Model Database Authentication and Access Control Require User Accounts to Require SSL Transport Authentication with X Certi ?cates OpenStack Service