فا

‫ Security Considerations for Cloud Computing (Part 4) - Resource Pooling (part one)

IRCAR201307181

Date:2013-07-21


Introduction

In this series on private cloud security, we have already talked about what defines the private cloud and then we looked at two of the essential characteristics of cloud computing: broad network access and on-demand self-service. We discussed how each of these enter into your security considerations and the impact that they have on private cloud security. In this article, we will continue with the theme and pick up on the third essential characteristic of cloud computing: pooled resources.
What is Resource Pooling?
Resource pooling in a private cloud enables the hypervisor to reassign tenants to different locations in the cloud to optimize resource usage; this is what VMware DRS and Hyper-V PRO can do. The virtualization solution must scrub any resources, especially storage and RAM, before reassigning them to another tenant. Data belonging to the original tenant must not be exposed to the new tenant. In the private cloud, automation will take care of the clearing and allocation of resources to tenants.
Security Implications
Resource pooling in a private cloud will affect your security design in several ways. You can expect to encounter some or all of the following categories of issues:
· Issues related to reuse of resources by different tenant applications
· Issues related to co-locating services that belong to different tenants on the same server
· Issues related to automated processes that handle the allocation and de-allocation of resources
In a typical private cloud, the resources the tenant uses could be hosted on any of the devices in the cloud that offer that resource. For example, when a consumer of the cloud service provisions and starts a virtual machine in the private cloud, that virtual machine could be hosted on any of the servers in the private cloud. One consequence that follows from this arrangement is that the same machine could end up hosting applications and services that belong in different security zones, and those applications and services may themselves include different security capabilities, such as authentication and authorization.
Addressing Escalation of Privilege Issues
Your design must consider the risk that a low business impact service might be more easily compromised and the attacker will then be able to leverage that weakness to attack higher business impact services. An attack might be an attempt to the steal high business impact data, or to make the high value service unavailable by creating a denial of service on a lower business impact service.
The infrastructure layer typically includes monitoring of network traffic. Network traffic monitoring and IDS/IPS can identify unusual traffic that might indicate an attack on the infrastructure is in progress or that some element in the cloud is compromised.
Network Abstraction using Virtualization
Hypervisors support virtualizing the networking aspects of the infrastructure to enable the separation of logical and physical network traffic. This can create a situation where network traffic does not pass through a physical switch device and so may not be monitored. This introduces the risk that your network analysis tools will not be able to access all network traffic. You must determine whether this risk is acceptable or whether you must mitigate it by taking one or more of the following actions:
· Send all network traffic through your physical network devices and do not allow intra-server VM to VM traffic over only virtual connections.
· Add monitoring functionality to each server to monitor each virtual network by using network software analogues of physical monitoring devices.
· Use a virtualization solution that enables virtualized network traffic monitoring devices, such as the extensible virtual switch that is expected to be available in the next version of Windows server.
Network traffic between virtual machines should be encrypted to protect data while in transit. On-the-wire encryption means that IDS/IPS solutions will not be able to inspect the traffic. However, you can use IPsec to provide authentication only without encryption, which is a new IPsec capability that’s included in Windows Server 2008 R2.
Related Links:
Resource:


نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 18 مرداد 1393

دسته‌ها

امتیاز

امتیاز شما
تعداد امتیازها: 0