The open source OpenStack cloud platform is used by major corporations such as Walmart, the world’s largest carriers, such as AT&T, and even the world’s largest science experiment at CERN. While there are security elements that are directly integrated into OpenStack, security is not necessarily always the default configuration.
In a panel moderated by eSecurity Planet at the recent OpenStack Summit in Vancouver, OpenStack operators and project team members detailed what they think can and should be done by operators to further improve OpenStack security.
Vulnerability Management Teams
OpenStack as a platform consists of a broad set of open source projects that provide different capabilities. As an adjunct to the project structure, the overall project also has a Vulnerability Management Team (VMT), which handles vulnerability disclosure and security issues across the OpenStack project structure. Red Hat developer Tristan Cacqueray is part of the three-person VMT.
Cacqueray said from his perspective, security awareness within each OpenStack project is important, as each group also needs to understand the risks they face.
“The OpenStack community has been pretty good at fixing issues in a timely manner because in each project there are a few dedicated people that the VMT can engage with and and figure out how to fix issues,” Cacqueray said.
Clark Boylan is the Project Technical Leader (PTL) for the OpenStack Infrastructure project and is responsible for helping to maintain the OpenStack clouds that are used to build OpenStack itself. Boylan said one recent security incident that his team dealt with was related to an Elasticserach server that was left publicly exposed to the internet.
“It turns out that that it only takes about three minutes to get pwned,” Boylan said. “Thankfully it was only a development server.”
Boylan added that the Elasticsearch incident helped to reinforce with the OpenStack infrastructure team that they have to always be careful and that layers of security are important.
Cisco engineer Dave McCowan is the former PTL for the Barbican secrets management project at OpenStack and active contributor to the platform. In his view, there is still a need to do a better job with secure defaults and secure documentation in OpenStack.
“As engineers, we like to focus on the task at hand so we simplify everything else,” McCowan said. “So we will turn off SELinux and turn off TLS and just make everything as simple as possible but then that trickles down through the way we do our functional tests that we do and our documentation.”
Being secure by default is particularly challenging for cloud software in Cacqueray’s view because different cloud providers have different security boundaries. There are organizations, like CERN for example, that run OpenStack for an internal cloud and want to provide more access than perhaps a public cloud provider.
For OpenStack’s Infrastructure, being secure by default is particularly challenging. Boylan said that for his team as a developer of infrastructure for OpenStack, the job is to run untrusted code from untrusted people, which poses an interesting security concern.
“We do as much as possible to isolate that specific workloads into its own tenant,” Boylan said.
The OpenStack infrastructure tries to make sure that application images are relatively locked down and that IP tables firewalls are enabled by default.
“So we’re trying to build those layers around OpenStack because we know that anyone can contribute and that includes people you don’t know,” Boylan said.
Hardening OpenStack security
In the final analysis, no one OpenStack project, configuration or person will be able to provide full security for an OpenStack cloud. Rather, the panel generally agreed that having multiple layers of controls is essential for cloud security.
“It’s hard to pick one security topic as the highest priority because the hackers will just find whatever the the weak link is,” McCowan said. “So definitely look at security in layers.”
McCowan suggested starting by hardening the hardware itself against potential risks as well as the underlying operating system on which the cloud is running. Having a secure OpenStack configuration for infrastructure and workloads helps. Finally, he suggests that OpenStack operators where possible not give untrusted users the opportunity to run untrusted code.
Sean Michael Kerner is a senior editor at eSecurityPlanet and InternetNews.com. Follow him on Twitter @TechJournalist.