Security on a cloud

Started by TheBigDog, November 03, 2015, 12:44:06 PM

Previous topic - Next topic

TheBigDog

Hi

At the moment I am trying to come up with a proposal for a college project. What I have in mind is to implement security on a private cloud.

The aim of my project will be to implement a private cloud. During my implementation of the cloud my overall goal will be to cover a number of security design features that will make my private cloud more secure when deployed. A number of these features will include:
•   Security foundation considerations
•   Infrastructure  security considerations
•   Platform security considerations
•   Software security considerations
•   Service delivery security considerations
•   Management security considerations
•   Client security consideration
•   Legal considerations
I aim also to talk about the challenges there is for private cloud security.


Some general tips and suggestions would be appreciated ! I am being recommended to use a public cloud and what are your thoughts about using that instead of a private cloud ?


dlots

Public clouds are nice cause your just paying rent on them for your devices, the down side is you have to deal with their decisions and limitations.  In general if you have a large IT department I would do private, if you just need a few small servers that don't need messed with much I would go for a public cloud.

Be sure you consider up-time, at least for us AWS doesn't guarantee enough up-time so we are doing multiple cloud providers.

TheBigDog

Never thought of considering up time ( must have slipped my mind ). Public cloud sounds more what I have in mind. But how would one start with implementing a public cloud for a college project ?

icecream-guy

:professorcat:

My Moral Fibers have been cut.

TheBigDog

Cheers bud. Any reason in particular why you choose AWS ?

dlots

AWS is one of the big names these days (it's what I would go with), and if your careful you can do something small for free
https://aws.amazon.com/free/

TheBigDog

I know this might sound stupid but could I use system center 2012 R2, windows server 2012 R2, Hyper-V and AWS to build a cloud ?

deanwebb

Yes. A cloud is only centralized storage that is available from any location with Internet connectivity. The server pieces of it are easily assembled. Keeping them secure, ah, that's the tricky part!
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.

icecream-guy

Quote from: TheBigDog on November 03, 2015, 02:41:45 PM
Cheers bud. Any reason in particular why you choose AWS ?

no reason in particular.
:professorcat:

My Moral Fibers have been cut.

TheBigDog

I found this article that outlines the building of a private cloud , http://blogs.technet.com/b/keithmayer/archive/2013/04/01/build-your-private-cloud-in-a-month-new-article-series.aspx

Any recommendations on security features that I could add to it or any general recommendations ?

Thanks

deanwebb

When you connect, you'll be encrypted. Make sure the encryption is at the highest standard possible. You don't want to go down like some punk for using an MD5 hash with DES-56 encryption. All the cool kids are using SHA-256 and AES-128 or 256. Roll your own Windows certs from your server CA and use those guys instead of self-signed certs on your gear.
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.

TheBigDog

Really appropriate your feedback there !  Would it be much more complicated to roll out your own server CA ?

deanwebb

I imagine that there would be some trial and error involved... but it's learning well worth having.
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.

TheBigDog

Any articles you suggest reading up on for rolling out your own window certs ?

TheBigDog

I am also reading online saying that you shouldn't roll out your own ones because you should go for established ones ...