Chapter 2. OpenStack Security Challenges

As we have seen in the first chapter, each level of your infrastructure can be an object of the unwanted attention for an attacker. Software is no exception to this. There are a lot of attacks that aim to find bugs or misconfigurations in software and exploit them to gain access to the machines that run the software, or to data. OpenStack, with all its parts and all the software it relies on, can be a very effective attack vehicle if not safely configured, due to its very trustful policy that allows nodes to access all data if the node requires it. So, an attacker can quickly compromise and obtain your data if he or she is able to compromise a single node.

Before looking at OpenStack directly, I would like to deal with a critical aspect: security in cloud environments; that is, the ownership of machines.

In this chapter, we will to cover:

• The differences between the private and the public cloud with a focus on the security aspects
• The possible security threats to a cloud components of OpenStack