Good security practices permeate every aspect of system design, implementation, and deployment. Applications must be secure by design, with interfaces that present only the appropriate data to authorized users. During implementation, developers must take care to avoid coding practices that could result in vulnerability to techniques such as buffer overflow or SQL injection. When deployed, operating systems should be hardened and every layer of software kept up to date with the most recent security patches.
In cloud computing, applications are deployed in a shared network environment, and very straightforward security techniques such as VLANs and port filtering are used to segment and protect various layers of an application deployment architecture as well as isolating customers from each other. Some approaches to network security include:
• Use security domains to group virtual machines together, and then control access to the domain through the cloud provider’s port filtering capabilities. For example, create a security domain for front-end Web servers, open only the HTTP or HTTPS ports to the outside world, and filter traffic from the Web server security domain to the one containing back-end databases.
• Control traffic using the cloud provider’s port-based filtering, or utilize more stateful packet filtering by interposing content switches or firewall appliances where appropriate. For even more fine-grained control over traffic, the concept of Immutable Service Containers (ISCs) allow multiple layers of software to be deployed in a single virtual machine, with pre-plumbed networking that is kept internal to the virtual machine. This technology uses Solaris™ Zones to support multiple secure virtual environments on a shared OS platform, and is available with both the Solaris and OpenSolaris Operating Systems.
Source of Information : Introduction to Cloud Computing architecture White Paper 1st Edition, June 2009
In cloud computing, applications are deployed in a shared network environment, and very straightforward security techniques such as VLANs and port filtering are used to segment and protect various layers of an application deployment architecture as well as isolating customers from each other. Some approaches to network security include:
• Use security domains to group virtual machines together, and then control access to the domain through the cloud provider’s port filtering capabilities. For example, create a security domain for front-end Web servers, open only the HTTP or HTTPS ports to the outside world, and filter traffic from the Web server security domain to the one containing back-end databases.
• Control traffic using the cloud provider’s port-based filtering, or utilize more stateful packet filtering by interposing content switches or firewall appliances where appropriate. For even more fine-grained control over traffic, the concept of Immutable Service Containers (ISCs) allow multiple layers of software to be deployed in a single virtual machine, with pre-plumbed networking that is kept internal to the virtual machine. This technology uses Solaris™ Zones to support multiple secure virtual environments on a shared OS platform, and is available with both the Solaris and OpenSolaris Operating Systems.
Source of Information : Introduction to Cloud Computing architecture White Paper 1st Edition, June 2009
|
|
0 comments
Post a Comment