Leveraging Cloud SDNs to Solve OWASP Top Ten
John Studarus at AppSec California 2018
Historically, implementing network security controls within a virtualized cloud environment have been difficult to implement requiring tricky networking and hypervisor integration. Advancements in software-defined networking (SDN) now allow virtualized security controls to be implemented within virtual layer 2 (media link) network reducing the complexity. Through the use of SDN defined service chains, network traffic can be required to flow through security controls allowing policy to be implemented within the virtual network itself. This presentation illustrates how common security functions (such as Snort) can be virtualized and injected within layer 2 of a virtual network without requiring any layer 3 (IP) networking changes.
This presentation elaborates on the open-source technologies available to make implementing networking virtualized web security a reality. The presentation culminates in a walk-through of a full workshop available via GitHub for those that are interested in trying out the full implementation. This work has been completed using open-source software including Linux (CentOS), Snort, nginx, and OpenStack.
John Studarus is a technical risk, compliance, and security advisor at JHL Consulting. He has over 20 years of software product development across the finance, high tech, government and healthcare industries, including working with internal and external technical teams, business partners, customer, internal compliance and legal to lead the product direction of large-scale cloud-based solutions. John’s areas of focus include software and product development, security best practices, compliance and cloud computing, and operational security and technical risk management and auditing.
Website is https://github.com/OpenStackSanDiego/SecurityServiceChains/
This presentation elaborates on the open-source technologies available to make implementing networking virtualized web security a reality. The presentation culminates in a walk-through of a full workshop available via GitHub for those that are interested in trying out the full implementation. This work has been completed using open-source software including Linux (CentOS), Snort, nginx, and OpenStack.
John Studarus is a technical risk, compliance, and security advisor at JHL Consulting. He has over 20 years of software product development across the finance, high tech, government and healthcare industries, including working with internal and external technical teams, business partners, customer, internal compliance and legal to lead the product direction of large-scale cloud-based solutions. John’s areas of focus include software and product development, security best practices, compliance and cloud computing, and operational security and technical risk management and auditing.
Website is https://github.com/OpenStackSanDiego/SecurityServiceChains/