Hi Michael, Thanks for keeping us in the loop on the progress at your end. This is very nice work. I quickly read through the section you referenced in your email, and it does capture the current state of the work in OpenStack/Neutron.
~Sumit. On Wed, Aug 13, 2014 at 6:05 PM, Michael Grima <[email protected]> wrote: > Hi Everyone, > > Not sure if you remember, but a few months ago, I made the following > thread on here titled: "Firewall Web Services Research Thesis > Applicability to the OpenStack Project" > (http://lists.openstack.org/pipermail/openstack-dev/2014-May/034575.html) > > To provide a recap, this is a thesis that I am researching, and > examines the potential advantages of exposing a host's firewall via a > web service. The purpose of which is to improve the security of IaaS > environments by now providing the ability for external security > appliances, such as vulnerability scanners and IDS's, the ability to > dynamically (and perhaps automatically) respond to incidents and close > open ports to problematic virtual machines. My thesis examines the > perspective of the "infrastructure administrator", as opposed to the > "domain administrator". > > At the time I made the initial post, I was actively writing my thesis, > and I am happy to report that it is effectively "done". > > You can download the PDF here: > https://docs.google.com/file/d/0B7WyzOL96X9QWDl6R3RqRE0tMWc/edit > > I have a section that specifically mentions OpenStack (Page 44, > Section 5.3). Please review that section and let me know if it > accurately and properly describes the OpenStack effort and > corresponding projects (FWaaS, and Neutron). > > Of course, if you find any issues, please don't hesitate to point them out. > > Below are screen-videos showcasing my thesis in action: > 1.) Demo 1: Adding new rules/policies and manipulating traffic > https://docs.google.com/file/d/0B7WyzOL96X9QU0dQa0xEekFxVlk/edit > > 2.) Demo 2: Same as Demo 1, but showcasing platform independence by > applying rules to a Windows Server 2008 R2 VM > https://docs.google.com/file/d/0B7WyzOL96X9QMnRaZXBhU1FFc28/edit > > 3.) Sample OpenVAS Scenario where a VM can --only-- operate a HTTP > server on port 80. Any other server that is detected is a > violation of policy and would need to be blocked. > https://docs.google.com/file/d/0B7WyzOL96X9QYXdFdC1XbHp2R3M/edit > > 4.) OpenVAS Heartbleed Demo (as described above): > https://docs.google.com/file/d/0B7WyzOL96X9QMzRMR1UzX09vRDA/edit > > 5.) Earlier prototype of my thesis working with XEN instead of KVM: > https://docs.google.com/file/d/0B7WyzOL96X9QTVowem1ZYjJrRWM/edit > > I would be happy to answer any questions you may have. > > Thank You > > -- > Mike Grima, RHCE > > _______________________________________________ > OpenStack-dev mailing list > [email protected] > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev _______________________________________________ OpenStack-dev mailing list [email protected] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
