SSH hardening for cloud virtual machines

What’s specific to Cloud Virtual Machines? SSH is required to access your virtual machines that run in your Cloud infrastructure, so you can not disable it. Due to new threats that arise with IaaS Cloud Computing (Cloud Security Alliance Top Threats), you must protect your infrastructure against Malicious insiders. Even if we refer to IaaS…

How to detect side-channel attacks in cloud infrastructures

Cloud Computing is a disruptive technology which brought enormous benefits. However, even if the benefits are countless, there are several security challenges, such as elasticity and multi-tenancy, which require an innovative approach. Indeed, traditional security tools are not suitable for Cloud Computing, since infrastructures can be very dynamic. Therefore, automation is the only answer to…

Elastic Vulnerability Assessment (EVA) Credentials for AWS EC2 and VPC

One of the major obstacles to Elastic Detector adoption is the step where infrastructure API credentials are asked. Security guys do not easily give their keys to strangers. We fully understand that, so we have proposed two solutions: Virtual appliance, such as an AMI on the AWS marketplace. We provide VMware (vmdk) and KVM versions…

Cloud OpenSource Conference at Sophia Antipolis

I was pleased to be an invited speaker at the french conference on OpenSource and Cloud Computing organized by Telecom Valley. Along great presentations from fellows from Google, IBM and Orange, I did a 30,000 feet overview of the open source solutions for Infrastructure as a Service (IaaS) Security. What I found very useful was the…