Monitoring commercial cloud service providers CERN openlab Summer Students Lightning Talk Sessions...
-
Upload
magnus-carter -
Category
Documents
-
view
218 -
download
0
Transcript of Monitoring commercial cloud service providers CERN openlab Summer Students Lightning Talk Sessions...
Monitoring commercial cloud service providers
CERN openlab Summer Students Lightning Talk Sessions
Lassi Kojo
› 19/08/2015
Lassi Kojo 2
Challenge
› Ever growing use by individuals and workgroups to sign- up for 3rd party cloud services
› Security issues include Accidental data leaks Where is the data? Who can access it? Availability of the data?
› How do identify different services?
› No man-in-the-middle, have to rely on IP address ranges and DNS
› Data sources: NetFlows and DNS queries
19/08/2015
Lassi Kojo 3
Challenge
› Most of the services do not provide their IP address ranges
› If a service has their own Autonomous System they probably publish their networks via Border Gateway Protocol
› If they don’t, have to rely on hostname patterns Which are unreliable
$̵ No guarantees of which domains they use (Google uses 1e100.net)$̵ If a service is running inside other service (like Amazon Web Services)$̵ Not all the servers have public DNS records, reverse DNS will fail
› Number of users can be determined most reliably by DNS queries Static and dynamic IP addresses During regular work day, your mobile device will have 4-5 different dynamic IP addresses
19/08/2015
Lassi Kojo 4
Results
19/08/2015
Lassi Kojo 5
Results
19/08/2015
Lassi Kojo 6
Impact
› Before Monitoring was limited to running queries
manually and analysing the data by hand Only a couple of services were monitored
› After Three scripts with support for 20 services and
more can be added easily Automatically analyse and plot results
19/08/2015
Lassi Kojo 7
Thank you!
19/08/2015