opennebulaconf 2016 - the lightweight approach to build cloud cybersecurity exercise platform by...
TRANSCRIPT
Perv
asiv
e C
ompu
ting
Lab
The Lightway Approach to Build Cloud CyberSecurity Exercise Platform
National Center for High-Performance Computing Yi-Lun Pan (Serena Pan) [email protected]
Perv
asiv
e C
ompu
ting
Lab Who’s Serena Pan??
� I am an associate researcher in NCHC, Taiwan.
� Our project is Free Software, and also Open Source
� Virtualization technology (OpenStack and OpenNebula) and Cybersecurity technology
Perv
asiv
e C
ompu
ting
Lab Outline
� What is Ezilla Project? � What is Cybersecurity?? � What does Ezilla do for Cybersecurity?? � The Core Tech. of Ezilla ◦ How to Install Ezilla ◦ Demo
Perv
asiv
e C
ompu
ting
Lab What is Ezilla
� Ezilla is designed to help users to build their own Private Cloud easily!
� Ezilla provides an user-friendly interface and an easy way to customize and configure based on users’ needs!
� Ezilla is consisted with three parts: ◦ DRBL (Diskless Remote Boot in Linux), ◦ Cloud Middleware - OpenNebula ◦ Web Interface
Perv
asiv
e C
ompu
ting
Lab
I NN I? ? ,IMN NDJI JA )TD(DMF MM P LMDJI
h cI NN I? ? ,IMN
)TD f ad k
)TD P
Virtual Machines
)TD
)TD MN L
(5 , DIB SMN H ,H Bm jlio be
Perv
asiv
e C
ompu
ting
Lab
(DMNLD ON ?D MSMN H
)TD MN L
)TD P
Virtual Machines
)TD ,IN LA
I NN I? ? ,IMN NDJI JA)TD (DMF AO P LMDJI
MN ( K JSH IN
Perv
asiv
e C
ompu
ting
Lab What is Cybersecurity in NCHC??
� NCHC Cloud Cybersecurity Exercise Platform
Ezilla provides both user-friendly and straightforward interface for Cloud users. With One Click, Cloud users can build their own on-demand virtual cluster. �
Based on Cloud Service Infrastructure, CDX provides security training service, Capture the Flags (CTF) competition service, and virtual networking service for enterprise.�
Perv
asiv
e C
ompu
ting
Lab
Real Classroom Environment Limited � Hands on in Conference ◦ Unify Environment � Time Consuming � Hard Work ◦ Lots of Computers for Audiences � Not enough computers � Not enough networks
Perv
asiv
e C
ompu
ting
Lab
DLNO MMLJJH
DLNO MMLJJH
DLNO MMLJJH
DLNO MMLJJH
DLNO MMLJJH
DLNO MMLJJH
DLNO MMLJJH
DLNO MMLJJH
CSMD CDI M
jlpgn - Ezilla
Build Virtual Classroom
Perv
asiv
e C
ompu
ting
Lab What is Cybersecurity??
� International Organization ◦ The Honeynet Project Cloud Security
Alliance FIRST Shadowserver Foundation…
� International Conference ◦ The Honeynet Project Annual Workshop
Cloud Security Alliance Congress RSABlackhat DEFCon AVAR
Perv
asiv
e C
ompu
ting
Lab
What does Ezilla do for Cybersecurity? � Simplify demos and evaluations � Reduce development and support costs � Extend applications to the cloud
Perv
asiv
e C
ompu
ting
Lab
What does Ezilla do for Cybersecurity? � System manager: ◦ One click install build private cloud -> Fast
Installation ◦ Easy to manage VMs ->Build Multiple
Template � Users: ◦ Fast and user-friendly virtual environment ◦ Could access VM with the browser which
support HTML 5 (Google chrome / firefox) ◦ Could use RDP and ssh to access VM
Perv
asiv
e C
ompu
ting
Lab Use Case
� Who use Ezilla so far.. ◦ NTU, NCTU, NCKU.. ◦ Virtual Classroom –NCTU, NCHC and Inventec � System SDN-based Networks � Software Ezilla � Hardware Zion Servers are provided by Inventec
Zion SDN-
based Networks
Inventoc Server
+ +
= 1000+ Virtual CDX Classroom
Perv
asiv
e C
ompu
ting
Lab
Create50Ubuntu�Create50Windows�Create200Linux�
It can generate a lot virtual machines (different OS or with specific application)
Perv
asiv
e C
ompu
ting
Lab
Educational Purpose for Information Security � NQJLF ( A IM I? NN F NAJLH L DIDIB◦ JOLM W DNC ( K NAJLH MNO? IN I ADI?Q FI MM M LP L I? NC I NJ KL ND I? P LDAS QC NNC S LI ?
◦ JHK NDNDJI W DNC ( K NAJLH N C LM IKLJPD? IS FDI? JA M I LDJ JHK NDNDJI
� ,IAJLH NDJI OLDNS O I L D DND M L DIDIB◦ L DI CJQ NJ ADI? PO I L M LP L
◦ ,IAJLH NDJI M OLDNS ? N I SMDM PD + ?JJK OMN L
Perv
asiv
e C
ompu
ting
Lab
The Benefit of Cloud Virtual Classroom � No time and space limited, students can
enjoy seamless education.
20
After School
In Class
Perv
asiv
e C
ompu
ting
Lab The Core Tech. of Ezilla
� I NN I? ? ,IMN NDJI◦ FD FMN LNUKL M ?
� JO? D?? Q L� . , )U 5 ?DL N U DLN, U.
� D PDLN� K I O
� V
� A!M LPD ,IN LA◦ OD ? M L!ALD I? S )IPDLJIH IN
� E R
� +� V
� - O LS
Perv
asiv
e C
ompu
ting
Lab
The Core Tech. of Ezilla DRBL
� Diskless Remote Boot in Linux ◦ NCHC Free Software Lab. ◦ Ezilla slave no need Hard Disk and Software ◦ Clonezilla is embedded, so you can copy and
reinstall computers at the same time ◦ Via PXE, you can install OS easily.
� How does Ezilla Slave use DRBL? ◦ Ezilla Diskless Version � Using Single System Image (SSI) mode � After network booting, OS is executed in memory � (SI HD RN IMDJI JHKONDIB L MJOL M� RD H I B H IN
◦ Ezilla Disk Full Version � Via PXE network booting, and then execute network
installation
Perv
asiv
e C
ompu
ting
Lab What is SPARTA
� SPARTA is a python GUI application which simplifies network infrastructure penetration testing by aiding the penetration tester in the scanning and enumeration phase.
� http://sparta.secforce.com