Difference between revisions of "Solum/SecurityRequirements"
< Solum
(Security Requirements) |
|||
| Line 5: | Line 5: | ||
Solum is a relatively large project with a diverse set of contributors. This page will attempt to capture the security features which will be implemented in Solum's core code base in order to coordinate efforts with the community. This will also include a list of features that the Solum operator/administrator should implement. | Solum is a relatively large project with a diverse set of contributors. This page will attempt to capture the security features which will be implemented in Solum's core code base in order to coordinate efforts with the community. This will also include a list of features that the Solum operator/administrator should implement. | ||
| − | Why doesn't Solum implement all security features? There are many Solum implementation options and local environment requirements that would make this extremely difficult to impossible. | + | Why doesn't Solum implement all security features? There are many Solum implementation options and local environment requirements that would make this extremely difficult to impossible. Each operator will likely have their own level of security requirements. |
Much of the material used in this document comes from the OpenStack Security Guide: http://docs.openstack.org/security-guide/content/openstack_user_guide.html | Much of the material used in this document comes from the OpenStack Security Guide: http://docs.openstack.org/security-guide/content/openstack_user_guide.html | ||
| − | Assumptions: | + | |
| + | '''Assumptions''': | ||
* Will consider Solum to be equivalent to an OSSG-defined "public cloud" with regard to threat model | * Will consider Solum to be equivalent to an OSSG-defined "public cloud" with regard to threat model | ||
=== Solum Security Features === | === Solum Security Features === | ||
| − | + | {| class="wikitable sortable" | |
| + | |- | ||
| + | ! Req # !! Status !! Milestone !! Doc Location !! Description | ||
| + | |- | ||
| + | | 1 || 2 || 3 || 4 || 5 | ||
| + | |- | ||
| + | | a || b || c || d || e | ||
| + | |} | ||
=== Operator Security Features === | === Operator Security Features === | ||
| − | + | These are recommended security features that an operator should implement but it is ultimately the operator's choice. | |
| + | |||
| + | {| class="wikitable sortable" | ||
| + | |- | ||
| + | ! Req # !! Doc Link !! Description | ||
| + | |- | ||
| + | | || [http://docs.openstack.org/security-guide/content/ch008_system-roles-types.html#ch008_system-roles-types-idp50832 Chapter 6 - Hardware Inventory] || Configuration Management Database: CMDB's are normally used for hardware asset tracking and overall life-cycle management. By leveraging a CMDB, an organization can quickly identify cloud infrastructure hardware (e.g. compute nodes, storage nodes, and network devices) that exists on the network but may not be adequately protected and/or forgotten. | ||
| + | |- | ||
| + | | || [http://docs.openstack.org/security-guide/content/ch008_system-roles-types.html#ch008_system-roles-types-idp53536 Chapter 6 - Software Inventory] || all software components within the OpenStack deployment should be documented. Components here should include system databases; OpenStack software components and supporting sub-components; and, supporting infrastructure software such as load-balancers, reverse proxies, and network address translators. Having an authoritative list like this may be critical toward understanding total system impact due to a compromise or vulnerability of a specific class of software. | ||
| + | |||
| + | |} | ||
Revision as of 19:19, 11 December 2013
Note: This is currently a living document under frequent updates. This is meant to capture the Solum community's collective stance on security features but is not approved at this point.
Solum Security Requirements
Solum is a relatively large project with a diverse set of contributors. This page will attempt to capture the security features which will be implemented in Solum's core code base in order to coordinate efforts with the community. This will also include a list of features that the Solum operator/administrator should implement.
Why doesn't Solum implement all security features? There are many Solum implementation options and local environment requirements that would make this extremely difficult to impossible. Each operator will likely have their own level of security requirements.
Much of the material used in this document comes from the OpenStack Security Guide: http://docs.openstack.org/security-guide/content/openstack_user_guide.html
Assumptions:
- Will consider Solum to be equivalent to an OSSG-defined "public cloud" with regard to threat model
Solum Security Features
| Req # | Status | Milestone | Doc Location | Description |
|---|---|---|---|---|
| 1 | 2 | 3 | 4 | 5 |
| a | b | c | d | e |
Operator Security Features
These are recommended security features that an operator should implement but it is ultimately the operator's choice.
| Req # | Doc Link | Description |
|---|---|---|
| Chapter 6 - Hardware Inventory | Configuration Management Database: CMDB's are normally used for hardware asset tracking and overall life-cycle management. By leveraging a CMDB, an organization can quickly identify cloud infrastructure hardware (e.g. compute nodes, storage nodes, and network devices) that exists on the network but may not be adequately protected and/or forgotten. | |
| Chapter 6 - Software Inventory | all software components within the OpenStack deployment should be documented. Components here should include system databases; OpenStack software components and supporting sub-components; and, supporting infrastructure software such as load-balancers, reverse proxies, and network address translators. Having an authoritative list like this may be critical toward understanding total system impact due to a compromise or vulnerability of a specific class of software. |
