OpenStack Summit May 2015 Vancouver has ended
Back To Schedule
Monday, May 18 • 12:05pm - 12:45pm
Unobtrusive Intrusion Detection in OpenStack

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Administrators use Intrusion Detection Systems (IDS) to alert when hackers attack their systems. These tools have been very effective in traditional networks. But running an IDS "as-a-service" in OpenStack is a relatively unexplored topic and interesting questions arise:

--How does one configure an IDS within a softwae defined network?

--Do popular open source systems like Snort or Bro scale when monitoring many virtual machiness?

--And what happens to the hypervisor's performance when an IDS is busy monitoring logs and traffic?

This talk will discuss current work that engages these questions. In this instance, the IDS is run on a separate machine than the hypervisor, so processing network traffic does not degrade performance. We will show the virtual network that accomplishes this and point to future directions. We will also discuss the benefits of running a host-based IDS such as OSSEC to detect hypervisor break-ins.

avatar for Dan Lambright

Dan Lambright

Software Engineer, Red Hat
Dan Lambright is a principal software engineer at Red Hat, where he works on distributed storage systems. Prior to Red Hat is worked at EMC, DELL, and several storage startups. He also teaches as an adjunct professor at the University of Massachusetts, Lowell.

Monday May 18, 2015 12:05pm - 12:45pm PDT
Room 211

Attendees (0)