by Justin Collins, CEO of Brakeman, Inc.
Historically, implementing network security controls within a virtualized cloud environment have been difficult to implement requiring tricky networking and hypervisor integration. Advancements in software-defined networking (SDN) now allow virtualized security controls to be implemented within virtual layer 2 (media link) network reducing the complexity. Through the use of SDN defined service chains, network traffic can be required to flow through security controls allowing policy to be implemented within the virtual network itself. This presentation illustrates how common security functions (such as Snort) can be virtualized and injected within layer 2 of a virtual network without requiring any layer 3 (IP) networking changes.
This presentation elaborates on the open-source technologies available to make implementing networking virtualized web security a reality. The presentation culminates in a walk-through of a full workshop available via GitHub for those that are interested in trying out the full implementation. This work has been completed using open-source software including Linux (CentOS), Snort, nginx, and OpenStack.
Justin has been an application security engineer at SurveyMonkey, Twitter, and AT&T Interactive, and is the primary author of Brakeman, an open source static analysis security tool for Ruby on Rails.
Managed by the official OWASP Media Project