DevConf.cz 2016 has ended
Can’t make it to #DevConfCZ for any reason? You can still attend virtually: youtube.com/RedHatCzech
Back To Schedule
Saturday, February 6 • 17:20 - 18:00
Intrusion Detection in the Cloud

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Administrators use Intrusion Detection Systems (IDS) to alert when hackers attack their systems. These tools have been very effective in traditional networks. But running an IDS "as-a-service" in OpenStack is a relatively unexplored topic and interesting questions arise:

--How does one configure an IDS within a software defined network (SDN)? What challenges do a SDN present?

--Do popular open source systems like Snort or Bro scale when monitoring many virtual machiness?

--And what happens to the hypervisor's performance when an IDS is busy monitoring logs and traffic?

This talk will discuss current work that engages these questions. In this instance, the IDS is run on a separate machine than the hypervisor, so processing network traffic does not degrade performance. We will show the virtual network that accomplishes this and point to future directions. We will also discuss the benefits of running a host-based IDS such as OSSEC to detect attacks on the hypervisor.

avatar for Dan Lambright

Dan Lambright

Software Engineer, Red Hat
Dan Lambright is a principal software engineer at Red Hat, where he works on distributed storage systems. Prior to Red Hat is worked at EMC, DELL, and several storage startups. He also teaches as an adjunct professor at the University of Massachusetts, Lowell.

Saturday February 6, 2016 17:20 - 18:00 CET
a. D105 (300 places)