Merge "Adding new introudctions for chapters missing one"
This commit is contained in:
Jenkins
@@ -6,6 +6,12 @@
|
||||
xml:id="api-endpoints">
|
||||
<title>API endpoints</title>
|
||||
|
||||
<para>
|
||||
The process of engaging an OpenStack cloud is started through the
|
||||
querying of an API endpoint. While there are different challenges
|
||||
for public and private endpoints, these are high value assets that
|
||||
can pose a significant risk if compromised.
|
||||
</para>
|
||||
<para>
|
||||
This chapter recommends security enhancements for both public and
|
||||
private-facing API endpoints.
|
||||
|
||||
@@ -6,9 +6,22 @@
|
||||
xml:id="introduction">
|
||||
<title>Introduction</title>
|
||||
|
||||
<para>
|
||||
The OpenStack Security Guide is the result of a five day sprint of
|
||||
collaborative work of many individuals. The purpose of this document
|
||||
is to provide the best practice guidelines for deploying a secure
|
||||
OpenStack cloud. It is a living document that is updated as new
|
||||
changes are merged into the repository, and is meant to reflect the
|
||||
current state of security within the OpenStack community and provide
|
||||
frameworks for decision making where listing specific security
|
||||
controls are not feasible due to complexity or other environment
|
||||
specific details.
|
||||
</para>
|
||||
|
||||
<xi:include href="section_acknowledgements.xml"/>
|
||||
<xi:include href="section_why-and-how-we-wrote-this-book.xml"/>
|
||||
<xi:include href="section_introduction-to-openstack.xml"/>
|
||||
<xi:include href="section_security-boundaries-and-threats.xml"/>
|
||||
<xi:include href="section_introduction-to-case-studies.xml"/>
|
||||
|
||||
</chapter>
|
||||
|
||||
@@ -6,6 +6,24 @@
|
||||
xml:id="secure_communication">
|
||||
<title>Secure communication</title>
|
||||
|
||||
<para>
|
||||
Inter-device communication is an issue still plaguing security
|
||||
researchers. Between large project errors such as Heartbleed or more
|
||||
advanced attacks such as BEAST and CRIME, secure methods of
|
||||
communication over a network are becoming more important. It should
|
||||
be remembered, however that encryption should be applied as one part
|
||||
of a larger security strategy. The compromise of an endpoint means
|
||||
that an attacker no longer needs to break the encryption used, but
|
||||
is able to view and manipulate messages as they are processed by
|
||||
the system.
|
||||
</para>
|
||||
<para>
|
||||
This chapter will review several features around configuring TLS to
|
||||
secure both internal and external resources, and will call out
|
||||
specific categories of systems that should be given specific
|
||||
attention.
|
||||
</para>
|
||||
|
||||
<xi:include href="section_introduction-to-ssl-tls.xml"/>
|
||||
<xi:include href="section_tls-proxies-and-http-services.xml"/>
|
||||
<xi:include href="section_secure-reference-architectures.xml"/>
|
||||
|
||||
Reference in New Issue
Block a user