In the Juno summit, Symantec presented it's perspective on securing Keystone. Security is really a mindset and process. We proposed a layered security approach starting with the process for securing Keystone architecture, followed by securing the environment where Keystone is deployed and configured. Since then we have been implementing those security measures in our production environment. In this talk, we will discuss exactly how we have made our Keystone deployment secure and what we have learnt along the way.
Specifically, we will cover:
- Keystone's LDAP capabilities
- Two factor authentication
- How to avoid storing plaintext password in configuration files?
- Generic guidelines on how to secure OpenStack endpoints
- Autonomous authentication using Trusts
- How to secure Keystone event notifications?
- Keystone Intrusion Detection