Cloud Computing - Network Security Practices

This blog post gives a basic idea about the best practices of Network security for Cloud Computing.

Good security practices cover every aspect of system design, implementation and deployment. Applications should secure by design. That is interfaces should only contain the appropriate data to authorized users. When concerning the Implementation developers should avoid using coding which could result in vulnerability to techniques such as buffer overflow or SQL injection. When deployed, operating systems should be hardened and every layer of software should kept up to date with the most recent security patches.

When concerning about Cloud Computing all applications are deployed in a shared network environment and there are security techniques such as VLANs and port filtering. These techniques help to protect various layers of application deployment architecture.

There are some approaches available to Network Security. Using a security domain is one of them. Security domains can be use to group virtual machines together and then can control access to the domain through the cloud provider’s port filtering capabilities. For an example create a security domain for front-end Web Servers and open only the HTTP and HTTPS ports to the outside world and then filter traffic from the Web server security domain to the one containing back-end data base.  

Another approach is control the traffic using the cloud provider’s port-based filtering or using more stateful packet filtering by inserting content switches or firewall appliances. The concept of Immutable Service Containers (ISCs) can be used to have more fine-grained control over traffic. This allows multiple layers of software to be deployed in a single virtual machine and there is a network which is internal to the virtual machine. This technology uses Solaris Zones to support multiple secure virtual environments on a shared OS platform and this is available in both the Solaris and Open Solaris Operating Systems.