The different kinds of security threats
As we have seen in the previous chapter, when we speak about security, we can mean multiple things. Also, as we have just seen that private and public clouds present different kinds of security issues. We are now going to analyze the various attacks that you can encounter when administering an OpenStack cloud.
Possible attackers
Let's start by identifying the possible attackers we can face. They can be divided in different ways based on their goals; in this case, we will distinguish them as the following:
- Automated attacks/Script kiddies: Automated vulnerability scanning/exploitation.
- Motivated individuals: This includes multiple kinds of attackers, such as small-scale industrial espionage, rogue or malicious employees, or disaffected customers. They act alone.
- Highly capable groups: These groups often refer to themselves as Hacktivist and are not typically commercially funded, but can pose a serious threat to service providers and cloud operators...