Questions & Answers: Security in bwCloud
What does "security" mean in the bwCloud?[faq_security_1]
With the term "security" we refer in the bwCloud to the security and protection of the entire operating environment. The bwCloud infrastructure is a shared environment, i.e. different users share the same hardware. For this reason, the bwCloud operating group must ensure that all users have access to the resources and that there are as far as possible, no interference from individuals.
security, bwCloud, operating environment
Are individual instances secured by the bwCloud operating group?[faq_security_2]
No, the bwCloud operations group focuses its security measures exclusively on ensuring the operation of the bwCloud infrastructure and all related components as a whole. Single or individual instances are not secured ("managed") by the bwCloud operating group.
The respective users of the virtual machines are fully responsible for the secure operation of their VMs. From the point at which a new VM is started, it is the sole responsibility of the user to ensure safe operation of the virtual machine. Therefore we recommend to perform a system update immediately after starting a new virtual machine. To do this, log in to the virtual machine via SSH and run the appropriate command to update the operating system.
individual security measures, start VM, system update, responsability,
What is a "security incident"?[faq_security_3]
The bwCloud operations group receives regular alerts from various sources if individual virtual machines within the bwCloud behave in an abnormal manner. In some cases, these notifications point to security-critical incidents or situations, for example, when third parties have broken into a running instance. In these cases we refer to them as "security incidents".
Since the bwCloud operations group must ensure the proper operation of the entire bwCloud infrastructure, such security incidents are investigated immediately after they become known using a standardized process. To do this, the owner of the virtual machine is first determined. They are informed immediately of the reported incident. At the same time, the affected virtual machine(s) are stopped in order to terminate possible faults. Together with the owner of the affected machine(s), the further steps towards a solution are then worked out and carried out.
security incident, security critical, security critical, stop instance
What do I do if I fear I've been hacked?[faq_security_4]
If your own VMs are behaving "strangely", it may be that they have been hacked. In this case, please follow these steps:
- Log in to the OpenStack Dashboard (Quicklink: https://portal.bw-cloud.org)
- Change your OpenStack service password (Quicklink: https://bw-cloud.org/q/3rFV)
- Stop the affected instances do not delete!
- Submit a ticket (Quicklink: http://bw-cloud.org/q/t) Important information: Which
instances are possibly affected? How can the "strange" behaviour describe? Which measures have already been implemented? We will contact you immediately and clarify the situation.
behaviour, suspicion, hacker, attack
Does the bwCloud operations group check the running instances, for example through so-called "penetration tests"?[faq_security_5]
No, the running instances are not checked for open ports or other characteristics. However, the entire bwCloud operating environment is monitored - for example, in the area of network monitoring the current up- and downstream streams are monitored. If the network traffic here changes abruptly, significantly and atypically above normal levels, this is checked at the node and OpenStack monitoring level.
However, we do not look inside the virtual machines!
automatic, tests, penetration tests, network monitoring