summaryrefslogtreecommitdiffstats
path: root/docs/development/opnfvsecguide/introduction/background.rst
diff options
context:
space:
mode:
authorSofia Wallin <sofia.wallin@ericsson.com>2016-11-23 14:49:15 +0100
committerSofia Wallin <sofia.wallin@ericsson.com>2016-11-24 16:21:30 +0100
commitd438301ca7244e66d5082312e3e84fcfb219f11b (patch)
tree858fc757706d451ac52e17ba75e4c0d7b4a2ef6d /docs/development/opnfvsecguide/introduction/background.rst
parent978b48ae0117c80d3dc7cced5e09e08e9efe929b (diff)
Adjusted the docs repo structure for D release work
Change-Id: I9befe06c424c726e17d754bc480413b2430549ba Signed-off-by: Sofia Wallin <sofia.wallin@ericsson.com>
Diffstat (limited to 'docs/development/opnfvsecguide/introduction/background.rst')
-rw-r--r--docs/development/opnfvsecguide/introduction/background.rst38
1 files changed, 38 insertions, 0 deletions
diff --git a/docs/development/opnfvsecguide/introduction/background.rst b/docs/development/opnfvsecguide/introduction/background.rst
new file mode 100644
index 000000000..bd7e44d01
--- /dev/null
+++ b/docs/development/opnfvsecguide/introduction/background.rst
@@ -0,0 +1,38 @@
+Background
+----------
+
+Pre-virtualization security protection was largely centered on the network.
+Malicious attacks from hostile machines, would seek to exploit network based
+operating systems and applications, with the goal of compromising their
+target node.
+
+Physical security had always been a much simpler business, with most focus on
+the secure access of the data center hardware.
+In-turn security was built up in layers (defense in depth) where machines
+would be
+daisy chained with network cables via security appliances to provide
+controlled segmentation and isolation.
+This form of security was built upon the principle of an 'air gap'
+being present,
+whereby machines were separate physical units, joined largely by the
+network stack.
+
+With the advent of virtualization (namely the hypervisor), new attack
+vectors have
+surfaced as the 'air-gap' is no longer key design aspect for security.
+Further to this elements orchestation nodes and network controllers
+lead to an even wider attack surface:
+
+* Guests breaking isolation of the hypervisor.
+
+* Unauthorized access and control of supporting orchestration nodes.
+
+* Unauthorized access and control of supporting overlay network control systems.
+
+The hypervisor and the overlay network have now become the 'Achilles heel'
+whereby all tenant data isolation is enforced within the hypervisor and its
+abstraction
+of hardware and the virtualized overlay network.
+
+This guide has been formulated, in order to assist users of the OPNFV platform
+in securing an Telco NFV / SDN environment.