summaryrefslogtreecommitdiffstats
path: root/docs/opnfvsecguide/introduction/background.rst
diff options
context:
space:
mode:
authorUli Kleber <ulrich.kleber@huawei.com>2015-12-18 11:35:35 +0100
committerUli Kleber <ulrich.kleber@huawei.com>2015-12-18 15:01:17 +0100
commita7b9a43192c9d4c1245839e28eb5fc0748122aa3 (patch)
tree13b73b200307fd47cd82b1f4cf9c2a175ac5c32f /docs/opnfvsecguide/introduction/background.rst
parentbe1b876c56adee484957f8a8f1c614eacdc828f5 (diff)
Fix Line Length etc for existing docs
Jira: DOCS-68 Fixing errors reported by the new tooling. platformoverview/index.rst will be fixed with the new platformoverview document (see separate patch) corrected importing logo images Change-Id: I08f73dcfeef4f2ff3a38a0372491a46798b4026b Signed-off-by: Uli Kleber <ulrich.kleber@huawei.com>
Diffstat (limited to 'docs/opnfvsecguide/introduction/background.rst')
-rw-r--r--docs/opnfvsecguide/introduction/background.rst37
1 files changed, 28 insertions, 9 deletions
diff --git a/docs/opnfvsecguide/introduction/background.rst b/docs/opnfvsecguide/introduction/background.rst
index 7766b36fa..bd7e44d01 100644
--- a/docs/opnfvsecguide/introduction/background.rst
+++ b/docs/opnfvsecguide/introduction/background.rst
@@ -1,19 +1,38 @@
Background
----------
-Pre-virtualization security protection was largely centered on the network. Malicious attacks from hostile machines, would seek to exploit network based operating systems and applications, with the goal of compromising their target node.
-
-Physical security had always been a much simpler business, with most focus on the secure access of the data center hardware.
-In-turn security was built up in layers (defense in depth) where machines would be daisy chained with network cables via security appliances to provide controlled segmentation and isolation. This form of security was built upon the principle of an ‘air gap’ being present, whereby machines were separate physical units, joined largely by the network stack.
-
-With the advent of virtualization (namely the hypervisor), new attack vectors have surfaced as the ‘air-gap’ is no longer key design aspect for security. Further to this elements orchestation nodes and network controllers lead to an even wider attack surface:
+Pre-virtualization security protection was largely centered on the network.
+Malicious attacks from hostile machines, would seek to exploit network based
+operating systems and applications, with the goal of compromising their
+target node.
+
+Physical security had always been a much simpler business, with most focus on
+the secure access of the data center hardware.
+In-turn security was built up in layers (defense in depth) where machines
+would be
+daisy chained with network cables via security appliances to provide
+controlled segmentation and isolation.
+This form of security was built upon the principle of an 'air gap'
+being present,
+whereby machines were separate physical units, joined largely by the
+network stack.
+
+With the advent of virtualization (namely the hypervisor), new attack
+vectors have
+surfaced as the 'air-gap' is no longer key design aspect for security.
+Further to this elements orchestation nodes and network controllers
+lead to an even wider attack surface:
* Guests breaking isolation of the hypervisor.
* Unauthorized access and control of supporting orchestration nodes.
-* Unauthorized access and control of supporting overlay network control systems.
+* Unauthorized access and control of supporting overlay network control systems.
-The hypervisor and the overlay network have now become the ‘Achilles heel’ whereby all tenant data isolation is enforced within the hypervisor and its abstraction of hardware and the virtualized overlay network.
+The hypervisor and the overlay network have now become the 'Achilles heel'
+whereby all tenant data isolation is enforced within the hypervisor and its
+abstraction
+of hardware and the virtualized overlay network.
-This guide has been formulated, in order to assist users of the OPNFV platform in securing an Telco NFV / SDN environment. \ No newline at end of file
+This guide has been formulated, in order to assist users of the OPNFV platform
+in securing an Telco NFV / SDN environment.