diff options
author | Christopher Price <christopher.price@ericsson.com> | 2015-12-18 14:08:53 +0000 |
---|---|---|
committer | Gerrit Code Review <gerrit@172.30.200.206> | 2015-12-18 14:08:53 +0000 |
commit | 300d3d820d4af1a69117bab1343a30d470b06441 (patch) | |
tree | 96d68a84ff7967740b6225a1488ff17cdd7efa58 /docs/opnfvsecguide | |
parent | f4b9495286c89c86846c666d1960cce395eebed1 (diff) | |
parent | a7b9a43192c9d4c1245839e28eb5fc0748122aa3 (diff) |
Merge "Fix Line Length etc for existing docs"
Diffstat (limited to 'docs/opnfvsecguide')
-rw-r--r-- | docs/opnfvsecguide/compute.rst | 4 | ||||
-rw-r--r-- | docs/opnfvsecguide/compute/trust.rst | 8 | ||||
-rw-r--r-- | docs/opnfvsecguide/contribution.rst | 14 | ||||
-rw-r--r-- | docs/opnfvsecguide/getting_started.rst | 12 | ||||
-rw-r--r-- | docs/opnfvsecguide/introduction.rst | 9 | ||||
-rw-r--r-- | docs/opnfvsecguide/introduction/background.rst | 37 | ||||
-rw-r--r-- | docs/opnfvsecguide/network.rst | 2 | ||||
-rw-r--r-- | docs/opnfvsecguide/network/neutron.rst | 2 |
8 files changed, 61 insertions, 27 deletions
diff --git a/docs/opnfvsecguide/compute.rst b/docs/opnfvsecguide/compute.rst index ee8d782a7..d6c1a0159 100644 --- a/docs/opnfvsecguide/compute.rst +++ b/docs/opnfvsecguide/compute.rst @@ -4,5 +4,5 @@ Compute Security .. toctree:: :maxdepth: 2 - compute/dacmaccontrols - compute/trust
\ No newline at end of file + compute/dacmaccontrols.rst + compute/trust.rst diff --git a/docs/opnfvsecguide/compute/trust.rst b/docs/opnfvsecguide/compute/trust.rst index 50ee2a10e..2c5cc63a6 100644 --- a/docs/opnfvsecguide/compute/trust.rst +++ b/docs/opnfvsecguide/compute/trust.rst @@ -1,6 +1,10 @@ Trusted Compute --------------- -Compute security relates to the compute nodes in an OPNFV deployment. Compute nodes host various componants such as the hypervisor itself KVM-QEMU, and its serving eco-system, such as Nova (which interacts with the hypervisor using libvirt driver). +Compute security relates to the compute nodes in an OPNFV deployment. +Compute nodes host various componants such as the hypervisor itself KVM-QEMU, +and its serving eco-system, such as Nova (which interacts with the hypervisor using libvirt driver). -We also cover other aspects of what is considered compute security, such as trusted boot / pools, although of course, these can be extended to other actors such as neutron etworking nodes.
\ No newline at end of file +We also cover other aspects of what is considered compute security, +such as trusted boot / pools, although of course, +these can be extended to other actors such as neutron etworking nodes. diff --git a/docs/opnfvsecguide/contribution.rst b/docs/opnfvsecguide/contribution.rst index 954c5785e..683aa2d14 100644 --- a/docs/opnfvsecguide/contribution.rst +++ b/docs/opnfvsecguide/contribution.rst @@ -1,19 +1,22 @@ How to Contribute ----------------- -Anyone is welcome to make additions, raise bugs, and fix issues within this Documentation. To do so, you will however need to first get an enviroment set up. +Anyone is welcome to make additions, raise bugs, and fix issues within this Documentation. +To do so, you will however need to first get an enviroment set up. Development Environment ####################### -All project data such as formatting guidelines, and upstream mapping is documented via sphinx which uses reStructuredText +All project data such as formatting guidelines, and upstream mapping is documented via sphinx +which uses reStructuredText -It is recommended that you use a python virtualenv to keep things clean and contained. +It is recommended that you use a python virtualenv to keep things clean and contained. VirtualEnv ********** -Use of a virtual environment is recommended, as not only is it a quick easy form of getting the needed modules in place, it isolates the module versions to a project. +Use of a virtual environment is recommended, as not only is it a quick easy form of +getting the needed modules in place, it isolates the module versions to a project. From within your inspector directory, set up a new virtualenv:: @@ -38,4 +41,5 @@ To compile changes: make html -From here you can run a basic python web server or just navigate to the file:///<repo>/opnfv-security-guide/build/html/index.html in your browser
\ No newline at end of file +From here you can run a basic python web server or just navigate to the +file:///<repo>/opnfv-security-guide/build/html/index.html in your browser diff --git a/docs/opnfvsecguide/getting_started.rst b/docs/opnfvsecguide/getting_started.rst index cfa8b2f6b..e09507dd2 100644 --- a/docs/opnfvsecguide/getting_started.rst +++ b/docs/opnfvsecguide/getting_started.rst @@ -4,12 +4,14 @@ Getting Started Development Environment ####################### -All project data such as formatting guidelines, and upstream mapping is documented via sphinx which uses reStructuredText +All project data such as formatting guidelines, and upstream mapping is documented via sphinx +which uses reStructuredText VirtualEnv ********** -Use of a virtual environment is recommended, as not only is it a quick easy form of getting the needed modules in place, it isolates the module versions to a project. +Use of a virtual environment is recommended, as not only is it a quick easy form of +getting the needed modules in place, it isolates the module versions to a project. From within your inspector directory, set up a new virtualenv:: @@ -26,7 +28,8 @@ Install requirements:: Sphinx Basics ************* -To get started with sphinx, visit the main tutorial which will provide a primer `http://sphinx-doc.org/tutorial.html` +To get started with sphinx, visit the main tutorial which will provide a primer +`http://sphinx-doc.org/tutorial.html` Hack your changes into opnfv-security-guide/source @@ -34,4 +37,5 @@ To compile changes: make html -From here you can run a basic python web server or just navigate to the file:///<repo>/opnfv-security-guide/build/html/index.html in your browser
\ No newline at end of file +From here you can run a basic python web server or just navigate to the +file:///<repo>/opnfv-security-guide/build/html/index.html in your browser diff --git a/docs/opnfvsecguide/introduction.rst b/docs/opnfvsecguide/introduction.rst index 224b498a9..ad8083197 100644 --- a/docs/opnfvsecguide/introduction.rst +++ b/docs/opnfvsecguide/introduction.rst @@ -1,12 +1,15 @@ Introduction --------------- -The OPNFV Security Guide is the collaborative work of many individuals, involved in both the OPNFV Security Group and the wider OPNFV community. +The OPNFV Security Guide is the collaborative work of many individuals, +involved in both the OPNFV Security Group and the wider OPNFV community. -The purpose of this guide is to provide the best practice security guidelines for deploying the OPNFV platfornm. It is a living document that is updated as new changes are merged into it's repository. +The purpose of this guide is to provide the best practice security guidelines for +deploying the OPNFV platfornm. It is a living document that is updated as +new changes are merged into it's repository. .. toctree:: :maxdepth: 2 introduction/background - introduction/acknowledgements
\ No newline at end of file + introduction/acknowledgements diff --git a/docs/opnfvsecguide/introduction/background.rst b/docs/opnfvsecguide/introduction/background.rst index 7766b36fa..bd7e44d01 100644 --- a/docs/opnfvsecguide/introduction/background.rst +++ b/docs/opnfvsecguide/introduction/background.rst @@ -1,19 +1,38 @@ Background ---------- -Pre-virtualization security protection was largely centered on the network. Malicious attacks from hostile machines, would seek to exploit network based operating systems and applications, with the goal of compromising their target node. - -Physical security had always been a much simpler business, with most focus on the secure access of the data center hardware. -In-turn security was built up in layers (defense in depth) where machines would be daisy chained with network cables via security appliances to provide controlled segmentation and isolation. This form of security was built upon the principle of an ‘air gap’ being present, whereby machines were separate physical units, joined largely by the network stack. - -With the advent of virtualization (namely the hypervisor), new attack vectors have surfaced as the ‘air-gap’ is no longer key design aspect for security. Further to this elements orchestation nodes and network controllers lead to an even wider attack surface: +Pre-virtualization security protection was largely centered on the network. +Malicious attacks from hostile machines, would seek to exploit network based +operating systems and applications, with the goal of compromising their +target node. + +Physical security had always been a much simpler business, with most focus on +the secure access of the data center hardware. +In-turn security was built up in layers (defense in depth) where machines +would be +daisy chained with network cables via security appliances to provide +controlled segmentation and isolation. +This form of security was built upon the principle of an 'air gap' +being present, +whereby machines were separate physical units, joined largely by the +network stack. + +With the advent of virtualization (namely the hypervisor), new attack +vectors have +surfaced as the 'air-gap' is no longer key design aspect for security. +Further to this elements orchestation nodes and network controllers +lead to an even wider attack surface: * Guests breaking isolation of the hypervisor. * Unauthorized access and control of supporting orchestration nodes. -* Unauthorized access and control of supporting overlay network control systems. +* Unauthorized access and control of supporting overlay network control systems. -The hypervisor and the overlay network have now become the ‘Achilles heel’ whereby all tenant data isolation is enforced within the hypervisor and its abstraction of hardware and the virtualized overlay network. +The hypervisor and the overlay network have now become the 'Achilles heel' +whereby all tenant data isolation is enforced within the hypervisor and its +abstraction +of hardware and the virtualized overlay network. -This guide has been formulated, in order to assist users of the OPNFV platform in securing an Telco NFV / SDN environment.
\ No newline at end of file +This guide has been formulated, in order to assist users of the OPNFV platform +in securing an Telco NFV / SDN environment. diff --git a/docs/opnfvsecguide/network.rst b/docs/opnfvsecguide/network.rst index 614e3c333..b1744796c 100644 --- a/docs/opnfvsecguide/network.rst +++ b/docs/opnfvsecguide/network.rst @@ -5,4 +5,4 @@ Network Security .. toctree:: :maxdepth: 2 - network/neutron
\ No newline at end of file + network/neutron diff --git a/docs/opnfvsecguide/network/neutron.rst b/docs/opnfvsecguide/network/neutron.rst index 6eba4e3e1..e7ca06075 100644 --- a/docs/opnfvsecguide/network/neutron.rst +++ b/docs/opnfvsecguide/network/neutron.rst @@ -1,2 +1,2 @@ Neutron Security -----------------
\ No newline at end of file +---------------- |