diff options
| author |   Stuart Mackie <wsmackie@juniper.net> | 2017-09-14 23:26:31 -0700 |
|---|---|---|
| committer | Stuart Mackie <wsmackie@juniper.net> | 2017-09-14 23:26:31 -0700 |
| commit | fd876b7dbc7d517a706b22e52bf6f0e8f79a0b4b (patch) | |
| tree | 996858dd4abe0221f8f9d54a2aeeb4ffb9971b8e /docs/development/opnfvsecguide/introduction | |
| parent | fce102283bab73ed08c292fce03e39c52f4a1fe2 (diff) | |
Docs
Change-Id: Iea3001f8414267f1535353f28d30d45daf9a3e66
Signed-off-by: Stuart Mackie <wsmackie@juniper.net>
Diffstat (limited to 'docs/development/opnfvsecguide/introduction')
| -rw-r--r-- | docs/development/opnfvsecguide/introduction/acknowledgements.rst | 3 | ||||
| -rw-r--r-- | docs/development/opnfvsecguide/introduction/background.rst | 38 |
2 files changed, 0 insertions, 41 deletions
diff --git a/docs/development/opnfvsecguide/introduction/acknowledgements.rst b/docs/development/opnfvsecguide/introduction/acknowledgements.rst deleted file mode 100644 index 60c687d..0000000 --- a/docs/development/opnfvsecguide/introduction/acknowledgements.rst +++ /dev/null @@ -1,3 +0,0 @@ -Acknowledgements ----------------- - diff --git a/docs/development/opnfvsecguide/introduction/background.rst b/docs/development/opnfvsecguide/introduction/background.rst deleted file mode 100644 index bd7e44d..0000000 --- a/docs/development/opnfvsecguide/introduction/background.rst +++ /dev/null @@ -1,38 +0,0 @@ -Background ----------- - -Pre-virtualization security protection was largely centered on the network. -Malicious attacks from hostile machines, would seek to exploit network based -operating systems and applications, with the goal of compromising their -target node. - -Physical security had always been a much simpler business, with most focus on -the secure access of the data center hardware. -In-turn security was built up in layers (defense in depth) where machines -would be -daisy chained with network cables via security appliances to provide -controlled segmentation and isolation. -This form of security was built upon the principle of an 'air gap' -being present, -whereby machines were separate physical units, joined largely by the -network stack. - -With the advent of virtualization (namely the hypervisor), new attack -vectors have -surfaced as the 'air-gap' is no longer key design aspect for security. -Further to this elements orchestation nodes and network controllers -lead to an even wider attack surface: - -* Guests breaking isolation of the hypervisor. - -* Unauthorized access and control of supporting orchestration nodes. - -* Unauthorized access and control of supporting overlay network control systems. - -The hypervisor and the overlay network have now become the 'Achilles heel' -whereby all tenant data isolation is enforced within the hypervisor and its -abstraction -of hardware and the virtualized overlay network. - -This guide has been formulated, in order to assist users of the OPNFV platform -in securing an Telco NFV / SDN environment. |