We all know Cinder provides the awesome ability to attach block storage to our Nova instances but how secure is the data we place on these volumes? Join us as we explore the potential security vulnerabilities in using unencrypted Cinder storage and setup a live OpenStack environment to utilize block device level encryption. Participants will learn the history of Linux encryption methods and how Cinder can utilize these methods to securely write data to block volumes. All participants will receive a live OpenStack environment and step-by-step instruction on the Linux packages and OpenStack configuration files necessary to implement a secure Cinder infrastructure. After completing the workshop, participants walk away with peace of mind when faced with the possibility of bare-metal attacks on their OpenStack environment!
Attendees will first learn the history of Linux encryption methods including filesystem and block device level encryption. Attendees will then explore the potential security vulnerabilities of using unencrypted Cinder storage and how one can easily configure Cinder to utilize dm-crypt and the Linux Unified Key Setup-on-disk-format (LUKS) for block device level encryption. Participants will not only setup Cinder with encryption, but create both encrypted and unencrypted volumes, attach these volumes to Nova instances, and even replicate a real-world bare-metal attack by attempting to recover OpenStack user data!