Video recording and post production done by OpenStack Foundation.
In the Juno summit, Symantec presented it's perspective on securing Keystone. Security is really a mindset and process. We proposed a layered security approach starting with the process for securing Keystone architecture, followed by securing the environment where Keystone is deployed and configured. Since then we have been implementing those security measures in our production environment. In this talk, we will discuss exactly how we have made our Keystone deployment secure and what we have learnt along the way.
Specifically, we will cover:
Keystone's LDAP capabilities
User account management
Two factor authentication
How to avoid storing plaintext password in configuration files?
Generic guidelines on how to secure OpenStack endpoints
Autonomous authentication using Trusts
How to secure Keystone event notifications?
Keystone Intrusion Detection