Download - Cloud Security Alliance
Download - Cloud Security Alliance
Download - Cloud Security Alliance
- No tags were found...
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
CLOUD SECURITY ALLIANCE SecaaS Implementation Guidance, Category 6: Intrusion ManagementFigure 6: Usage of VMM module to conduct external inspectionCentral policies for certain types of VM groups are defined (DMZ, Web, PCI DSS, etc.). A controller modulewithin the VMM kernel can intercept traffic and either send it out to an external IPS appliance or “route” itthrough a virtual appliance.Advantage:Interception of VM-VM communicationCan offload traffic to a powerful external IPS infrastructurePolicy driven inspection that can follow moving VMsDisadvantage:Most critical enforcement component (interception controller) lies within the hypervisor, thus integrityis criticalCaution:Scalability© Copyright 2012, <strong>Cloud</strong> <strong>Security</strong> <strong>Alliance</strong>. All rights reserved. 30