Fastdot’s Cloud VPS platform based on OnApp KVM Cloud features multi-layered cloud security firewalls. In addition to KVM hypervisor node security features, we implement a Customer Isolation Module on hypervisor servers. This anti-spoof / anti-sniff Cloud VPS firewall technology ensures that only authorized traffic is sent to/from virtual machines (KVM VM’s) keeping your mission-critical data and applications safer from malicious attacks.
Fastdot’s OnApp Cloud has a multi-layered security model. It enables us and our customers to customize security measures at the network and virtual machine layer.
Generally speaking, IP spoofing is a technique of generating IP packets with a source address that belongs to someone else. Spoofing creates a danger when Cloud hosts on the LAN permit access to their resources and services to trusted hosts by checking the source IP of the packets. Using spoofing, an intruder can fake the source address of his packets and make them look like they originated on the trusted Cloud hosts.
The basic idea of anti-spoofing protection is to create a firewall rule assigned to the external interface of the firewall that examines source address of all packets crossing that interface coming from outside. If the address belongs to the internal network or the firewall itself, the packet is dropped.
State of Cloud Security Infographic
Preventing data loss was stated as the main security concern overall, with 71% of respondents identifying it as one of their top three security concerns. However, preventing outages, rated second with 64%, was cited most often as the top issue, bearing out the fundamental role that ICT plays in business processes today.
Large companies were much more concerned about keeping security up to date (69%) and meeting regulatory requirements (67%) than small and medium-sized companies. To help reduce security concerns overall, cloud providers need to clearly communicate their practices for maintaining a secure cloud.
Customer Isolation Module (CIM)
Fastdot’s OnApp Cloud Customer Isolation Module has three main functions:
- Secure VLAN sharing: CIM enables secure sharing of VLANs among multiple virtual machines, managing multiple VLANs in the cloud and their assigned IPs
- Private VLANs: with CIM client isolation, every user is secure in their own section of the cloud. OnApp gives you the security of a private VLAN system with less overhead.
- CIM firewall: CIM provides an additional layer of firewall security on hypervisors.
Four level firewall security
Fastdot’s Cloud has four layers of firewall protection. This includes firewalls on the network, firewalls on hypervisors and firewalls on individual virtual machines.
- Network/infrastructure firewalls: hardware firewalls built into our infrastructure
- Hypervisor firewalls: OnApp makes full use of firewalling and other security features built into supported hypervisor platforms to maintain complete isolation of virtual machines and their data.
- CIM firewalls: OnApp also features proprietary firewall technology built into hypervisors as part of the CIM module. This provides additional anti-spoofing and anti-sniffing protection to ensure VMs cannot interact with other VMs’ data, except where explicitly allowed. The firewall examine packets entering and leaving virtual machines, blocks any that do not meet rules set by the Fastdot OnApp Controller server.
- Virtual machine firewalls: the final layer is an end-user firewall that is configurable on each individual virtual machine. Each VM can be configured to accept or drop traffic from specified IPs.
This is just another effort from Fastdot KVM Hosting to mitigate the common Cloud security threats that exist in today’s Cloud VPS infrastructure.