{"id":10877,"date":"2015-10-29T17:03:08","date_gmt":"2015-10-29T14:03:08","guid":{"rendered":"http:\/\/www.altoros.com\/blog\/?p=10877"},"modified":"2018-06-22T14:48:38","modified_gmt":"2018-06-22T11:48:38","slug":"cloud-foundry-security-overview","status":"publish","type":"post","link":"https:\/\/www.altoros.com\/blog\/cloud-foundry-security-overview\/","title":{"rendered":"Cloud Foundry Security Overview"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_79_2 counter-hierarchy ez-toc-counter ez-toc-transparent ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/www.altoros.com\/blog\/cloud-foundry-security-overview\/#Security_principles\" >Security principles<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/www.altoros.com\/blog\/cloud-foundry-security-overview\/#Cloud_Foundry_and_the_outside_world\" >Cloud Foundry and the outside world<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/www.altoros.com\/blog\/cloud-foundry-security-overview\/#Network_traffic_rules\" >Network traffic rules<\/a><\/li><\/ul><\/nav><\/div>\n<h3><span class=\"ez-toc-section\" id=\"Security_principles\"><\/span>Security principles<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Setting access controls and isolating user applications and data are the core security principles of Cloud Foundry.<\/p>\n<p>To eliminate security risks, Cloud Foundry:<\/p>\n<ul>\n<li style=\"margin-bottom: 12px;\"><strong>Implements role-based access control<\/strong><\/li>\n<p>System access is restricted to authorized users. A user can have one or more roles giving permissions in an org and within specific spaces in that org.<\/p>\n<li style=\"margin-bottom: 12px;\"><strong>Secures application artifacts<\/strong><\/li>\n<p>In addition to a RBAC approach, Cloud Foundry isolates applications with containers, stores application configuration\u2014environment variables and service credentials\u2014in an encrypted database table, and works with network traffic rules. For more information, go to <a href=\"https:\/\/docs.cloudfoundry.org\/concepts\/security.html#app-artifacts\" target=\"_blank\">CF Docs<\/a>. <\/p>\n<li style=\"margin-bottom: 12px;\"><strong>Ensures security for service broker integration<\/strong><\/li>\n<p>The platform authenticates all requests with a service broker when making API calls and rejects broker registrations that do not have a username and password. It is also possible to connect to a broker using SSL.<\/p>\n<li style=\"margin-bottom: 12px;\"><strong>Provides an audit trail<\/strong><\/li>\n<p>The records are available for Cloud Foundry components, applications, and BOSH.\n<\/ul>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Cloud_Foundry_and_the_outside_world\"><\/span>Cloud Foundry and the outside world<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>When the PaaS components run on virtual machines within a VLAN, the resources visible for external networks are:<\/p>\n<ul>\n<li>Load balancer<\/li>\n<li>NAT (optionally)<\/li>\n<li>Jumpbox (optionally)<\/li>\n<\/ul>\n<p>&nbsp;<br \/>\n<a href=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2015\/10\/cloud-foundry-system-boundaries.png\"><img decoding=\"async\" src=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2015\/10\/cloud-foundry-system-boundaries-1024x592.png\" alt=\"cloud-foundry-system-boundaries\" width=\"640\" class=\"aligncenter size-large wp-image-10886\" \/><\/a><br \/>\n&nbsp;<br \/>\nIn this schema, the platform communication with the outside world happens through a load balancer passing requests to the Cloud Foundry Router(s) so that the application execution component is not exposed.<br \/>\n&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Network_traffic_rules\"><\/span>Network traffic rules<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>On the component VMs, Cloud Foundry uses Linux iptables. It is possible to configure network traffic rules to:<\/p>\n<ul>\n<li>prevent system access from external networks<\/li>\n<li>control outbound traffic from applications<\/li>\n<li>prohibit communication between system components and applications<\/li>\n<\/ul>\n<p>&nbsp;<br \/>\n<a href=\"https:\/\/docs.cloudfoundry.org\/concepts\/security.html\" target=\"_blank\">Cloud Foundry Docs<\/a> provide a detailed security overview.<br \/>\n<div id=\"\" class=\"clearfix padded-panel\"><div class=\"details-box-wrapper\" style=\"\/* background-image:url(http:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2015\/04\/cf-after-dark-apache-brooklyn.gif); *\/\"><div class=\"details-box-overlay details-box-overlay-a\"><\/div><div class=\"details-box\"><div class=\"section-title\">Altoros Take<\/div><div class=\"details-wrapper\"><div class=\"detail-item\"><div class=\"take\"><span>\n<p>Interested in exploring Cloud Foundry security further? Dive into the details with our blog post series:<\/p>\n<ul>\n<li><a href=\"https:\/\/www.altoros.com\/blog\/cloud-foundry-security-do-containers-contain\/\">Cloud Foundry Security: Do Containers Contain?<\/a><\/li>\n<\/ul>\n<\/span><\/div><\/div><\/div><\/div><\/div><\/div>\n","protected":false},"excerpt":{"rendered":"<p>Security principles<\/p>\n<p>Setting access controls and isolating user applications and data are the core security principles of Cloud Foundry.<\/p>\n<p>To eliminate security risks, Cloud Foundry:<\/p>\n<p>Implements role-based access control<\/p>\n<p>System access is restricted to authorized users. A user can have one or more roles giving permissions in an org and within specific spaces in [&#8230;]<\/p>\n","protected":false},"author":24,"featured_media":11918,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"content-type":"","footnotes":"","_links_to":"","_links_to_target":""},"categories":[214],"tags":[873,206],"class_list":["post-10877","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-tutorials","tag-cloud-native","tag-oss-cloud-foundry"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.6 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Cloud Foundry Security Overview | Altoros<\/title>\n<meta name=\"description\" content=\"The article explains how applications running on Cloud Foundry are secured from risks.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.altoros.com\/blog\/cloud-foundry-security-overview\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Cloud Foundry Security Overview | Altoros\" \/>\n<meta property=\"og:description\" content=\"The article explains how applications running on Cloud Foundry are secured from risks.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.altoros.com\/blog\/cloud-foundry-security-overview\/\" \/>\n<meta property=\"og:site_name\" content=\"Altoros\" \/>\n<meta property=\"article:published_time\" content=\"2015-10-29T14:03:08+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2018-06-22T11:48:38+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2015\/10\/security-in-cloud-foundry.gif\" \/>\n\t<meta property=\"og:image:width\" content=\"700\" \/>\n\t<meta property=\"og:image:height\" content=\"525\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/gif\" \/>\n<meta name=\"author\" content=\"Victoria Fedzkovich\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Victoria Fedzkovich\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.altoros.com\/blog\/cloud-foundry-security-overview\/\",\"url\":\"https:\/\/www.altoros.com\/blog\/cloud-foundry-security-overview\/\",\"name\":\"Cloud Foundry Security Overview | Altoros\",\"isPartOf\":{\"@id\":\"https:\/\/www.altoros.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.altoros.com\/blog\/cloud-foundry-security-overview\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.altoros.com\/blog\/cloud-foundry-security-overview\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2015\/10\/security-in-cloud-foundry.gif\",\"datePublished\":\"2015-10-29T14:03:08+00:00\",\"dateModified\":\"2018-06-22T11:48:38+00:00\",\"author\":{\"@id\":\"https:\/\/www.altoros.com\/blog\/#\/schema\/person\/c7b416b09612e334a4e0184568906c36\"},\"description\":\"The article explains how applications running on Cloud Foundry are secured from risks.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.altoros.com\/blog\/cloud-foundry-security-overview\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.altoros.com\/blog\/cloud-foundry-security-overview\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.altoros.com\/blog\/cloud-foundry-security-overview\/#primaryimage\",\"url\":\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2015\/10\/security-in-cloud-foundry.gif\",\"contentUrl\":\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2015\/10\/security-in-cloud-foundry.gif\",\"width\":700,\"height\":525},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.altoros.com\/blog\/cloud-foundry-security-overview\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.altoros.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Cloud Foundry Security Overview\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.altoros.com\/blog\/#website\",\"url\":\"https:\/\/www.altoros.com\/blog\/\",\"name\":\"Altoros\",\"description\":\"Insight\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.altoros.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.altoros.com\/blog\/#\/schema\/person\/c7b416b09612e334a4e0184568906c36\",\"name\":\"Victoria Fedzkovich\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.altoros.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2016\/03\/author-v-f-150x150.jpg\",\"contentUrl\":\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2016\/03\/author-v-f-150x150.jpg\",\"caption\":\"Victoria Fedzkovich\"},\"description\":\"Victoria Fedzkovich strives for effective technical communication at Altoros. As a professional with 7+ years of experience in technical and scientific writing, she creates content for user guides, manuals, white papers, and technical overviews. Victoria is currently focused on the Cloud Foundry ecosystem and IoT solutions.\",\"url\":\"https:\/\/www.altoros.com\/blog\/author\/viktoryia-fedzkovich\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Cloud Foundry Security Overview | Altoros","description":"The article explains how applications running on Cloud Foundry are secured from risks.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.altoros.com\/blog\/cloud-foundry-security-overview\/","og_locale":"en_US","og_type":"article","og_title":"Cloud Foundry Security Overview | Altoros","og_description":"The article explains how applications running on Cloud Foundry are secured from risks.","og_url":"https:\/\/www.altoros.com\/blog\/cloud-foundry-security-overview\/","og_site_name":"Altoros","article_published_time":"2015-10-29T14:03:08+00:00","article_modified_time":"2018-06-22T11:48:38+00:00","og_image":[{"width":700,"height":525,"url":"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2015\/10\/security-in-cloud-foundry.gif","type":"image\/gif"}],"author":"Victoria Fedzkovich","twitter_misc":{"Written by":"Victoria Fedzkovich","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.altoros.com\/blog\/cloud-foundry-security-overview\/","url":"https:\/\/www.altoros.com\/blog\/cloud-foundry-security-overview\/","name":"Cloud Foundry Security Overview | Altoros","isPartOf":{"@id":"https:\/\/www.altoros.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.altoros.com\/blog\/cloud-foundry-security-overview\/#primaryimage"},"image":{"@id":"https:\/\/www.altoros.com\/blog\/cloud-foundry-security-overview\/#primaryimage"},"thumbnailUrl":"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2015\/10\/security-in-cloud-foundry.gif","datePublished":"2015-10-29T14:03:08+00:00","dateModified":"2018-06-22T11:48:38+00:00","author":{"@id":"https:\/\/www.altoros.com\/blog\/#\/schema\/person\/c7b416b09612e334a4e0184568906c36"},"description":"The article explains how applications running on Cloud Foundry are secured from risks.","breadcrumb":{"@id":"https:\/\/www.altoros.com\/blog\/cloud-foundry-security-overview\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.altoros.com\/blog\/cloud-foundry-security-overview\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.altoros.com\/blog\/cloud-foundry-security-overview\/#primaryimage","url":"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2015\/10\/security-in-cloud-foundry.gif","contentUrl":"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2015\/10\/security-in-cloud-foundry.gif","width":700,"height":525},{"@type":"BreadcrumbList","@id":"https:\/\/www.altoros.com\/blog\/cloud-foundry-security-overview\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.altoros.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Cloud Foundry Security Overview"}]},{"@type":"WebSite","@id":"https:\/\/www.altoros.com\/blog\/#website","url":"https:\/\/www.altoros.com\/blog\/","name":"Altoros","description":"Insight","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.altoros.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.altoros.com\/blog\/#\/schema\/person\/c7b416b09612e334a4e0184568906c36","name":"Victoria Fedzkovich","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.altoros.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2016\/03\/author-v-f-150x150.jpg","contentUrl":"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2016\/03\/author-v-f-150x150.jpg","caption":"Victoria Fedzkovich"},"description":"Victoria Fedzkovich strives for effective technical communication at Altoros. As a professional with 7+ years of experience in technical and scientific writing, she creates content for user guides, manuals, white papers, and technical overviews. Victoria is currently focused on the Cloud Foundry ecosystem and IoT solutions.","url":"https:\/\/www.altoros.com\/blog\/author\/viktoryia-fedzkovich\/"}]}},"_links":{"self":[{"href":"https:\/\/www.altoros.com\/blog\/wp-json\/wp\/v2\/posts\/10877","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.altoros.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.altoros.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.altoros.com\/blog\/wp-json\/wp\/v2\/users\/24"}],"replies":[{"embeddable":true,"href":"https:\/\/www.altoros.com\/blog\/wp-json\/wp\/v2\/comments?post=10877"}],"version-history":[{"count":6,"href":"https:\/\/www.altoros.com\/blog\/wp-json\/wp\/v2\/posts\/10877\/revisions"}],"predecessor-version":[{"id":34276,"href":"https:\/\/www.altoros.com\/blog\/wp-json\/wp\/v2\/posts\/10877\/revisions\/34276"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.altoros.com\/blog\/wp-json\/wp\/v2\/media\/11918"}],"wp:attachment":[{"href":"https:\/\/www.altoros.com\/blog\/wp-json\/wp\/v2\/media?parent=10877"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.altoros.com\/blog\/wp-json\/wp\/v2\/categories?post=10877"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.altoros.com\/blog\/wp-json\/wp\/v2\/tags?post=10877"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}