Hi, I want to propose an idea of investigation of policy violations (for white-list policies defined by GBP) by, for instance, redirecting the violating sessions to a HoneyPot. Meaning, that if the only communication between Group A and Group B is by port 80 (as described in the GPB) then an access to port 22 from Group A to Group B will be redirected to and answered by a HoneyPot that will investigate the real reason for policy violation, or simply log and drop the violating connection attempt.
In tightly defined policies world as achieved through GBP an attacker trying to propagate inside the network is more likely to hit a wall and then actually create a "golden lead" for his detection. Do you think this concept can/should to be part of GBP and what would be the best way to promote it (sorry, I am pretty new to OpenStack and GBP specifically). Thanks, Ariel
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
