Securing the External Interfaces of a Federated Infrastructure Cloud INTRODUCTION Large infrastructure clouds such as Amazon EC2 (Amazon, 2011) are becoming increasingly popular. Such clouds rely on a large shared and scalable infrastructure that is accessible through the public internet to a large customer base. Many different types of applications are being deployed on such infrastructure clouds. They range from enterprise applications from multiple domains such as publishing (New York Times, 2008) down to distributed file systems (Hendrickson, 2008). Many successful cloud projects have been initiated individually within companies and cor- porations. These successes have raised questions about the generalized usage of cloud computing within companies and corporations. One of the main issues that have been debated is the security risks that are faced when deploying applications on shared infrastructure clouds. Several studies or internal threats. The main external threats are linked to man-in-the-middle, TCP hijacking (spoofing), malicious service manifest, identity theft/impersonation, false migration and security policies, denial of service (DoS or Distributed DoS), flooding, buffer overflow and peer to peer attacks. Internal infrastructure cloud threats are related to runtime isolation, network isolation and storage isolation. This chapter explains how to secure the external interfaces of a federated infrastructure cloud using open source components. It explains how to install the security services for securing the external API of a federated infrastructure cloud. This chapter assumes that the federated infrastructure cloud implements the RESERVOIR architecture API (Rochwerger, et al., 2009). The RESERVOIR architecture (Rochwerger, et al., 2009) is used as a reference for federated clouds. The architecture introduces a virtualized infrastructure layer on