Transcript Slide 1

Securing a Virtualized
Environment
Stefano Alei
Senior Systems Engineer
Agenda
• Security
Trends
• Fundamentals
• Security
on Security
in a Virtualized Environment
• Best
Practices for Securing Virtual
Machines
• Benefit
of the VMware Solutions
Agenda
• Security
Trends
• Fundamentals
• Security
on Security
in a Virtualized Environment
• Best
Practices for Securing Virtual
Machines
• Benefit
of the VMware Solutions
Security Trends
IBM Source - January 2007
http://www.sans.org/resources/10_security_trends.pdf
The Ten Most Important Security Trends
•
Mobile Devices
1.
2.
•
Government Action
3.
•
Laptop encryption will be made mandatory at many government
agencies and other organizations that store customer/patient
data and will be preinstalled on new equipment.
Theft of PDA smart phones will grow significantly.
Congress and state governments will pass more legislation
governing the protection of customer information
Attacks Targets
4.
5.
6.
Targeted attacks will be more prevalent, in particular on
government agencies.
Cell phone worms will infect at least 100,000 phones, jumping
from phone to phone over wireless data networks.
Voice over IP (VoIP) systems will be the target of cyber attacks.
SANS Source - Year 2006
http://www.sans.org/resources/10_security_trends.pdf
The Ten Most Important Security Trends
•
•
Attack Techniques
7.
Spyware will continue to be a huge and growing issue.
8.
0-day vulnerabilities will result in major outbreaks resulting in
many thousands of PCs being infected worldwide
9.
The majority of bots will be bundled with rootkits.
Defense Actions
10. Network
Access Control will become common and will
grow in sophistication. As defending laptops becomes
increasingly difficult, large organizations will try to
protect their internal networks and users by testing
computers that want to connect to the internal network.
SANS Source - Year 2006
http://www.sans.org/resources/10_security_trends.pdf
Agenda
• Security
Trends
• Fundamentals
• Security
on Security
in a Virtualized Environment
• Best
Practices for Securing Virtual
Machines
• Benefit
of the VMware Solutions
The C.I.A. Triad
Availability
Security
Objectives
Confidentiality
Integrity
Security Threats
An Integrated Approach
Physical Controls
Facility protection, security guards,
locks, monitoring, intrusion detection
Technical Controls
Access control, encryption, security devices,
identification and authentication
Administrative Controls
Polices, standars, guidelines, securityawareness training, screening personnel,
Company Data
and Assets
Administrative, technical, and physical controls should work
in a integrated manner to protect a company’s assets.
An Integrated Approach
Security must be an integral part
of the company policy. Lack of
planning and a lack of proper
processes or procedures are the
main reasons leading to problems !
An Integrated Approach
• Security
• Access
Managements Practices
Controls
• Telecommunications
and Networks
• Cryptography
• Security Architecture
• Operation
Security
• Applications
• Business
• Physical
and System Development
Continuity and Disaster Recovery
Security
Security Managements Practices
Security Managements Practices
•
Security Policy Implementation
•Security
Policy
•Standards
•Baseline
•Procedures
•
Roles and Responsability
•
Risk Management
•
Security Awareness
Security Trends
Access Controls
•
DoS / DDoS
• Backdoor
• Spoofing
• Man-in-the-Middle
• Replay
• TCP Hijacking
• Social Engineering
• Dumpster Diving
• Brute Force
• Dictionary Attack
•
•
•
•
Software Exploitation
Trojan
Virus
System Scanning
Security Managements Practices
Telecommunications and Network
•
Protocols
• Firewall
• IDS / IPS
• Wireless
• VoIP
•
Network Attacks and Abuse
•Logon
abuse
•Eavesdropping
•Network Intrusion
•Sessions Hijacking
•Fragmentation Attacks
Security Managements Practices
• Cryptography
•
•
•
Symmetric
Asymmetric
Public Key Infrastructres
Julius Caesar
Security Trends
Cryptography
•
Symmetric
• Asymmetric
• Spoofing
• Man-in-the-Middle
• Replay
• TCP Hijacking
• Social Engineering
• Dumpster Diving
• Brute Force
• Dictionary Attack
•
•
•
•
Software Exploitation
Trojan
Virus
System Scanning
Agenda
• Security
Trends
• Fundamentals
• Security
on Security
in a Virtualized Environment
• Best
Practices for Securing Virtual
Machines
• Benefit
of the VMware Solutions
A Virtualized Environment
A New Architecture
More Flexible
•
Easier to deploy VMs and Virtual Appliances
More Powerful
•
Easier to setup a server, configured as you need
Excellent for quick setup of an
application through Virtual Appliances
Potential Security Issues
A New Architecture
•
You have to face new potential security threats (VM Mobility; VM
tampering; patching; communications channels; etc.)
• Hypervisor layer is the equivalent of a new OS;
• Potential for server sprawl (VM creation);
• Unprecedented mobility (VMotion, etc);
More Flexible
•
Easier to lose control
More Powerful
•
Easier to overlook some actions that could become dangerous
Excellent for quick setup of an appliance
thought Virtual Appliances
•
You have to face the potential security threats related to VAs
Agenda
• Security
Trends
• Fundamentals
• Security
on Security
in a Virtualized Environment
• Best
Practices for Securing Virtual
Machines
• Benefit
of the VMware Solutions
Security Best Practices
VM Security During Planning,
Installation and Configuration
Security Best Practices
Virtual or physical, organizations
need to pay attention to security, and
the fact that infrastructure is virtual
doesn't make it inherently less
secure
Security Best Practices
Keep the host OS thin and hardened (Gartner)
•
Bare-metal solution
•
~1000 times less code than a regular OS
•
Favor hypervisor-based systems
•
Favor implementations in which the hypervisor is
stored in firmware (VMvisor)
•
Hypervisor and VMM provider must be able to
support any hardware-based capabilities of the
processor to prevent execution of code from areas of
memory marked for data usage (NX/XD flag)
Security Best Practices
Use processors that natively support
virtualization (Gartner)
•
VMware support it… but for performance reasons, not
specifically for security
•
Virtualization theory states that virtualization does not
enable anything that was not already possible with a
physical machine.
Security Best Practices
Protect from resource Denial of Service
•
Advanced Resource Management support of
VI3 address exactly this potential threat
Enforce the principle of least privilege
•
By default, two VMs should never directly
communicate with each other (including disk
blocks or LAN resources) unless explicitly
permitted
•
Transparent Memory Sharing, even if useful for
resource optimization, can be disabled if
security reason require to do that
Security Best Practices
Be Wary of SW-Based Security “Appliances"
•
Virtual Appliances are a new flexible and powerful tools
in your hands.
•
Always be careful when something is installed in your
infrastructure. Do the same with virtual appliances !
Avoid shared IP addresses
•
In VMware ESX is the only way to setup IP addressing
Plan for dynamic IP addresses
•
VMware products never change the VM's IP or MAC
address unless the user explicitly reconfigures it.
VMotioned VMs retain their same IP and MAC as well
Security Best Practices
Plan for portable security protection
•
The port group feature of VMware ESX Server provides
the capability mentioned, namely, the ability to
dynamically apply networking security policy as VMs
migrate.
Don't use internal VLAN capabilities as the
sole means of separating workloads of
different trust levels.
•
This might be a valid recommendation for certain
virtualization platforms, and certainly can be
implemented easily on VMware Infrastructure
Security Best Practices
VM Vulnerability and
Configuration Management
Security Best Practices
Lock down and configure each VM as
appropriate to the organization's standard
guidelines for the OS being hosted
•
Most security vulnerabilities occur through human error
— misadministration and mismanagement — and VMs
will be no exception
Baseline the correct virtual server configuration
All partitions must be patched
•
VMware is actively working about patching offline
images
•
Keep the host OS and all guest OS partitions patched
Security Best Practices
Lock down and configure each VM as
appropriate to the organization's standard
guidelines for the OS being hosted
•
Most security vulnerabilities occur through human error
— misadministration and mismanagement — and VMs
will be no exception
Baseline the correct virtual server configuration
All partitions must be patched
•
VMware is actively working about patching offline
images
•
Keep the host OS and all guest OS partitions patched
Security Best Practices
Regularly scan all partitions for vulnerabilities
Regularly scan for correct VMM and VM
configuration.
Don't overlook VM and application appliances
Deactivate hyperthreading for guest OSs
Security Best Practices
VM Intrusion Prevention
Security Best Practices
Plan for a network firewall or an additional VM-based
IPS protection if needed
•
VMware virtual machines communicate with each via a
network switch, just as with any physical server, so there is
no reason for increased rate of infection
Keep signatures, filters and rules updated for offline
VMs
•
VMware is actively working about patching offline images
Protect invisible internal network traffic
•
place a "network-based IPS" inside of the server (a hostbased network IPS that monitors internal virtual network
traffic) to inspect this traffic
Security Best Practices
• Alarm
on incorrect network configuration or
information flows
•
Hashing to detect on configuration files changes
• Protect
•
VM images
Strict access control to protect VM images
• Protect
online and offline VM configuration
and policy files.
•
Implement forbidding MAC address changes by the
guest and rejecting forged MAC address transmission
• Detect
(and potentially block) unauthorized
VM management sessions.
Security Best Practices
Identity and Access Management
Security Best Practices
Don’t let one person managing all the
devices
• Enforce Separation of Duties (SOD)

SOD makes sure that one individual cannot complete a
critical task by himself.
Avoid the same person can manage the
hosts and the Virtual Machine
Use Role Based Access Control
•
RBAC is the model used in Virtual Center
Security Best Practices
Minimize per-VM administrative accounts.
•
It’s difficult to control and audit permission if
sprawled
•
Perform periodical permission review
•
Take extreme care of “root” privileges
Perform regularly auditing
•
Analyze and protect log files
•
Use correlation tools and clipping level
•
Implement x VM life-cycle management
Security Best Practices
Network Access Control
Security Best Practices
Network Access Control grants access to
enterprise network resources is granted
based upon authentication of the user and
device as well as only if compliat with policy
Security Best Practices
Modify the organization's NAC process and
technologies to control VM access to the
network
•
Very difficult to apply for NAT based VMs
•
No solution available on the market for NAT based VMs
•
NAC technology can be fooled of MAC/IP moving

Not happen in VMware infrastructure
Ensure VMs (and VMMs) that connect conform
to policy
•
Favor VM creation using proved templates
Security Best Practices
Don’t let one person managing all the
devices
• Enforce Separation of Duties (SOD)

SOD makes sure that one individual cannot complete a
critical task by himself.
Avoid the same person can manage the
hosts and the Virtual Machine
Use Role Based Access Control
•
RBAC is the model used in Virtual Center
Security Best Practices
Business Continuity and
Disaster Recovery
Security Best Practices
Disaster Recovery try to minimize the effects of
a disaster and take the necessary steps to
ensure that the resources, personnel, and
business processes are able to resume
operation in a timely manner
VMware virtualized environment improve greatly
the Disaster Recovery implementation
Security Best Practices
Business Continuity planning, provides methods
and procedures for dealing with longer-term
outages and disasters
•
A disaster recovery plan is carried out when everything is still in
emergency mode
•
A business continuity plan (BCP) takes a broader approach to the
problem
Security Best Practices
Avoid any “technically” single point of failure
•
Leverage HA functionality
•
Implement DRS solution to avoid resource intensive
workload degrade the performance of single servers
•
Implement VCB solution to have information backups ready
Plan properly for dangerous events
•
Natural Disaster (flooding, earthquakes, hurricanes, fire etc.)
•
Power Failure (VMware is a Green Grid member)
•
Human behaviors (terrorist attacks, strikes, errors, theft etc)
Q&A