sense of security - securing virtualised environments; focus on the fundamentals
DESCRIPTION
Virtualisation of ICT infrastructure has been one of the more recent strategies to achieve substantial technical and commercial gains from your technology investment; organisations of all sizes are either evaluating it or using it! So what’s the catch? Put simply, the principles of information security are regularly overlooked during the planning and deployment stages of a virtualisation program. This webinar will explore some of the security risks that organisations inadvertently expose there businesses to when deploying virtualised infrastructure. Furthermore the presenter will discuss the fundamentals of information security, and importantly how to apply these fundamentals in a virtualised environment to manage risk and protect critical information assets.TRANSCRIPT
www.senseofsecurity.com.au1 Tuesday, August 31, 2010
Sense of Security Pty Ltd
(ABN 14 098 237 908)
306, 66 King St
Sydney NSW 2000
Australia
Tel: +61 (0)2 9290 4444
Fax: +61 (0)2 9290 4455
Securing Virtualised
Environments
-
Focus on the FundamentalsJul 2010
www.senseofsecurity.com.au2 Tuesday, August 31, 2010
Agenda
• Why people love Virtualisation
• What to look out for
• Identify security weaknesses
• Be prepared
• Conclusion
www.senseofsecurity.com.au3 Tuesday, August 31, 2010
Virtualization Benefits
www.senseofsecurity.com.au4 Tuesday, August 31, 2010
The problem
www.senseofsecurity.com.au5 Tuesday, August 31, 2010
The dream
www.senseofsecurity.com.au6 Tuesday, August 31, 2010
The solution? A virtualisation Project?
Virtualisatio
n
www.senseofsecurity.com.au7 Tuesday, August 31, 2010
Follow me
www.senseofsecurity.com.au8 Tuesday, August 31, 2010
Riding the Virtualisation Silver Bullet
www.senseofsecurity.com.au9 Tuesday, August 31, 2010
It is hard with all the Blah Blah Blah
www.senseofsecurity.com.au10 Tuesday, August 31, 2010
Even Dilbert’s boss is onto this!
Copyright acknowledged
www.senseofsecurity.com.au11 Tuesday, August 31, 2010
Are we doomed?
www.senseofsecurity.com.au12 Tuesday, August 31, 2010
www.senseofsecurity.com.au13 Tuesday, August 31, 2010
CONFIDENTIALITY
INTEGRITY
AVAILABILITY
www.senseofsecurity.com.au14 Tuesday, August 31, 2010
The Real Agenda
• We need to be able to evaluate and measure the security of the
deployment in terms of C I A
www.senseofsecurity.com.au15 Tuesday, August 31, 2010
Confidentiality
www.senseofsecurity.com.au16 Tuesday, August 31, 2010
DMZ
Firewall
Internal
www.senseofsecurity.com.au17 Tuesday, August 31, 2010
Is it getting crowded in there?
www.senseofsecurity.com.au18 Tuesday, August 31, 2010
Stealing a Physical Machine
VERY DIFFICULT
www.senseofsecurity.com.au19 Tuesday, August 31, 2010
Stealing a Virtual Machine
www.senseofsecurity.com.au20 Tuesday, August 31, 2010
Confidentiality cont…
www.senseofsecurity.com.au21 Tuesday, August 31, 2010
Who manages the system?
“ An ESX virtual switch supports copying packets to a mirror port. By using what is called promiscuous mode, ESX Server makes a virtual switch port act as a SPAN port or mirror port. This capability makes it possible to debug using a sniffer or to run monitoring applications such as IDS.”
“Forged transmit blocking, when you enable it, prevents virtual machines from sending traffic that appears to come from nodes on the network other than themselves”
ref [http://www.vmware.com/files/pdf/virtual_networking_concepts.pdf]
Virtual System may be administered by someone who is neither a network nor a security expert!
www.senseofsecurity.com.au22 Tuesday, August 31, 2010
Integrity
• Just like any other software virtual platforms are
and have been buggy– VMSA-0008-0002.1 (Virtual Center Tomcat 5.5.7.1)
– CVE-2007-1321 (Heap Overflow in Xen network Driver)
– CVE-2008-0923 (Path Traversal vulnerability in VMware's shared folders
implementation)
– CVE-2009-2968 (VMware Studio 2 directory traversal)
• Patch Management Framework in place?
www.senseofsecurity.com.au23 Tuesday, August 31, 2010
Integrity cont…
www.senseofsecurity.com.au24 Tuesday, August 31, 2010
This is a good start to getting ….
www.senseofsecurity.com.au25 Tuesday, August 31, 2010
Integrity cont…
• Man in the Middle Attacks
• Various VMWare clients susceptible
• Including vi client– Configuration of the clients.xml file
www.senseofsecurity.com.au26 Tuesday, August 31, 2010
Segregation of Duties
• Server, storage, network, and security
duties are collapsed
• Critical considerations:
– Role-mapping within IT
– RBAC capabilities of virtualisation platform
– Layered controls (prevent, detect, respond)
• Roles and Responsibilities– Review of 75 discrete responsibilities assigned to 3 or 4 roles
(Per VMWare)
www.senseofsecurity.com.au27 Tuesday, August 31, 2010
Infrastructure hardening
• Hypervisor Protection
• Management Interfaces
• Zones of Trust
• Virtual Network Configuration
• Consolidation of functions
www.senseofsecurity.com.au28 Tuesday, August 31, 2010
Auditing
• The entire environment should be auditable
• All activity should be logged and monitored
• Administrators/Auditors should be able to
produce compliance reports at any point in
time
• Native and Commercial tools can be used
www.senseofsecurity.com.au29 Tuesday, August 31, 2010
VMWare Native Tool – Host Profiles
Cluster
Reference Host
Host profiles reduce setup time and allow you to manage configuration consistency and correctness.
This slide courtesy VMware
www.senseofsecurity.com.au30 Tuesday, August 31, 2010
Basic Workflow to Implement Host Profiles
•Host Profile– Memory Reservation
– Storage
– Networking
– Date and Time
– Firewall
– Security
– Services
– Users and User Groups
– Security
ClusterReference Host1
2
3
4
5
This slide courtesy VMware
www.senseofsecurity.com.au31 Tuesday, August 31, 2010
After you create the profile, attach it to hosts/clusters so that you can check compliance and apply it to hosts not in compliance.
This slide courtesy VMware
www.senseofsecurity.com.au32 Tuesday, August 31, 2010
Availability
• How is Availability delivered?
• Active Active
• Active Passive
• Fault Tolerance
• System Maintenance
• Patch Management (access to dormant
VM’s)
www.senseofsecurity.com.au33 Tuesday, August 31, 2010
HA – High Availability
FT – Fault Tolerance
VCB / VADR
NIC & HBA Teaming
VMotion
Storage VMotion
Network Redundancy
PerformancePlanned Downtime Unplanned Downtime
VM Failure Monitoring
Virtual Machines
Server
ESX Server
App
OS
App
OS
App
OS
App
OS
App
OS
Storage
Interconnect
This slide courtesy VMware
www.senseofsecurity.com.au34 Tuesday, August 31, 2010
Availability: Speed, Latency, Capacity
• Can software-based virtual appliances
deliver to level expected of purpose built
hardware?
• Many vendors have elected not to deliver L3
capability in virtual appliances.
• Do you want a Virtual UTM?
www.senseofsecurity.com.au35 Tuesday, August 31, 2010
Key Issues to Think About
• Going in blind with no plan – is not a plan!
• Inadequate Protection to the Hypervisor
• Blind Spot - Lack of Visibility and Control to
Virtualised Network and VM’s
• Collapsed Fabric – Virtualising across zones of trust
• Segregation of Duties – not defined
• Administration – Availability, Patch Management
• Ensure overall system is auditable
www.senseofsecurity.com.au36 Tuesday, August 31, 2010
Thank You
Murray Goldschmidt
Chief Operating Officer
Sense of Security
+61 2 9290 4444
www.senseofsecurity.com.au