The Phantom Menace - Security

The Phantom Menace -

Security

David M Lynch [email protected]

The Phantom Menace: -

SecurityAs enterprises rush to virtualize they need to be aware of some of the new security considerations and challenges related to both VMs and hosts. Now that VMs can exist in many formats and multiple states, the task of securing them gets much more complicated. Hypervisor technology represents a new operating systems in the datacenter, and one that is still relatively immature. Mothballed VMs may reintroduce viruses and worms that were previously considered eradicated in the enterprise. The easy access to free host software, combined with the growing number of virtual machines and the public availability of virtual appliances will challenge enterprises trying to protect and secure their environments. This session will focus on security challenges introduced by virtualization, and the future outlook for solutions and capabilities as well as offer some advice on how to deal with them.

Agenda

• New Security Challenges

• Controlling Virtual Machines

• Evolving Security Technologies

• Recommendations

Architecture

HardwareHardware

Type I HypervisorType I HypervisorType I Hypervisor

OperatingOperating

SystemSystem

ApplicationApplication

OperatingOperating

SystemSystem

ApplicationApplication

ApplicationApplication

Hosted, or Type II

Hypervisor

Micro-Kernel, or Type I

Hypervisor

HardwareHardware

Host Operating SystemHost Operating System

ApplicationApplication ApplicationApplication

ApplicationApplication

Type II HypervisorType II Hypervisor

GuestGuest

OSOS

AppApp

GuestGuest

OSOS

AppApp

AppApp

ApplicationApplication

New security issues • Another Operating System in the Datacenter

• New attacks could target the virtualization layer

• New attacks could target newer hardware

• Communication within a hypervisor is essentially a “private LAN”

• Guest to Guest attacks

• Virtual Appliances

• Identity & Mobility

Another Operating System

• Maturity of the hypervisor

• Breaking out of a guest OS

• Hypervisor root kits

Hyper-jacking

• Guest to guest attacks

• Traffic in the open

• Denial of service through

VM "overloading"

Virtual Appliances

• New system variations

• Integrity

• Patching

• Remote Access

• Security profile

• Certifying

Mobility / Identity

– Using virtualization breaks existing data

center management tools

– Virtual Machines lose their physical identity

– Mobile VMs compromise “security in

layers”

– Traditional security tools may not work well

– Higher risk of sprawl in the virtual world

than the physical

Costs of Virtual Sprawl

• Wasted physical resources

• Wasted software resources

• Increased manual activity

• Increased risk

7%* penetration today.. but It’s

not going to stay that way

“By 2010, Intel projects that 25% of enterprise

data center servers will be running in

virtualization mode”. Intel - July 2007

“50% of physical servers will be virtualized by

2011”. - (IDC)

“Virtualization will be part of nearly every aspect

of IT by 2015” - Gartner May 2007 * source: IDC

Phantom or Menace?

• Both… It’s the normal "Arms Race"

– The value of server virtualization is

undisputed..

– Like wireless networking it WILL become

more prevalent

– As technology becomes prevalent, attacks

WILL come … It's too tempting a target

New Security Technologies

• VM Lifecycle Management & Automation Systems– Control Sprawl

– Control / Audit VM deployments

– Integrate with existing datacenter systems

• Security inside the hypervisor

• Virtual Appliances

• Security as a plug-in to the hypervisor

Security as a hypervisor plug-in

HardwareHardware

HypervisorHypervisor

Hardened Hardened

OSOSOperatingOperating

SystemSystem

ApplicationApplication

ApplicationApplication

OperatingOperating

SystemSystem

ApplicationApplication

Security Security

WatchdoWatchdo

g VMg VM

VM State information:

•Processor state

•Memory pages

•Network state

•Disk blocks

•Process Control Blocks

OVF & Virtual Appliances

Develop Package Deploy Manage Retire

OVF ver1 Scope

Recommendations

• Implement sprawl control as early as possible

• Control what you can and plan for the rest.

• Track

• Segment

• Control

• Audit

• Automate

• Authorize

• Protect

Track & Segment• Track

– Where VMs are being deployed

– Where they came from, who deployed them

– Their lineage

• Segment– Match class of VM with class of hardware server

– Do not mix VMs with different security postures and requirements on the same host system.

– Segment your virtual environment for defense in depth • Isolate privileged VMs on their own network segment

• Extend your current application isolation policies into the virtual environment

Control• Apply and enforce consistent security policy throughout the environment

• Minimum permissions for users and staff.

• Minimize login to the virtualization host..

• Limit ability to load arbitrary software to host OS

• Only allow approved VMs to operate

• Control what kind of VMs can be installed in specific environments

• Limit the duration of offline VMs

• Reclaim unused or obsolete VMs

• Integrate back into your existing management systems

Audit, Automate and

Authorize• Audit

– Establish and enforce policy through the use of management and control technologies.

– Monitor all access to virtualization resources

– Monitor all administrative activity

• Automate– Consistency of process

– Manage by exception

• Authorize– Enforce constancy – drive everything off of a definitive VM library.. And keep it up to date

– Verify legitimate VMs – wherever they are in the enterprise.. And legitimate administrators

Protect

• Keep host OS’s thin and hardened

• Keep up to date on all hypervisor

patches (and threats)

• Maintain Security Group Focus

• Be wary of drivers and agents

• Keep up to date with new tools and

technologies

Thank You

David M Lynch [email protected]