The Phantom Menace: -
SecurityAs enterprises rush to virtualize they need to be aware of some of the new security considerations and challenges related to both VMs and hosts. Now that VMs can exist in many formats and multiple states, the task of securing them gets much more complicated. Hypervisor technology represents a new operating systems in the datacenter, and one that is still relatively immature. Mothballed VMs may reintroduce viruses and worms that were previously considered eradicated in the enterprise. The easy access to free host software, combined with the growing number of virtual machines and the public availability of virtual appliances will challenge enterprises trying to protect and secure their environments. This session will focus on security challenges introduced by virtualization, and the future outlook for solutions and capabilities as well as offer some advice on how to deal with them.
Agenda
• New Security Challenges
• Controlling Virtual Machines
• Evolving Security Technologies
• Recommendations
Architecture
HardwareHardware
Type I HypervisorType I HypervisorType I Hypervisor
OperatingOperating
SystemSystem
ApplicationApplication
OperatingOperating
SystemSystem
ApplicationApplication
ApplicationApplication
Hosted, or Type II
Hypervisor
Micro-Kernel, or Type I
Hypervisor
HardwareHardware
Host Operating SystemHost Operating System
ApplicationApplication ApplicationApplication
ApplicationApplication
Type II HypervisorType II Hypervisor
GuestGuest
OSOS
AppApp
GuestGuest
OSOS
AppApp
AppApp
ApplicationApplication
New security issues • Another Operating System in the Datacenter
• New attacks could target the virtualization layer
• New attacks could target newer hardware
• Communication within a hypervisor is essentially a “private LAN”
• Guest to Guest attacks
• Virtual Appliances
• Identity & Mobility
Another Operating System
• Maturity of the hypervisor
• Breaking out of a guest OS
• Hypervisor root kits
Hyper-jacking
• Guest to guest attacks
• Traffic in the open
• Denial of service through
VM "overloading"
Virtual Appliances
• New system variations
• Integrity
• Patching
• Remote Access
• Security profile
• Certifying
Mobility / Identity
– Using virtualization breaks existing data
center management tools
– Virtual Machines lose their physical identity
– Mobile VMs compromise “security in
layers”
– Traditional security tools may not work well
– Higher risk of sprawl in the virtual world
than the physical
Costs of Virtual Sprawl
• Wasted physical resources
• Wasted software resources
• Increased manual activity
• Increased risk
7%* penetration today.. but It’s
not going to stay that way
“By 2010, Intel projects that 25% of enterprise
data center servers will be running in
virtualization mode”. Intel - July 2007
“50% of physical servers will be virtualized by
2011”. - (IDC)
“Virtualization will be part of nearly every aspect
of IT by 2015” - Gartner May 2007 * source: IDC
Phantom or Menace?
• Both… It’s the normal "Arms Race"
– The value of server virtualization is
undisputed..
– Like wireless networking it WILL become
more prevalent
– As technology becomes prevalent, attacks
WILL come … It's too tempting a target
New Security Technologies
• VM Lifecycle Management & Automation Systems– Control Sprawl
– Control / Audit VM deployments
– Integrate with existing datacenter systems
• Security inside the hypervisor
• Virtual Appliances
• Security as a plug-in to the hypervisor
Security as a hypervisor plug-in
HardwareHardware
HypervisorHypervisor
Hardened Hardened
OSOSOperatingOperating
SystemSystem
ApplicationApplication
ApplicationApplication
OperatingOperating
SystemSystem
ApplicationApplication
Security Security
WatchdoWatchdo
g VMg VM
VM State information:
•Processor state
•Memory pages
•Network state
•Disk blocks
•Process Control Blocks
OVF & Virtual Appliances
Develop Package Deploy Manage Retire
OVF ver1 Scope
Recommendations
• Implement sprawl control as early as possible
• Control what you can and plan for the rest.
• Track
• Segment
• Control
• Audit
• Automate
• Authorize
• Protect
Track & Segment• Track
– Where VMs are being deployed
– Where they came from, who deployed them
– Their lineage
• Segment– Match class of VM with class of hardware server
– Do not mix VMs with different security postures and requirements on the same host system.
– Segment your virtual environment for defense in depth • Isolate privileged VMs on their own network segment
• Extend your current application isolation policies into the virtual environment
Control• Apply and enforce consistent security policy throughout the environment
• Minimum permissions for users and staff.
• Minimize login to the virtualization host..
• Limit ability to load arbitrary software to host OS
• Only allow approved VMs to operate
• Control what kind of VMs can be installed in specific environments
• Limit the duration of offline VMs
• Reclaim unused or obsolete VMs
• Integrate back into your existing management systems
Audit, Automate and
Authorize• Audit
– Establish and enforce policy through the use of management and control technologies.
– Monitor all access to virtualization resources
– Monitor all administrative activity
• Automate– Consistency of process
– Manage by exception
• Authorize– Enforce constancy – drive everything off of a definitive VM library.. And keep it up to date
– Verify legitimate VMs – wherever they are in the enterprise.. And legitimate administrators
Protect
• Keep host OS’s thin and hardened
• Keep up to date on all hypervisor
patches (and threats)
• Maintain Security Group Focus
• Be wary of drivers and agents
• Keep up to date with new tools and
technologies
Thank You
David M Lynch [email protected]