VIRTUALIZATION SECURITY

Transcription

1 VIRTUALIZATION AND SECURITY Ramesh Bhat Deputy Manager Information Security Mastek Ltd

2 Virtualization and Security Agenda Background What is virtualization Brief introduction to virtualization architecture Concerns / Risks Mitigation Specific audit concerns and Recommendations Checklist for evaluation, implementation and post implementation Summary

3 Virtualization Background IT in any organizations that want to give their organization a suitable competitive advantage need to: Reduce infrastructure costs through more efficient use of resources Respond faster to business needs so that projects get deployed more rapidly Reduce operational costs and gain operational flexibility

4 Virtualization Background Some of the concerns and challenges for IT are: Large number of under utilized OS / application servers Long delays for operational changes Long provisioning cycle times for new servers Narrow scheduled downtime windows are over subscribed with maintenance activities Inadequate testing environment Solution to these concerns is Virtualization of IT infrastructure.

5 Virtualization According to IDC, about 50% of the enterprises will use virtualization by 2011 and according to Gartner, by 2015, virtualization will be part of every aspect of IT.

6 Virtualization What is Virtualization as applied to IT environment? It is a technology where multiple Operating Systems can run simultaneously on a single physical machine, sharing the resources of that single machine.

7 Virtualization Architecture VM1 VM2 VM3 Application O.S Hardware (CPU, Memory, HD etc) Server WITHOUT virtualization App1 App2 App3 Guest OS1 Windows 2003 Guest OS2 Windows 2003 Guest OSn Linux Virtualization O.S (Hypervisor) Hardware (CPU, Memory, HD etc) Server WITH virtualization

8 Virtualization Architecture As represented by VM Ware Virtual Hardware Resources Physical Hardware resources

9 Virtualization Architecture There are two basic types of Virtualization: - Hosted or OS based virtualization - Hypervisor based virtualization VMs Hypervisor

10 Virtualization Architecture What are the general constituents of a virtual infrastructure? Most Basic: Host Hypervisor or Virtualization layer Virtual Machines Virtual hardware resources Central Management Console Management Client Special features: V Motion HA DRS

11 Virtualization Architecture Host

12 Virtualization Architecture It is essential to know the concerns and risks that come with virtualization.

13 Concerns around: Technical Hypervisor Configurations Data protection in storage and transit Host the single point of failure Memory allocation Process Asset tracking and management Network monitoring Patch management. State Restore feature Anti malware Software Management People Training

14 Concern: Technical Area: Hypervisor Issue: Multiple Virtual Machines on Hosts. All VMs can be critical Risk: Multiple virtual machines will be compromised if Hypervisor is compromised. Mitigation: Hardening of the hypervisor Disable features like clip board sharing, drag and drop Centralized hypervisor patch management Secure management traffic. (E.g. VM Ware uses SSH protocol)

15 Hypervisor contd Mitigation contd Access to the hypervisor should be strictly limited to the machines that have authorization to manage the virtual infrastructure. Host based IDS / IPS Maturity of the hypervisor Information: Virtual Machine benchmarking guidelines from center for internet security

16 Concern: Technical Area: Configurations Issue: Improperly managed configurations. Inadequate RBAC Risks: Guest to Host to Guest attack Guest to Guest attack

17 Configuration...contd Mitigation: Segregation of Systems. Have policy spelled out upfront, that those two types of virtual machines which contain or process data of different sensitivity level can never share the same hardware. physically separate the hosting of VMs of different sensitivity level.

18 Configuration...contd Mitigation. Contd Harden the hypervisor and other virtualization components as per the guidelines from the vendor Disable features like drag and drop, clip board sharing Segregation of duties. Role-based access controls (RBAC) Audit for: Configuration management. Recommendation: ITIL based configuration management

19 Concern: Technical Area: Data protection in storage and transit Issue: Some VMs are stored as files. V Motion. Risk: Information disclosure and modifications to database itself. Virtual disk files can be copied and run from other physical machines outside VMs can be copied or tampered over network the network

20 Data protection in storage and transit contd Mitigation: Apply strong access controls and encryption on virtual disk files. Dedicated backup account, for backup process. Back up tape security. Secure migration of VM through secure protocol.

21 Data protection in storage and transit..contd. Audit concern: Access controls on files. Use of secure protocol for VM migration Recommendations: Maintain access control list for back up of VMs Creation of clones and snapshots from VMs containing sensitive data like cardholder data may be disallowed entirely through policy.

22 Concern: Technical Area: Host Issue: Single point of failure Risk: Multiple applications not available simultaneously Mitigation: Build the redundancy Implement Dynamic DRS if the applications hosted are of mission critical in nature

23 Concern: Technical Area: Memory Management Issue: Hosts usually have the capability to reallocate memory among guests. Risk: Content disclosure to receiving guest Mitigation: Assurance is needed that the memory released by the first guest using that storage is not disclosing content to the receiving guest servers using those addresses.

24 Concern: Process Area: Asset tracking and management Issue: Keeping an up to date asset inventory Risks: Rogue VMs Mixture of VMs of different sensitivities on the same host Falling out of compliance with software license requirements More entry points for attackers Unauthorized software

25 Asset tracking and management contd Mitigation: Asset management tool should have virtualization awareness Role based access control Stringent change control Regular logs review Aggressive audit for rogue and unaccounted virtual machines Increase the review of assets inventory

26 Asset tracking and management.. contd. Audit concern: Identification of rogue, unaccounted virtual machines Audit for : Deployment of VM, Removal of VM, Migration of VM Proper segregation of duties through Role based access control Level of adherence to change control

27 Asset tracking and management.. contd. Recommendation: Automate asset tracking and management Food for thought: Enterprises that make the decision to go with server virtualization will need to have a way in which they can distinctly locate every virtual machine, ensuring that the placement within the enterprise is controlled by policies.

28 Concern: Process Area: Patch Management Issue: Patching dormant VMs, VM tempaltes Risk: Unpatched vulnerabilities if exploited, can lead to compromise of a VM which in turn can lead to VM to VM or VM to Host attack. Mitigation: Use products that can perform offline patching. Before deploying VM in any environment should undergo assessment for security (VA) in the test environment. During regular audit, look for security clearances for running VMs.

29 Patch Management contd Audit Concern: State restore feature is an audit concern, as it can leave the patched VM at unpatched state. Audit for: Patching status of VMs, Hypervisors. Check the records / logs for status change Cross check status changes for patch updates Recommendation: Information sharing with the internal auditors of the patching status and roll back / state changes.

30 Concern: Process Area: Anti Malware: Issue: Dormant VMs and the templates which do not get the antimalware updates and yet can get infected. Risk: Dormant or templates of VMs can be safe heavens for malwares Mitigation: Approved virtualization software should have the capability to apply latest malware signatures to dormant as well as templates of the VMs Control through the process.

31 Anti Malware contd Audit Concern: Audit for updating antivirus signatures on dormat VMs and templates Audit for: Regular signatures update process Signatures updates for dormant and template VMs Recommendation: System administrators to share the record updating signatures for dormant and template VMs and

32 Oh! I can not see what is happening. How do I know if something is wrong.

33 Concern: Process Area: Network Monitoring Issue: VM-to-VM traffic happening through virtual switch is difficult capture or inspect with physical network monitoring appliance like IDS Not all network tools are virtualization aware Risk: Malicious or suspicious network traffic of VM to VM through the virtual switch can go unnoticed

34 Network Monitoring Contd Mitigation: Requires VLAN trunking to force VM-to-VM traffic to traverse physical Implement network monitoring tools which are virtualization aware with the help of suitable APIs from the virtualization vendor

35 Network Monitoring Contd Audit Concern: Whether the external monitoring device is appropriate to capture inter VM traffic. Recommendation: Rogue scanner.

36 Concern:People Area: Administrator Training Issue: Improper understanding and usage of features, improper configurations Risk: Inadvertent introduction of vulnerabilities or not adequately addressing the vulnerabilities Mitigation: Thorough training on the virtualization software. Identify and information security awareness training concerning operation with virtualization environment.

37 Security appliances for virtual infrastructure Virtualization Security Appliances Do all virtualization vendors have security appliances? Not all. The product, VMsafe, is a set of application programming interfaces (APIs) that will allow third-party vendors to develop security products that are easily integrated into it s's own hypervisors. According to VMware, its VMsafe APIs integrate at the hypervisor layer of virtualization and will allow detecting and eliminating malicious software. Some security vendors are developing products that support the VMsafe APIs, according to VMware.

38 Checklist Virtualization Security requirements checklist for Evaluation and Implementation stage. Microsoft Word Document

39 Summary The common vision of IT in any organizations today is to provide their business units with lower cost, higher service level infrastructure that enables them to respond faster to business unit demands. Solution is Virtualization of IT infrastructure. In the non virtualized environment you find one server, one OS, one application kind of environment leading under utilization of hardware. Virtualization technology enables, utilizing the hardware resource to the fullest by having many OS and many applications in one server box which is called the host. The OSs on the host are called the guest OSs. Each guest OS hosts one application.

40 Summary Contd.. Virtual Hardware Resources Physical Hardware resources

41 Summary contd. There are two basic types of Virtualization: - Hosted or OS based virtualization - Hypervisor based virtualization VMs Hypervisor

42 Summary Contd With so much benefit, virtualization is rapidly growing. As any new technology can bring new security concerns, virtualization has certainly some impact on security posture. The single biggest vulnerability of VMs is due to the ease in which users can create many VMs, which become very difficult to secure, monitor, and maintain. The effective change and configuration management processes so vital to physical infrastructure become even more critical with virtual infrastructure, as employees introduce potential risk by creating, using and de-provisioning virtual systems all within a short period of time. While security requirements understanding for virtual environment can not be termed as mature and it is yet to mature. There are certain known risks and issues and we discussed possible mitigations for that. These mitigations are based on few users experiences and the knowledge of current information security management. Over a period of time those mitigations can be time tested and there can sources with ample documentation.

43 Summary Contd Concerns around; Technical: Hypervisor Configurations Data protection in storage and transit Network monitoring Host the single point of failure Memory allocation Process: Asset tracking and management Patch management. State Restore feature Anti Malware Software Management People: Training Segregation of duties

44 Conclusion At its core, security requirements don t change drastically in a virtual environment, but must adapt to work effectively in it though there are concerns, it can be addressed by revisiting those control areas In which it is known to impact.

45 Security conscious No, we are not suffering from any of those conditions. We have done the homework, and took care of the requirements by bringing in necessary changes to the environment. We know we have to be alert to security requirements that may come as virtualization evolves.

46 Resources The recommended resources onwpfoundstonefinal.pdf pdf Information: Borton group evaluation criteria

47 Thank You. Any Questions? You may contact me on: