Technical Brief: Virtualization

Transcription

1 Technical Brief: Virtualization Technology Overview Tempered Networks automates connectivity and network security for distributed devices over trusted and untrusted network infrastructure. The Tempered Networks product line provides a centrally managed security appliance solution that meets the network integration challenges facing the modern industrial enterprise and aligns with industry best-practice cybersecurity standards and architectures. The Tempered Networks solution leverages existing network infrastructure to efficiently enable industrial connectivity that is secure by default while being very easy to use. The solution is based on the International Society of Automation (ISA) TR architecture model for the creation and management of private overlay networks. Tempered Networks Secure Communications A Tempered Networks environment is comprised of a scalable orchestration engine (HIPswitch Conductor ), industrial and data-center grade security appliances (HIPswitches) and a management console and user interface (SimpleConnect ). HIPswitches connect to a WAN infrastructure using standard network services and interfaces to establish point-to-point and point-to-multipoint encrypted HIP VPN tunnels to implement private overlay networks, and apply additional network policy controls over device communications that traverse each HIPswitch. The HIPswitch Conductor and the SimpleConnect user interface facilitate the orchestration and management of several independent private overlay networks. Each private overlay network can be delegated to different users, yet the governance of the entire solution is centralized and retained by the administrator. The Tempered Networks solution therefore provides the enterprise with Private Networks as a Service. Users interact with SimpleConnect through a web-based graphical user interface. Each HIPswitch has a unique cryptographic identity in the form of an RSA 2048-bit key pair. A private overlay network consists of a whitelist of HIPswitch cryptographic identities. The list of identities is provided to the members of each private overlay network, and each HIPswitch authenticates and authorizes peer HIPswitches against this whitelist of allowed peers. This architecture provides a trust model that minimizes unauthorized communications. Page 1

2 FIGURE 1: PRIVATE OVERLAY NETWORK IMPLEMENTATION USING THE TEMPERED NETWORKS SOLUTION Virtualization with Tempered Networks Tempered Networks creates hardened firmware images that target both physical and virtualization appliances. When deploying Tempered Networks virtual appliances, consider two types: enterprise and endpoint. Enterprise virtualization is a data-center or cloud environment with concentrated compute resources and a managed virtualization layer such as VMware ESXi, Microsoft HyperV, or Linux KVM/XEN. Endpoint virtualization refers to desktop application software that runs local virtual machines on individual endpoint hardware such as a personal laptop. Tempered Networks virtual appliances use the underlying host hardware to perform their function and as such require compute resources from the host. Minimum hardware requirements for the virtual HIPswitch models can be found on the Tempered Networks datasheet. Bandwidth will be determined by the compute resources available to the HIPswitch and can potentially fluctuate as the underlying host resources fluctuate. Similarly, the virtual HIPswitches use the underlying host network connections to communicate with the shared network. The network connection will have at best the same quality and level of service as the underlying host hardware. Tempered Networks Virtualization Details The Tempered Networks product line includes two virtual HIPswitch models: the HIPswitch- 100v and the HIPswitch-300v. The HIPswitch-100v is designed for endpoint virtualization hosts running Windows 7 and 8. The HIPswitch-100v is packaged as a Microsoft installer executable and includes Oracle VirtualBox endpoint virtualization software. The HIPswitch-100v installer also creates Start, Stop, and Configure program menu entries in the Start Menu. The HIPswitch Page 2

3 -100v can connect via Bridged or NAT network connections to the host for connections to the Shared Network. The HIPswitch-300v is designed for deployment in Enterprise virtualization environments. The HIPswitch-300v is shipped as a standard Open Virtualization Archive (OVA) format that can be imported, or converted as necessary, into the virtualization environment. The HIPswitch-300v requires two network connections. The first connection is to the Shared Network, typically bridged to a virtual switch with a physical interface to the Shared Network. The second connection is the protected Equipment connection to the virtual server(s) that connects to remote protected devices. The Equipment connection is typically on an internal virtual switch that does NOT connect to the Shared Network. FIGURE 2: TEMPERED NETWORKS VIRTUALIZATION OVERVIEW The HIPswitch-100v uses a host-only network interface to connect to the local physical host (host-only is a type of virtual network interface that restricts communications between the physical host and the virtual appliance). The local physical host must be configured with an IP address on the host-only interface, and it is this IP address that is used to communicate with other remote protected devices within the Tempered Networks private network. The HIPswitch-100v Configure program allows the user to enter the IP address of local physical device for the protected communications. This IP address is the same address that is configured in the SimpleConnect user interface as the local device for the HIPswitch-100v. Important Note about Cloning Virtual HIPswitches Each physical or virtual HIPswitch is individually provisioned by Tempered Networks with a unique cryptographic identity. Do not clone, copy, or re-install HIPswitches on a different Page 3

4 computer without first ensuring that the previous instance has been deleted or destroyed. If more than one instance of a virtual HIPswitch is online at the same time, the HIPswitch Conductor and peer HIPswitches will be unable to differentiate between them. Using Two-Factor Authentication with the HIPswitch-100v Tempered Networks recommends enabling two-factor authentication on all HIPswitch-100v security appliances. Once two-factor authentication is configured for the HIPswitch-100v in the SimpleConnect user interface, the HIPswitch-100v will present a captive portal web page to the user for entering his/her SimpleConnect user login and password. Once the user successfully authenticates, the HIPswitch-100v will enable the security policies defined for this HIPswitch. In this manner, two-factor authentication provides an additional level of assurance that protected communications are enabled only for authorized users. FIGURE 3: TEMPERED NETWORKS VIRTUALIZATION WITH HIPSWITCH 100V Revoking an Untrusted Virtual HIPswitch If a virtual HIPswitch is installed on a physical host that is lost or stolen, or improperly disposed of, the cryptographic identity of the HIPswitch should be revoked. Revocation breaks the trust relationship of this HIPswitch with all other HIPswitches and the HIPswitch Conductor. If the physical host is later found or repaired, the HIPswitch can be re-activated in order to trust the HIPswitch identity. Security Considerations Virtualization introduces a level of convenience in deployment but also introduces additional risks for consideration. The underlying physical host must be trusted. Tempered Networks Value Proposition Page 4

5 The Tempered Networks solution is an independent layer of security on top of an underlying network infrastructure that facilitates a defense in depth security architecture and provides real and demonstrated security hardening, resilience and awareness. Tempered Networks reduces the cost of securing critical infrastructure and communications by: 1. Creating flexible private networks for connectivity to distributed devices and equipment 2. Providing secure, managed policies for connectivity to devices within these private networks 3. Centralizing governance, auditing, monitoring, logging, change control and documentation of distributed equipment and their associated configurations 4. Introducing user authentication, authorization, and auditing for remote access 5. Enabling ad-hoc networks for managing assets through test, patch, upgrade, remediation and replacement phases 6. Supporting comprehensive deployment models for physical, virtual, data-center and cloud connectivity requirements 7. Facilitating highly constrained remote access Next Steps and Call to Action Best practices suggest comprehensive risk management, tied to a defense in depth cybersecurity implementation, is the appropriate approach for securing ICS. Network segmentation is a foundational building block of a defense in depth, layered security implementation. Standards from ISA are focusing on network segmentation because it can be used to minimize the connectivity for ICS to the absolute minimum, and protect that connectivity over shared network infrastructures. The Tempered Networks solution is an implementation of industry standards that not only decouples and secures the ICS communications from a shared network, but also decouples the management of the ICS systems from the management of the shared network. The delegated management approach makes it possible for an enterprise to deploy secure private networks as an internal service, while adding robust and flexible security to their critical systems. Page 5