Virtualization and Cloud Computing

Transcription

1 Virtualization and Cloud Computing Security is a Process, not a Product Guillermo Macias CIP Security Auditor, Sr.

2 Virtualization Purpose of Presentation: To inform entities about the importance of assessing the benefits and risks related to the incorporation of virtualization and cloud computing. To provide guidance for entities on assessing and incorporating virtualization and cloud computing into production and test environments. To assist entities with information about developing and maintaining a detailed documentation set that demonstrates how virtualization is implemented. What are auditors looking for? A logical approach and plan toward compliance. Practical steps toward compliance that can be demonstrated. Verification for how the entity mapped its Information Technology (IT) security controls to the Critical Infrastructure Protection (CIP) Standards. 2

3 Virtualization continued What is virtualization?.virtualization is a framework or methodology of dividing the resources of a computer into multiple execution environments, by applying one or more concepts or technologies such as hardware and software partitioning, time-sharing, partial or complete machine simulation, emulation, quality of service, and many others. Source: 3

4 Virtualization - continued Why are companies moving into virtualization? Reason Benefit Sever Consolidation Legacy Applications Build Secure Computing Platforms Create Operating Systems Simulate hardware and hardware configuration Savings in hardware, environmental costs, management, and administration. Ability to run legacy applications that will not run on newer hardware and/or OS. Provides secure, isolated sandboxes to run untrusted applications. Resource limits and guarantees. The illusion of running multiple processors and to simulate networks of independent computers. Task Management System migration, backup, and recovery. 4

5 Virtualization continued Four main areas where virtualization is implemented Server-Based Storage-Based Network-Based Virtual Desktop Infrastructure (VDI) 5

6 Virtualization continued Defining Some Terms: Host: Virtualization platform running hypervisor software. Hypervisor Software: A central program used to manage virtual machines (guests) within a simulated environment (host). Common host platforms: VMware ESXi, Microsoft Hyper-V, Citrix XenServer, Red Hat KVM, and others. Computer resources such as Random Access Memory (RAM), processors (CPUs), and storage are emulated through the host environment. 6

7 The Hypervisor Primary component of a server virtualization platform. Often referred to as the virtual machine monitor (VMM). Central nervous system within a virtual infrastructure. Manages the host s underlying hardware resources and handles all guest-initiated operating system (OS) and application requests for CPU, memory, I/O, and disk resources. 7

8 Virtualization Defining Some Terms: Virtual guest, virtual machine (VM), or guest system: A VM is a group of files that represents a hardware-based computing platform, complete with storage, memory, and configuration components. 8

9 Server Virtualization Virtual Host: is a physical server with virtualized layer Virtual Machine: Each guest OS running on the host Virtual Machines (Virtual OS and Apps) App App OS OS Virtualization layer (The Hypervisor) Physical Layer 9

10 Storage-Based Virtualization Multiple storage devices into what appears to be a single storage unit. Storage virtualization helps perform tasks like backup, archiving, and recovery in less time. Storage virtualization can be implemented using software and hardware hybrid appliances. Must adhere to the CIP Standards Verify technical and procedural controls all the way down to the LUN (Logical Unit Number) of the Storage Area Network (SAN). 10

11 Server Virtualization MES Server Win 2003 ERP Server Win 2008 Traditional Servers SCADA Server Linux MES Server Win 2003 ERP Server Win 2008 SCADA Server Linux H y p e r v i s o r Virtualized Server Virtualized Server 11

12 Virtualization VDI Virtual Desktop Infrastructure (VDI) consists of virtualizing desktops into images that run on centralized hypervisor platforms. Similar to server virtualization, but there are many differences in how the images are created, managed, and in some cases, secured. VDI desktops can be accessed in a number of ways. The most common access methods are standard Remote Desktop Protocol (RDP) services. 12

13 Benefits of VDI Operational improvements and cost savings. Bring your own device (BYOD) Employees bring their own laptops and other computing devices to work. VDI can help accomplish this because the operating system, applications, and data access can be controlled by central policies and security technologies within VDI images while a companycontrolled client can be installed on the employee's device to permit access. 13

14 Benefits of VDI continued Security VDI can reduce the cost of compliance and security for desktops. VDI supports centralized policy control, ephemeral (short-term) desktop images, and granular and manageable change and configuration management tools and processes. Fighting malware and responding to desktoprelated incidents can be easier because all of the infrastructure is centrally located and controlled. Virtual machines can be easily deleted and created. 14

15 VDI Challenges Operational Issues Bandwidth When a large number of users need to access desktop images simultaneously, the amount of bandwidth consumed can be significant. Power A large number of desktop images in use simultaneously could lead to major power spikes and an increase in overall consumption. 15

16 Network-Based Virtualization Hypervisors can provide networking capabilities that allow individual guest OSs to communicate with one another while limiting access to the external physical network. The network interfaces that the guest OSs see may be virtual, physical, or both. 16

17 Network-Based Virtualization continued Network Bridging The guest OS is given direct access to the host s network interface cards (NIC) independent of the host OS. Network Address Translation (NAT) The guest OS is given a virtual NIC that is connected to a simulated NAT inside the hypervisor. As in a traditional NAT, all outbound network traffic is sent through the virtual NIC to the host OS for forwarding, usually to a physical NIC in the host system. Host Only Networking The guest OS is given a virtual NIC that does not directly route to a physical NIC. In this scenario, guest OSs can be configured to communicate with one another and, potentially, with the host OS. 17

18 Network Virtualization Technologies Virtual Switching Systems (VSS) Virtual Switches (VSwitch) Virtual Private Network (VPN) Virtual Storage Area Network (VSAN) Virtual Routing and Forwarding (VRF) Virtual Local Area Networks (VLAN) Virtual Port Channels (VPC) Virtual Device Context (VDC) 18

19 Network Virtualization Device Clustering Allows multiple physical devices to be combined into a larger logical device. Combines two physical switches into a single logical switch (e.g., VSS series). The main benefit of clustering techniques is they allow systems to scale beyond the size of a single system. Complexity of the overall system design does not increase. 19

20 Virtualization and CIP All CIP Standards Apply! Virtual Networks need to be just as secure as Physical Networks. 20

21 Virtualization and CIP continued VMs should be treated no differently than physical machines and all CIP Standards apply: CIP version 3 CIP version 5 Identification: CIP-002 Least Privilege Access: CIP-003 Change Control/Configuration Management: CIP-003 Personnel and Training: CIP-004 Segregation (ESP): CIP-005 Physical Security: CIP-006 The same as CIP version 3, including CIP and CIP Testing, Security Patching, and Malicious Software Prevention: CIP-007 Proper Disposal/Redeployment: CIP-007 Incident Response: CIP-008 Recovery Plans: CIP

22 Virtualization and CIP Questions CIP-002 Is the Hypervisor hosting Critical Cyber Assets (CCA) VMs? If the answer is yes, then the Hypervisor is a CCA too. Since the Host OS interacts with the Guest OS via the Hypervisor, then the Hypervisor is in scope. ALL VM Cyber Assets on the Hypervisor, to include non-ccas should be considered in-scope of CIP Standards. CIP-003 Do you have authorized administrators managing the Hypervisor and VMs in scope? CIP-004 Does the administrator have the specialized security virtualization training? CIP-005 Creating on-the-fly virtualized environments may cause security risks to the ESP. 22

23 Virtualization and CIP Questions continued CIP-005 (Continued) Does every virtualized CCA reside within an ESP? VMs that are functioning as Access Control and Monitoring System. Virtual IDSs Do any hosts or VMs connect to corporate (non-esp) networks? How is remote management performed for the Host and VMs? CIP-006 Are the Hypervisor and the VMs located within the Physical Security Perimeter? CIP-007 Are all security patches/upgrades for the Hypervisor and VMs assessed for applicability? 23

24 Virtualization and CIP Questions continued CIP-007 (Continued) How is the process of testing VMs different from physical cyber assets? How is a complex password implemented on images snapshots? Verify security of those images. Automated tools required to logging monitors VMs. CIP-008 Make sure VMs follow the same rules as physical machines. How does the Incident Respond Plan apply to virtualization? Retention of evidence (images). Forensic purposes (images can be preserved). CIP-009 Backing up and restoring. Hypervisor, host OS, and guest OS. 24

25 Virtualization Threats to a Virtualized Environment 25

26 Threats to a Virtualized Environment Teams must evaluate and assess Vulnerabilities that may exist in the technology. Threats to the environment could exploit those vulnerabilities. Potential impact of security events. 26

27 Threats to a Virtualized Environment continued Operational Threats: VM sprawl: Virtual machines can be deployed in seconds, making it easy to create unapproved VMs (for example, short-term testing systems). VMs created on-the-fly might not be patched, updated, or configured properly. Lack of visibility into virtual environments: Many virtual network environments are not monitored adequately. Many virtual networks have quite a bit of internal traffic that is not being monitored adequately by external security and network tools. 27

28 Threats to a Virtualized Environment continued Operational Threats - continued Separation of duties not maintained: Separation of duties for people managing systems, networks, and applications in a virtual environment is often lacking. Different teams may not understand how they should manage their parts of the virtual infrastructure. Granting unilateral access to any one group could be a big security risk. 28

29 Virtualization Change and configuration management is a key area to focus on for virtualized organizations. Configuration details Network settings Security-specific settings 29

30 Malware-Based Threats VM-Aware Malware: Various strains and versions of bots, worms, rootkits, and other malicious code formats are capable of determining whether they are running on a physical or virtual host by looking at memory and hardware attributes, memory locations, and process and function behavior. 30

31 VM Escape Threat VM Escape: Malicious code runs within a VM and is able to break out onto the underlying host. In a VM escape, trust zones are violated, access controls are circumvented, and the confidentiality and integrity of Elastic Sky X (ESX) hosts is suspect as soon as it happens. Directory Traversal Attack Vmchat Vmcat VM Drag-n-Sploit VMftp 31

32 Virtualization Challenges Adapting Anti-malware Tools for Hosts and Guests Two primary concerns for anti-malware protection include host scanning and guest scanning. The main issues are performance impacts and integrity problems that result from scanning particular virtualization-specific file structures such as virtual machine disk (VMDK) files in VMware environments. 32

33 Cloud Computing Cloud Computing 33

34 Cloud Computing Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction (NIST, 2010). In the simplest of terms, cloud computing is basically internet-based computing. 34

35 Cloud Benefits Pay as you go (Utility Computing Systems). On-demand self-service. Shared resources. Focus on business rather than IT. Elasticity-Scale up and down based on business need. Cloud computing introduces a level of abstraction between the physical infrastructure and the owner of the information being stored and processed. The large variety of devices that can connect to the internet, such as PDAs, mobile phones and handheld and static devices, all expanded the number of ways the cloud can be accessed. What about the Service Level Agreement (SLA)? 35

36 Cloud Models Deployment Models Public cloud Private cloud Hybrid cloud Community cloud Service Models IaaS (Infrastructure as a Service) PaaS (Platform as a Service) SaaS (Software as a Service) 36

37 Cloud Models Service Models Enterprise Resources E-Commerce Office Automation Knowledge Management Operating System Groupware Web Hosting Developers Studios Accounting Systems Network Storage OS Database Management Hardware 37

38 Risks, Threats, and Vulnerabilities Organization Risks, Threats, and Vulnerabilities Non-Cloud Specific Cloud Specific Technical Legal Other 38

39 Risks, Threats, and Vulnerabilities continued Organization Risk: Loss of business reputation due to co-tenant activities (or the tenants sharing the same resource), and any organizational change that can happen to the cloud provider (as a business organization) including provider failure, termination or acquisition. Technical Risk: The technical risks classification includes problems or failures associated with the provided services or technologies contacted from the cloud service provider. Legal Risk: Issues that surround data being exchanged across multiple countries that have different laws and regulations concerning data traversal, protection requirements, and privacy laws. Examples of such risks include, but not limited to, risks resulting from possible changes of jurisdiction and the liability or obligation of the vendor in case of loss of data and/or business interruption. Other: Data Leakage on Upload/Download: When the data is being transferred across the cloud unencrypted, it is subject for traffic sniffing, spoofing, and man-in the-middle attacks, amongst others. 39

40 Cloud Computing and CIP CIP-002: Identification of CAs, CCAs, EACMS and PCS CIP-003: Access Control Management CIP-004: Information Protection Program, cloud computing training and PRAs CIP-005: Design and protection of the Electronic Security Perimeter CIP-006: Design and protection of the Physical Security Perimeter CIP-007: Security patches/upgrades on cloud servers assessed for applicability CIP-008: How is the Incident Respond Plan applies cloud computing CIP-009: Backing up and restoring Critical Cyber Assets 40

41 Questions 41

42 Virtualization and Cloud Computing References: Information Resources Management Association, USA. Grid and Cloud Computing, Safari Online Books Shackleford, Dave. Virtualization Security: Protecting Virtualized Environments Safari Online Books Tiso, John. Designing Cisco Network Service Architectures Safari Online Books