Virtualization for Security



Similar documents
Virtualization Technology

Professional Xen Visualization

Intro to Virtualization

COS 318: Operating Systems. Virtual Machine Monitors

VMWARE VSPHERE 5.0 WITH ESXI AND VCENTER

Contents. vii. Preface. P ART I THE HONEYNET 1 Chapter 1 The Beginning 3. Chapter 2 Honeypots 17. xix

Virtualization. Dr. Yingwu Zhu

Virtualization and Cloud Computing

Implementing and Managing Windows Server 2008 Hyper-V

Virtual Machines.

The Art of Virtualization with Free Software

nanohub.org An Overview of Virtualization Techniques

Basics in Energy Information (& Communication) Systems Virtualization / Virtual Machines

6422: Implementing and Managing Windows Server 2008 Hyper-V (3 Days)

What is virtualization

Hypervisors. Introduction. Introduction. Introduction. Introduction. Introduction. Credits:

Virtual Machine Monitors. Dr. Marc E. Fiuczynski Research Scholar Princeton University

Virtual Machines and Security Paola Stone Martinez East Carolina University November, 2013.

Week Overview. Installing Linux Linux on your Desktop Virtualization Basic Linux system administration

Virtualization. Types of Interfaces

9/26/2011. What is Virtualization? What are the different types of virtualization.

SAN Conceptual and Design Basics

VIRTUALIZATION SECURITY IN THE REAL WORLD

"Charting the Course to Your Success!" MOC D Windows 7 Enterprise Desktop Support Technician Course Summary

VMware vsphere 5.1 Advanced Administration

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013

IOS110. Virtualization 5/27/2014 1

Virtualization for Cloud Computing

Anh Quach, Matthew Rajman, Bienvenido Rodriguez, Brian Rodriguez, Michael Roefs, Ahmed Shaikh

STREAM FRBC

Networking for Caribbean Development

Outline SSS Microsoft Windows Server 2008 Hyper-V Virtualization

Study Guide. Professional vsphere 4. VCP VMware Certified. (ExamVCP4IO) Robert Schmidt. IVIC GratAf Hill

Virtualization of CBORD Odyssey PCS and Micros 3700 servers. The CBORD Group, Inc. January 13, 2007

VMware Server 2.0 Essentials. Virtualization Deployment and Management

VMware vsphere 5.0 Boot Camp

How To Protect A Virtual Desktop From Attack

Uses for Virtual Machines. Virtual Machines. There are several uses for virtual machines:

RED HAT ENTERPRISE VIRTUALIZATION

Server Virtualization with VMWare

Solution Brief Availability and Recovery Options: Microsoft Exchange Solutions on VMware

Virtualization with Windows

Server Virtualization A Game-Changer For SMB Customers

Full and Para Virtualization

Windows Server R2 Hyper-V. Microsoft's Hypervisor. Insiders Guide to. Wiley Publishing, Inc. John Kelbley. Mike Sterling WILEY

Chapter 16: Virtual Machines. Operating System Concepts 9 th Edition

What s New with VMware Virtual Infrastructure

Virtualization. Explain how today s virtualization movement is actually a reinvention

Solution Recipe: Improve PC Security and Reliability with Intel Virtualization Technology

Intelligent Laptop Virtualization No compromises for IT or end users. VMware Mirage

Chapter 14 Virtual Machines

Virtualization. Jukka K. Nurminen

Distributed and Cloud Computing

Distributed Systems. Virtualization. Paul Krzyzanowski

CSE 501 Monday, September 09, 2013 Kevin Cleary

APPLICATION OF SERVER VIRTUALIZATION IN PLATFORM TESTING

INCIDENT RESPONSE CHECKLIST

CPET 581 Cloud Computing: Technologies and Enterprise IT Strategies. Virtualization of Clusters and Data Centers

Stephen Coty Director, Threat Research

MODULE 3 VIRTUALIZED DATA CENTER COMPUTE

Parallels Virtuozzo Containers

Networking. Sixth Edition. A Beginner's Guide BRUCE HALLBERG

Regional SEE-GRID-SCI Training for Site Administrators Institute of Physics Belgrade March 5-6, 2009

Enterprise Storage Solution for Hyper-V Private Cloud and VDI Deployments using Sanbolic s Melio Cloud Software Suite April 2011

M.Sc. IT Semester III VIRTUALIZATION QUESTION BANK Unit 1 1. What is virtualization? Explain the five stage virtualization process. 2.

In addition to their professional experience, students who attend this training should have technical knowledge in the following areas.

Streamlining Patch Testing and Deployment

Solution Guide Parallels Virtualization for Linux

A Survey on Virtual Machine Security

Virtualization. Michael Tsai 2015/06/08

Acronis Backup & Recovery 10 Workstation. Installation Guide

Protecting Virtual Servers with Acronis True Image Echo

VMWare Workstation 11 Installation MICROSOFT WINDOWS SERVER 2008 R2 STANDARD ENTERPRISE ED.

CA ARCserve Family r15

Security. Environments. Dave Shackleford. John Wiley &. Sons, Inc. s j}! '**»* t i j. l:i. in: i««;

Paragon Protect & Restore

Virtualisation. A newsletter for IT Professionals. Issue 2. I. Background of Virtualisation. Hardware

Eaton NetWatch v5.0 NetWatch on Microsoft Hyper-V server 2008 Installation and configuration guide

Remote PC Guide Series - Volume 1

Planning and Designing Microsoft Virtualization Solutions

Best Practices for Virtualised SharePoint

Virtual Desktop Infrastructure

MS-6422A - Implement and Manage Microsoft Windows Server Hyper-V

RED HAT ENTERPRISE VIRTUALIZATION FOR SERVERS: COMPETITIVE FEATURES

Virtual Machines Fact Sheet

Course 50273B: Planning and Designing Microsoft Virtualization Solutions. Level: 300. About this Course

Protecting Virtual Servers with Acronis True Image

VMware Virtual Infrastucture From the Virtualized to the Automated Data Center

HBA Virtualization Technologies for Windows OS Environments

Server-centric client virtualization model reduces costs while improving security and flexibility.

What s new in Hyper-V 2012 R2

Course Syllabus. Implementing and Managing Windows Server 2008 Hyper-V. Key Data. Audience. At Course Completion. Prerequisites

Virtualization Technologies and Blackboard: The Future of Blackboard Software on Multi-Core Technologies

Transcription:

Virtualization for Security t j Including Sandboxing, Disaster Recovery, High Availability, Forensic Analysis, and Honeypotting John Hoopes Technical Editor Aaron Bawcom Paul Kenealy Wesley J. Noonan Craig A. Schiller Fred Shore Andreas Turriff Mario Vuksan Carsten Willems David Williams

Contents Chapter 1 An Introduction to Virtualization 1 Introduction 2 What Is Virtualization? 2 The History of Virtualization 3 The Atlas Computer 3 The M44/44X Project 4 CP/CMS 4 Other Time-Sharing Projects 5 Virtualization Explosion of the 1990s and Early 2000s 6 The Answer: Virtualization Is 8 Why Virtualize? 9 Decentralization versus Centralization 9 True Tangible Benefits 13 Consolidation 15 Reliability 17 Security 18 How Does Virtualization Work? 19 OS Relationships with the CPU Architecture 20 The Virtual Machine Monitor and Ring-0 Presentation 22 The VMM Role Explored 23 The Popek and Goldberg Requirements 24 The Challenge:VMMs for the x86 Architecture 25 Types of Virtualization 26 Server Virtualization 26 Storage Virtualization 29 Network Virtualization V... 30 Application Virtualization 31 Common Use Cases for Virtualization 32 Technology Refresh 32 Business Continuity and Disaster Recovery 34 Proof of Concept Deployments 35 Virtual Desktops 35 Rapid Development, Test Lab, and Software Configuration Management 36 xi

xii Contents Summary 38 Solutions Fast Track 38 Frequently Asked Questions 42 Chapter 2 Choosing the Right Solution for the Task 45 Introduction 46 Issues and Considerations That Affect Virtualization Implementations 46 Performance 47 Redundancy 47 Operations 48 Backups 48 Security 48 'Evolution^ 49 Discovery 49 Testing 49 Production 49 Mobility 50 Grid 50 Distinguishing One Type of Virtualization from Another 51 Library Emulation 51 Wine 52 Cygwin 53 Processor Emulation 53 Operating System Virtualization 54 Application Virtualization 54 Presentation Virtualization 55 Server Virtualization 55 Dedicated Hardware 55 Hardware Compatibility 56 Paravirtualization 57 I/O Virtualization 58 Hardware Virtualization 58 Summary 60 Solutions Fast Track 61 Frequently Asked Questions 62 Chapter 3 Building a Sandbox 63 Introduction 64 Sandbox Background 64

Contents xiii The Visible Sandbox 65 cwsandbox.exe 68 cwmonitor.dll 69 Existing Sandbox Implementations 72 Describing CWSandbox 74 Creating a Live-DVD with VMware and CWSandbox 78 Setting Up Linux 78 Setting UpVMware Server vl.05 80 Setting Up a Virtual Machine invmware Server 80 Setting Up Windows XP Professional in the Virtual Machine 81 Setting Up CWSandbox v2.x in Windows XP Professional 82 Configuring Linux andvmware Server for Live-DVD Creation 83 Updating Your Live-DVD 85 Summary 86 Solutions Fast Track 86 Frequently Asked Questions 89 Notes 90 Bibliography 90 Chapter 4 Configuring the Virtual Machine 91 Introduction 92 Resource Management 92 Hard Drive and Network Configurations 92 Hard Drive Configuration 93 Growing Disk Sizes 93 Virtual Disk Types 93 Using Snapshots 94 Network Configuration 94 Creating an Interface 94 Bridged.* ч 95 Host-Only 96 Natted 97 Multiple Interfaces 98 Physical Hardware Access 99 Physical Disks 99 USB Devices 103 Interfacing with the Host 104 Cut and Paste 104 How to Install the VM ware Tools in a Virtual Machine 105 How to Install the Virtual Machine Additions in Virtual PC 112

xiv Contents Summary 113 Solutions Fast Track 113 Frequently Asked Questions 115 Chapter 5 Honeypotting 117 Introduction 118 Herding of Sheep 118 Honeynets 120 Gen I 120 Genii 121 Gen III 121 Where to Put It 121 Local Network 122 Distributed Network 122 Layer 2 Bridges 123 Honeymole 125 Multiple Remote Networks 126 Detecting the Attack 130 Intrusion Detection 130 Network Traffic Capture 131 Monitoring on the Box 132 How to Set Up a Realistic Environment 133 Nepenthes 134 Setting Up the Network 134 Keeping the Bad Stuff in 140 Summary 141 Solutions Fast Track 141 Frequently Asked Questions 143 Note 143 Chapter б Malware Analysis 145 Introduction 146 Setting the Stage 146 How Should Network Access Be Limited? 147 Don't Propagate It Yourself 147 The Researcher May Get Discovered 148 Create a "Victim" That Is as Close to Real as Possible 148 You Should Have a Variety of Content to Offer 148 Give It That Lived-in Look 149 Making the Local Network More Real 149 Testing on VMware Workstation 151 Microsoft Virtual PC 153

Contents xv Looking for Effects of Malware 154 What Is the Malware 's Purpose? 154 How Does It Propagate? 155 Does the Malware Phone Home for Updates? 155 Does the Malware Participate in a Bot-Net? 156 Does the Malware Send the Spoils Anywhere? 156 Does the Malware Behave Differently Depending on the Domain? 157 How Does the Malware Hide and How Can It Be Detected? 157 How Do You Recover from It? 158 Examining a Sample Analysis Report 159 The <Analysis> Section 159 Analysis Of82f78a89bde09a71ef99b3cedb991bcc.exe 160 Analysis ofarman.exe 162 Interpreting an Analysis Report 167 How Does the Bot Install? 168 Finding Out How New Hosts Are Infected 169 How Does the Bot Protect the Local Host and Itself? 171 Determing How/Which C&C Servers Are Contacted 174 How Does the Bot Get Binary Updates? 175 What Malicious Operations Are Performed? 176 Bot-Related Findings of Our Live Sandbox 181 Antivirtualization Techniques 183 Detecting You Are in avirtual Environment 184 Virtualization Utilities 184 VMware I/O Port 184 Emulated Hardware Detection 185 Hardware Identifiers 185 MAC Addresses 185 Hard Drives *. 186 PCI Identifiers Ч... 186 Detecting You Are in a Hypervisor Environment 187 Summary 188 Solutions Fast Track 188 Frequently Asked Questions 189 Chapter 7 Application Testing 191 Introduction 192 Getting Up to Speed Quickly 192 Default Platform 193 Copying a Machine in VMware Server 193 Registering a Machine in Microsoft Virtual Server 195

xvi Contents Known Good Starting Point 196 Downloading Preconfigured Appliances 197 VMware's Appliance Program 197 Microsoft's Test Drive Program 198 Debugging 199 Kernel Level Debugging 199 The Advantage of Open Source Virtualization 207 Summary 208 Solutions Fast Track 208 Frequently Asked Questions 209 Chapter 8 Fuzzing 211 Introduction 212 What Is Fuzzing? 212 Virtualization and Fuzzing 214 Choosing an Effective Starting Point 214 Using a Clean Slate 214 Reducing Startup Time 215 Setting Up the Debugging Tools 215 Preparing to Take Input 217 Preparing for External Interaction 218 Taking the Snapshot 218 Executing the Test 219 Scripting Snapshot Startup 219 Interacting with the Application 220 Selecting Test Data 221 Checking for Exceptions 222 Saving the Results 223 Running Concurrent Tests 223 Summary 225 Solutions Fast Track 225 Frequently Asked Questions 227 Chapter 9 Forensic Analysis 229 Introduction 230 Preparing Your Forensic Environment 231 Capturing the Machine 232 Preparing the Captured Machine to Boot on New Hardware 238 What Can Be Gained by Booting the Captured Machine? 239 Virtualization May Permit You to Observe Behavior That Is Only Visible While Live 242

Contents xvii Using the System to Demonstrate the Meaning of the Evidence 242 The System May Have Proprietary/Old Files That Require Special Software 242 Analyzing Time Bombs and Booby Traps 243 Easier to Get in the Mind-Set of the Suspect 243 Collecting Intelligence about Botnets or Virus-Infected Systems 244 Collecting Intelligence about a Case 244 Capturing Processes and Data in Memory 245 Performing Forensics of a Virtual Machine 245 Caution: VM-Aware Malware Ahead 247 Summary 249 Solutions Fast Track 249 Frequently Asked Questions 253 Chapter 10 Disaster Recovery 255 Introduction 256 Disaster Recovery in a Virtual Environment 256 Simplifying Backup and Recovery 257 File Level Backup and Restore 257 System-Level Backup and Restore 258 Shared Storage Backup and Restore 259 Allowing Greater Variation in Hardware Restoration 261 Different Number of Servers 262 Using Virtualization for Recovery of Physical Systems 262 Using Virtualization for Recovery of Virtual Systems 263 Recovering from Hardware Failures 265 Redistributing the Data Center 265 Summary 267 Solutions Fast Track 268 Frequently Asked Questions * ч... 269 Chapter 11 High Availability: Reset to Good 271 Introduction 272 Understanding High Availability 272 Providing High Availability for Planned Downtime 273 Providing High Availability for Unplanned Downtime 274 Reset to Good 275 Utilizing Vendor Tools to Reset to Good 275 Utilizing Scripting or Other Mechanisms to Reset to Good 277 Degrading over Time 277

xviii Contents Configuring High Availability 278 Configuring Shared Storage 278 Configuring the Network 278 Setting Up a Pool or Cluster of Servers 279 Maintaining High Availability 280 Monitoring for Overcommitment of Resources 280 Security Implications 281 Performing Maintenance on a High Availability System 282 Summary 284 Solutions Fast Track 285 Frequently Asked Questions 287 Chapter 12 Best of Both Worlds: Dual Booting 289 Introduction 290 How to Set Up Linux to Run Both Natively and Virtually 290 Creating a Partition for Linux on an Existing Drive 291 Setting Up Dual Hardware Profiles 295 Issues with Running Windows Both Natively andvirtualized 296 Precautions When Running an Operating System on Both Physical andvirtualized Platforms 296 Booting a Suspended Partition 296 Deleting the Suspended State 297 Changing Hardware Configurations Can Affect Your Software 297 Summary 299 Solutions Fast Track 299 Frequently Asked Questions 300 Chapter 13 Protection in Untrusted Environments 301 Introduction 302 Meaningful Uses of Virtualization in Untrusted Environments 302 Levels of Malware Analysis Paranoia 308 Using Virtual Machines to Segregate Data 316 Using Virtual Machines to Run Software You Don't Trust 318 Using Virtual Machines for Users You Don't Trust 321 Setting up the Client Machine 322 Installing Only What You Need 322 Restricting Hardware Access 322 Restricting Software Access 322 Scripting the Restore 323

Contents xix Summary 325 Solutions Fast Track 325 Frequently Asked Questions 327 Notes 328 Chapter 14 Training 329 Introduction 330 Setting Up Scanning Servers 330 Advantages of Using a Virtual Machine instead of a Live-CD Distribution 331 Persistence 331 Customization 331 Disadvantages of Using a Virtual Machine instead of a Live-CD 332 Default Platforms 332 Scanning Servers in a Virtual Environment 333 Setting Up Target Servers 334 Very "Open" Boxes for Demonstrating during Class 335 Suggested Vulnerabilities for Windows 335 Suggested Vulnerabilities for Linux 336 Suggested Vulnerabilities for Application Vulnerability Testing 336 Creating the Capture-the-Flag Scenario 339 Harder Targets 339 Snapshots Saved Us 340 Require Research to Accomplish the Task 341 Introduce Firewalls 341 Multiple Servers Requiring Chained Attacks 341 Adding Some Realism 342 Loose Points for Damaging the Environment 342 Demonstrate What the Attack Looks Like on IDS 343 Out Brief. * 343 Cleaning up Afterward 343 Saving Your Back 344 Summary 345 Solutions Fast Track 345 Frequently Asked Questions 347 Index 349

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information