Secure Administration of Virtualization - A Checklist ofVRATECH



Similar documents
Building on a Foundation for Growth: Integrating DLP with Message Security Infrastructure

SIEM and DLP Together: A More Intelligent Information Risk Management Strategy

Beyond the Hypervisor: Optimizing Virtualization Management

RSA envision. Platform. Real-time Actionable Security Information, Streamlined Incident Handling, Effective Security Measures. RSA Solution Brief

Securing the Journey to the Private Cloud. Dominique Dessy RSA, the Security Division of EMC

with Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief

PICO Compliance Audit - A Quick Guide to Virtualization

Network Access Control in Virtual Environments. Technical Note

Strategies to Mitigate Information Risk: Data Loss Prevention and Enterprise Rights Management

VDI Security for Better Protection and Performance

PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP

Enterprise Lifecycle Management in a Changing World: Best Practices for Resolving Emerging Challenges in Desktop and Server Management

How To Protect Your Virtual Infrastructure From Attack From A Cyber Threat

Payment Card Industry Data Security Standard

H Y T RUST: S OLUTION B RIEF. Solve the Nosy Neighbor Problem in Multi-Tenant Environments

HP Virtual Controller and Virtual Firewall for VMware vsphere 1-proc SW LTU

White paper. Four Best Practices for Secure Web Access

How To Protect Your Cloud From Attack

Extreme Networks Security Analytics G2 Vulnerability Manager

Effective Systems Management for Healthcare

Preparing an RFI for. This RFI has been updated to reflect the new requirements in Version 3.0 of the PCI DSS, which took effect January 2015.

Supporting Workforce Mobility: Best Practices in Enterprise Mobility Management

Devising a Server Protection Strategy with Trend Micro

Trend Micro VMware Solution Guide Summary for Payment Card Industry Data Security Standard

RSA Security Solutions for Virtualization

How to Achieve Operational Assurance in Your Private Cloud

Better Virtualization Outcomes with Citrix Essentials for XenServer and NetApp Storage

Securing Remote Access in the Federal Government: Addressing the Needs for Telework and Continuity of Operations. RSA Solution Brief

Netzwerkvirtualisierung? Aber mit Sicherheit!

TECHNOLOGY PARTNER CERTIFICATION BENEFITS AND PROCESS

The RSA Solution for. infrastructure security and compliance. A GRC foundation for VMware. Solution Brief

Avoiding the Top 5 Vulnerability Management Mistakes

Mitigating Information Security Risks of Virtualization Technologies

Effective End-to-End Cloud Security

Bringing Enterprise-class Network Performance and Security Management Together using NetFlow

RSA SecurID Two-factor Authentication

Keith Luck, CISSP, CCSK Security & Compliance Specialist, VMware, Inc. kluck@vmware.com

Sichere Virtualisierung mit VMware

Securing Privileges in the Cloud. A Clear View of Challenges, Solutions and Business Benefits

Securing Remote Vendor Access with Privileged Account Security

Extreme Networks Security Analytics G2 Risk Manager

Total Cloud Protection

CSA Virtualisation Working Group Best Practices for Mitigating Risks in Virtualized Environments

Devising a Server Protection Strategy with Trend Micro

Agentless Security for VMware Virtual Data Centers and Cloud

RSA Solution Brief. The RSA Solution for Cloud Security and Compliance

FIVE KEY CONSIDERATIONS FOR ENABLING PRIVACY IN HEALTH INFORMATION EXCHANGES

Making Data Security The Foundation Of Your Virtualization Infrastructure

IBM Security QRadar Risk Manager

How RSA has helped EMC to secure its Virtual Infrastructure

Trend Micro Deep Security

RSA Solutions for VMware and Vblock. Dominique Dessy Senior Technical Consultant

Security Solution Architecture for VDI

Help Desk Demands in the Mid-Market: Pragmatic Requirements and Solutions

Automating Cloud Security Control and Compliance Enforcement for PCI DSS 3.0

RSA Solution Brief RSA. Data Loss. Uncover your risk, establish control. RSA. Key Manager. RSA Solution Brief

Cisco Security Optimization Service

Infor CloudSuite. Defense-in-depth. Table of Contents. Technical Paper Plain talk about Infor CloudSuite security

White paper. Creating an Effective Security Operations Function

Compliance and Security Information Management for PCI DSS Requirement 10 and Beyond

EMC CONSULTING SECURITY STANDARDS AND COMPLIANCE SERVICES

Virtual Compliance In The VMware Automated Data Center

Tenable Webcast Summary Managing Vulnerabilities in Virtualized and Cloud-based Deployments

VMware Integrated Partner Solutions for Networking and Security

Privilege Gone Wild: The State of Privileged Account Management in 2015

IBM Security QRadar Vulnerability Manager

2010 State of Virtualization Security Survey

Endpoint Virtualization Explained:

DEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND LOG MANAGER

WHITE PAPER. The Protection and Operational Benefits of Agentless Security in Virtual Environments SPON. Published March 2012 SPONSORED BY

For more information on SQL injection, please refer to the Visa Data Security Alert, SQL Injection Attacks, available at

Drawbacks to Traditional Approaches When Securing Cloud Environments

Desktop Automation: Effective Desktop Operations & Management with Cloud Orchestration

Attaining HIPAA Compliance with Retina Vulnerability Assessment Technology

Preemptive security solutions for healthcare

Network Segmentation in Virtualized Environments B E S T P R A C T I C E S

Securing the Service Desk in the Cloud

Privilege Gone Wild: The State of Privileged Account Management in 2015

Total Protection for Compliance: Unified IT Policy Auditing

Security Virtual Infrastructure - Cloud

1 Introduction Product Description Strengths and Challenges Copyright... 5

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

How To Manage Security On A Networked Computer System

Optimizing Cloud for Service Delivery

EMA Radar for Private Cloud Platforms: Q1 2013

Security Compliance in a Virtual World

The Impact of HIPAA and HITECH

FISMA / NIST REVISION 3 COMPLIANCE

When Desktops Go Virtual

Cloud and Data Center Security

RSA Solution Brief. RSA SecurID Authentication in Action: Securing Privileged User Access. RSA Solution Brief

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

A Look at the New Converged Data Center

Real-Time Security for Active Directory

Consolidating IT Infrastructure Management: Unifying Data Center Hardware and Software Administration

Building Energy Security Framework

IBM Security QRadar Risk Manager

PCI Data Security Standards (DSS)

Virtualization Security Checklist

Transcription:

Securing the Administration of Virtualization An ENTERPRISE MANAGEMENT ASSOCIATES (EMA ) Market Research Report Prepared for RSA, The Security Division of EMC March 2010 IT MANAGEMENT RESEARCH,

Table of Contents Executive Summary...1 Secure Administration: Priority One for Virtualization Security...1 Managing Resource Consolidation...1 Controlling Risk Exposure...2 Point in Time Means Something Different...2 VM Images are Data, Too...2 The Impact of Administration...2 Meeting the Challenge...3 Start with Strategy...3 Plan: Architect Proper Configuration...3 Do: Administrative Security in Operations...4 Check: Monitoring Administrative Actions...5 Act: The Critical Importance of Response...6 Toward the Future...7 EMA Perspective...7 About RSA...8

Executive Summary Virtualization has been one of the most transformative information technologies to appear in many years. What many organizations still do not yet fully appreciate, however, is the transformative impact virtualization has on security as well. Virtualization enables the IT investment to yield maximum benefit with greater flexibility. It also introduces new risks, many without parallel in traditional IT. Unlike physical systems, multiple guest virtual machines (VMs) share a common host. VMs can be configured offline and deployed on demand, making for a far more dynamic environment. Virtualized functionality such as networking is abstracted from its physical topology. Securing these capabilities depends directly on administrative control. This, in turn, emphasizes the need for security in the administration of virtualization, and for processes and technologies to secure administration that are virtualization aware. Virtualization enables the IT investment to yield maximum benefit with greater flexibility. It also introduces new risks, many without parallel in traditional IT. In this report, Enterprise Management Associates (EMA) describes a systematic approach to securing the administration of virtualized systems, based on the ISO 27000-series Plan Do Check Act philosophy. While emerging aspects of endpoint virtualization are discussed, the primary focus is on the administration of virtualization in the data center, where the bulk of today s concerns may be found. Guidance on securing the administration of VMware one of the most prevalent names in virtualization and the use of the tools and technologies of EMC and its Security Division, RSA, are highlighted as primary examples. Readers should gain an enhanced awareness of the essential capabilities required for the secure administration of virtualization, with reference to technology-specific guidance such as VMware s Security Hardening publications offered for more detailed information. Secure Administration: Priority One for Virtualization Security Every generation of IT has its transformative technologies but few have had the impact of virtualization in the data center. The values it brings for resource consolidation, on-demand provisioning and offline maintenance enable IT to be far more flexible in meeting business demands. But these demands will not indeed, cannot be well met unless the risks that virtualization introduces can be understood and managed. Some of these risks have little or no parallel in the physical environment. Managing Resource Consolidation For example, virtualized guest systems sharing a common physical platform may have different levels of sensitivity in their operations, their network exposure, or in the information they handle. A guest VM exposed to a public network may run the risk of exposing sensitive data handled on another guest on the same host. In the past, such risky interactions were largely controlled through physical or logical isolation. Virtualization, however, makes it much easier to violate this isolation by consolidating functionality on

a shared host. Large retailers have failed an audit for compliance with the Payment Card Industry (PCI) Data Security Standard for just such failures. Controlling Risk Exposure Even simple changes in server configuration or network topology can expose vulnerabilities, such as an unpatched software defect or network access that can lead to system takeover. Virtualization, however, has the potential to greatly amplify this exposure, when a vulnerable VM configuration is replicated many times over in production. The ability to move and deploy virtual systems on demand may also increase risk. Organizations may assume they have a certain number of servers that must be managed, but on-demand virtualization may increase that number considerably if uncontrolled. This virtualization sprawl has several major implications: It increases the sheer volume of risk exposures (or attack surface ) if proper and consistent security measures are not applied across the whole virtual environment. It exposes the organization to software licensing violations. It potentially introduces regulatory compliance violations surrounding private data management, separation of systems and networks, adequate logging and asset and change control. Point in Time Means Something Different Unlike the physical environment, where change is immediate, changes to a VM are typically made offline, and do not take effect until the image is deployed in production. This could be some time after changes are defined in a master VM image or service configuration. If changes are made for security reasons, such latency could prolong risk exposure. Another point-in-time factor unique to virtualization is the ability to suspend a VM. Starting and stopping a service may be logged as a system-level event. Without visibility into virtualization infrastructure, however, VM suspension may go undetected by traditional monitoring methods. This increases the risk that suspended VMs may disrupt critical functionality, or go offline due to undetected security issues. VM Images are Data, Too A VM image is effectively a file or set of files which are stored as data. This data can be copied and later run in an uncontrolled environment, circumventing authorized protections. This increases the priority placed on control over access to storage systems that manage such data. The Impact of Administration Note the critical role played by administration and management in each of these examples. Administrative privilege enables the definition of VM images, the ability to retrieve VM images stored as data, control over their deployment, and management in production. This heightens the need to secure administrative privilege and actions. It also highlights the importance of controls that are virtualizationaware. Insight into virtual infrastructure is needed to detect such These factors heighten the need to secure administrative privilege and actions. They also highlight the importance of controls that are virtualization-aware

factors as VM consolidation, movement and suspension, and the control of VM images as data. Without this visibility, administrative actions that pose risk may go undetected. Without virtualizationspecific controls, they may go unmanaged as well. Meeting the Challenge Securing the administration of virtualization must therefore be a top priority for securing virtualization itself. Organizations may not yet be aware, however, of how best to secure virtualization management and administrative privilege. This calls for a comprehensive consideration of the factors involved, in order to develop an effective plan of action. Start with Strategy In other words, this means taking a strategic approach, in line with the requirements of the business. One such approach is reflected in the ISO 27000 family of security management standards, frequently referenced for guidance of IT security management. In essence, the ISO standards recommend a systematic approach, which describes a logical sequence that helps organizations define, implement and monitor their objectives, with high emphasis on action. This approach is often summarized as: Plan Do Check Act The ISO standards represent a body of guidance that can be applied in the general case. Technologyspecific guidance should be referenced to secure the actual implementation. Organizations such as the Computer Security Institute (CSI) offer such guidance, while vendors often provide their own. VMware, for example, offers Security Hardening guidelines for VMware virtualization technologies 1. These materials provide useful information for securing the administration of virtualized environments. Plan: Architect Proper Configuration Safeguarding administrative control is implicit in fundamental security principles that apply in both virtual and physical environments. Securing the administration of virtualization thus begins with securing the physical environment, and extending those principles to virtualization. Limit exposures that could lead to unauthorized high-privilege access. Install customary security tools such as anti-malware, firewall and host intrusion prevention systems. Disable unnecessary or superfluous functions. Reserve system resources for Service Management processes patch, change, asset and configuration management. Secure configurations should be built into hardened templates, for assuring that when new systems are deployed, they are configured properly. This includes the configuration of the physical host, the hypervisor, and each guest VM. Network segmentation takes on an added dimension in virtualized environments, since guest VMs each have their own connections to physical and logical network topologies outside the virtualized host, as well as within the host itself. 1 http://www.vmware.com/pdf/vi3_security_hardening_wp.pdf (as of March 2010) This means taking a strategic approach, in line with the requirements of the business.

In most cases, network communications between guest VMs should be isolated. Technologies such as VMware vshield Zones can limit inter-vm traffic and resulting risk exposures, extending long-established network segmentation principles to the virtual world. Connection to specific physical interfaces can further assure this protective isolation and mitigate software configuration risks. Configuration of virtualization management systems is particularly important, since they directly control functionality. VMware vcenter, for example, provides centralized administration of VMware environments, and must be carefully deployed accordingly. Limit administrative access to the host where vcenter is running. vcenter itself should run under a separate administrative account specifically provisioned for that purpose Management and production networks should be isolated from each other, to limit the risk of unauthorized access to administrative functionality. When administrative access is authorized, the principle of least privilege should apply. Administrative access should be linked to individual accountability as much as possible. Access to shared administrative accounts such as root should be limited, while tools such as su should be restricted. Role-based access control (RBAC) offers a way to segregate administrative functions into individual roles that can be invoked by authorized users when needed. In the case of VMware vcenter, its Custom Roles capability offers a built-in way to define and segregate administrative privileges by roles. Environment monitoring is essential particularly to monitoring administrative access and actions, both authorized and unauthorized. Organizations should plan to deploy event management tools having insight into virtualization risks. This includes monitoring access to VM image storage resources. Here too, RBAC-based role segregation should help to assure that those with administrative access privileges do not also have the capability to tamper with evidence of administrative actions. Do: Administrative Security in Operations Once virtualization is deployed, the principles of limited exposure and least privilege should be continued in operations management. Exposure to administrative access risks can be mitigated by using the most secure or finely grained management tools when available. In the VMware environment, the ESX service console may enable overly broad capability with limited control. Better control can be achieved by the use of more finely grained tools that leverage vcenter functionality, such as PowerCLI and toolkits that use the vsphere API. Because these tools leverage vcenter, they enforce centralized privilege control and monitoring. They also provide role-based administrative access through vcenter Custom Roles. Once virtualization is deployed, the principles of limited exposure and least privilege should be continued in operations management.

Strong authentication can further secure access to administrative privilege. Some compliance mandates such as the PCI Data Security Standard may specifically require two-factor authentication for remote administrative access. One of the most popular examples of two-factor authentication is the one-time password technology of RSA SecurID, long used to secure administrative access in many organizations worldwide. Check: Monitoring Administrative Actions Building monitoring capability in the planning phase is essential but it must be used effectively in operations. In the 2009 Verizon Business data breach investigations report 2, 66% of victims had sufficient evidence available in log data to discover a breach, had they been more diligent in log analysis. The sheer volume of monitoring information IT generates compounds the issue for many. This mass of data is difficult to manage, if not impossible, without tools for prioritizing alerts that identify significant risks. Security information and event management (SIEM) systems are a primary tool for meeting these challenges. In order to be most effective in monitoring the administration of virtualization, however, they must have comprehensive visibility: Events in any environment: Monitoring should cover events not specific to virtualization, but which have an impact on the security of virtualization management. For example: Events should be correlated with IT change. The monitoring of IT change is a fundamental principle of IT management that reinforces change control and improves IT reliability. In security, change detection may reveal threat activity. Events should be correlated with administrative access. This can help identify unauthorized administrative access or a security attack that exploits administrative privilege. It also benefits more reliable IT management, by helping to identify root causes of performance or availability problems due to administrative actions. Access to storage resources that house VM images should be monitored, to protect against unauthorized deployment or analysis of virtual systems. Virtualization-specific events: Monitoring tools must also have visibility into administrative activity unique to virtualization. This is particularly critical when events have few or no parallels with the physical environment: Administrative actions that result in changes to VM state should be monitored. Stopping and starting a service on a physical server may be detected by conventional tools, but virtualization-specific issues such as VM suspension may not. VMs may also be moved from one physical host to another, which may violate policy. Monitoring must have visibility into virtualization infrastructure in these cases. In most cases, making changes to the configuration of a VM require taking it offline and remounting it, which may not be as intuitive as rebooting a physical server. When changes are defined in master VM images, monitoring must assure that they have been put into production in a timely way. This may be critical when patching actively exploited security vulnerabilities. 2 W. H. Baker et al, 2009 Data Breach Investigations Report, Verizon Business, April 2009. Monitoring tools must also have visibility into administrative activity unique to virtualization. This is particularly critical when events have few or no parallels with the physical environment.

Unauthorized attempts to copy or clone VMs should be detected, to assure that sensitive information or systems are not exposed outside the authorized, controlled environment. Virtualization sprawl should be monitored and contained, to assure that virtualization is managed appropriately, regulated environments are under proper control, and to reduce risk exposure from enlarging the attack surface. SIEM platforms such as RSA envision provide visibility into comprehensive activity throughout both physical and virtualized environments. The EMC and VMware families of configuration and change management tools such as VMware vcenter Server Configuration Manager provide virtualizationaware configuration and change insight which can be correlated with event monitoring. These are examples of technologies having the visibility into virtualization infrastructure necessary to assure that virtualization-specific issues are not overlooked. Act: The Critical Importance of Response It is one thing to monitor; it is another to act, as data breach investigations suggest. Even when event management systems correlate and identify high-priority issues, actions must be taken not only to enable response, but to prevent recurrence and better secure virtualization management going forward. It is one thing to monitor; it is another to act, as data breach investigations suggest. Here also, general principles exist that can be applied to any environment, as well as those that are specific to virtualization: Evaluate the completeness of response. When security vulnerabilities become known, the exposure must be found and confirmed in other environments. Configuration management systems can not only verify its presence when it appears, but can also directly remediate exposures through configuration change. Take a proactive approach. Beyond monitoring, checking must also include the regular evaluation of program effectiveness. This helps assure that virtualization is managed responsibly as technologies, use cases and business requirements change. Change events that consistently require exceptions to accepted management processes, for example, may call for a re-evaluation of those processes. Expand virtualization awareness. Recognize that virtualization can have a dramatic impact on existing management disciplines such as configuration management. The virtual environment is far more dynamic than the legacy world. VMs can move with a great deal of freedom among physical hosts. Changes can be made offline, which reduces the impact of change on production environments, but operations teams must assure that these changes are put into production as expected. Organizations will want to assure that their administrative tools have adequate visibility into virtualization infrastructure, to avoid being blindsided by these virtualization-specific issues. Link the virtual infrastructure to IT Service Management. Monitoring systems can create a service desk ticket in response to specific events. This helps the tracking of incidents to a satisfactory conclusion, which may include forensic analysis or other follow-up if required. Conversely, a service desk ticket can be used to authorize a specific change event, whose outcome satisfactory or otherwise is reflected in monitoring systems.

Toward the Future Finally, response must also include keeping a forward-looking eye on the pace of technology in this case, on the ongoing evolution of virtualization, its management, and its risks. Emerging technologies such as Virtual Desktop Infrastructure (VDI) emphasize the need for virtualization aware security management tools. RSA envision, for example, integrates with VMware View to provide information such as when a user has logged on or off, when systems have been disconnected, when peripherals such as USB devices have been plugged in, and so on. This not only rivals but exceeds the extent of capability available in many non-virtualized environments just one example of the many ways in which endpoint virtualization may have a positive impact on endpoint security management. Other innovations likely to have a positive impact on the security of virtualization and the management of administrative risks in virtual environments include the continued adoption of VMware s VMsafe technologies for enhancing visibility and control over virtualization security. EMA Perspective In order to capitalize on virtualization s promise, organizations must confidently manage its risks and nowhere is this more important than in safeguarding the administration of virtualization. With its strategic relationship with VMware, a market leader in virtualization technology, and backed by the capabilities of its RSA Security Division, EMC stands out among vendors serving the requirements of responsible virtualization management. With its strategic relationship with VMware, a market leader in virtualization technology, and backed by the capabilities of its RSA Security Division, EMC stands out among vendors serving the requirements of responsible virtualization management. Its unique ties to VMware give it equally unique insight into one of the most successful virtualization portfolios in the industry, including VMware s virtualization-aware management platforms. The RSA family of SIEM resources and strong authentication provide vital capabilities for visibility into high-privilege actions and strong controls on administrative access, while the EMC and VMware management portfolios together provide essential configuration management and other disciplines necessary to secure the control of virtualization including management of the entire lifecycle of secure storage for VM images to protect administrative capabilities saved in VM configuration. The alignment of these capabilities gives EMC, RSA and VMware a distinctive understanding of virtual relationships between hosts and guests, in virtualized systems, networks, databases and applications. Just as important is the fostering of common integration and collaboration objectives among these vendor groups that mutually support each other, which help identify factors such as specific points of integration that help accelerate adoption and deployment of security measures, which can help reduce total security costs for virtualization management. These factors combine to recommend the EMC and VMware families as a preferred provider of solutions for assuring secure and responsible management of virtualization, and its expansive promise.

About RSA RSA, The Security Division of EMC, is a premier provider of security solutions for business acceleration, helping the world s leading organizations succeed by solving their most complex and sensitive security challenges. RSA s information-centric approach to security guards the integrity and confidentiality of information throughout its lifecycle - no matter where it moves, who accesses it or how it is used. RSA offers industry-leading solutions in identity assurance & access control, data loss prevention, encryption & key management, compliance & security information management and fraud protection. These solutions bring trust to millions of user identities, the transactions that they perform, and the data that is generated. For more information, please visit www.rsa.com and www.emc.com.

About Enterprise Management Associates, Inc. Founded in 1996, Enterprise Management Associates (EMA) is a leading industry analyst firm that specializes in going beyond the surface to provide deep insight across the full spectrum of IT management technologies. EMA analysts leverage a unique combination of practical experience, insight into industry best practices, and in-depth knowledge of current and planned vendor solutions to help its clients achieve their goals. Learn more about EMA research, analysis, and consulting services for enterprise IT professionals and IT vendors at www.enterprisemanagement.com or follow EMA on Twitter. This report in whole or in part may not be duplicated, reproduced, stored in a retrieval system or retransmitted without prior written permission of Enterprise Management Associates, Inc. All opinions and estimates herein constitute our judgement as of this date and are subject to change without notice. Product names mentioned herein may be trademarks and/or registered trademarks of their respective companies. EMA and Enterprise Management Associates are trademarks of Enterprise Management Associates, Inc. in the United States and other countries. EMA, ENTERPRISE MANAGEMENT ASSOCIATES, and the mobius symbol are registered trademarks or common-law trademarks of Enterprise Management Associates, Inc. Corporate Headquarters: 5777 Central Avenue, Suite 105 Boulder, CO 80301 Phone: +1 303.543.9500 Fax: +1 303.543.7687 www.enterprisemanagement.com 2042.031010

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information