How Does Virtualization Change Your Approach to Enterprise Security and Compliance?



Similar documents
STREAM FRBC

Course: Information Security Management in e-governance. Day 1. Session 5: Securing Data and Operating systems

WHITE PAPER. Addressing Monitoring, Access, and Control Challenges in a Virtualized Environment

VMware Security Briefing. Rob Randell, CISSP Senior Security Specialist SE

VMWARE Introduction ESX Server Architecture and the design of Virtual Machines

Mitigating Information Security Risks of Virtualization Technologies

Before we can talk about virtualization security, we need to delineate the differences between the

Learn the essentials of virtualization security

Configuring Virtual Switches for Use with PVS. February 7, 2014 (Revision 1)

Learn the Essentials of Virtualization Security

5 Best Practices to Protect Your Virtual Environment

Tenable Webcast Summary Managing Vulnerabilities in Virtualized and Cloud-based Deployments

Managed Hosting is a managed service provided by MN.IT. It is structured to help customers meet:

Netzwerkvirtualisierung? Aber mit Sicherheit!

BEST PRACTICES. DMZ Virtualization with VMware Infrastructure

MobiKEY TM with TruOFFICE

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013

What is Virtualization and How Do I Audit It? Rick Schnierer and Chris Tennant

VMware vsphere 5.1 Advanced Administration

Security. Environments. Dave Shackleford. John Wiley &. Sons, Inc. s j}! '**»* t i j. l:i. in: i««;

PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP

Virtualization Security and Best Practices. Rob Randell, CISSP Senior Security Specialist SE

Control your corner of the cloud.

Balancing CPU, Storage

Virtualization Technologies. Embrace the new world of healthcare

DMZ Virtualization Using VMware vsphere 4 and the Cisco Nexus 1000V Virtual Switch

Meeting the Challenges of Virtualization Security

Virtual Cascade Shark

Catbird 6.0: Private Cloud Security

Presentation for ISACA Chapter NL. Auditing Virtual Servers. VMware: Security and Operations. Gert-Jan Timmer 3. September, 2012

How To Protect Virtualized Data From Security Threats

Virtualization System Security

MobiKEY. Virtual Desktop Infrastructure (VDI) Integration. September 2012

Securely Architecting the Internal Cloud. Rob Randell, CISSP Senior Security and Compliance Specialist VMware, Inc.

Secure Clouds - Secure Services Trend Micro best-in-class solutions enable data center to deliver trusted and secure infrastructures and services

Don t skip these expert tips for making your firewall airtight, bulletproof and fail-safe. 10 Tips to Make Sure Your Firewall is Really Secure

PICO Compliance Audit - A Quick Guide to Virtualization

Preparing an RFI for. This RFI has been updated to reflect the new requirements in Version 3.0 of the PCI DSS, which took effect January 2015.

VMWARE VSPHERE 5.0 WITH ESXI AND VCENTER

HP Virtual Controller and Virtual Firewall for VMware vsphere 1-proc SW LTU

VMware vcloud Air Security TECHNICAL WHITE PAPER

CHAPTER 3 : INCIDENT RESPONSE FIVE KEY RECOMMENDATIONS GLOBAL THREAT INTELLIGENCE REPORT 2015 :: COPYRIGHT 2015 NTT INNOVATION INSTITUTE 1 LLC

Boost your VDI Confidence with Monitoring and Load Testing

WHITE PAPER. Net Optics Phantom Virtual Tap Delivers Best-Practice Network Monitoring For Virtualized Server Environs

VMware vsphere 5.0 Boot Camp

Automating Cloud Security Control and Compliance Enforcement for PCI DSS 3.0

Cedric Rajendran VMware, Inc. Security Hardening vsphere 5.5

Install Guide for JunosV Wireless LAN Controller

Altor Virtual Network Security Analyzer v1.0 Installation Guide

How To Protect Your Cloud From Attack

Sygate Secure Enterprise and Alcatel

Data Center Connector for vsphere 3.0.0

Shavlik NetChk Protect 7.1

VMware vsphere Design. 2nd Edition

JOB ORIENTED VMWARE TRAINING INSTITUTE IN CHENNAI

VirtualclientTechnology 2011 July

Hypervisor Software and Virtual Machines. Professor Howard Burpee SMCC Computer Technology Dept.

Management of VMware ESXi. on HP ProLiant Servers

Virtualization for Cloud Computing

VMware ESXi 3.5 update 2

Secure Cloud-Ready Data Centers Juniper Networks

JUNIPER NETWORKS FIREFLY HOST ANTIVIRUS ARCHITECTURE

PC Blade Virtualization Configuration Guide

The Virtualization Practice

Virtualization Journey Stages

Virtualization Security Checklist

Avoiding the Top 5 Vulnerability Management Mistakes

HRG Assessment: Stratus everrun Enterprise

EMC Integrated Infrastructure for VMware

Configuring Personal Firewalls and Understanding IDS. Securing Networks Chapter 3 Part 2 of 4 CA M S Mehta, FCA

Technology Blueprint. Secure Your Virtual Desktop Infrastructure. Optimize your virtual desktop infrastructure for performance and protection

Grant Aitken. Area Vice-President VMware Canada (B) (M)

Network Segmentation in Virtualized Environments B E S T P R A C T I C E S

Global Headquarters: 5 Speen Street Framingham, MA USA P F

Network Access Control in Virtual Environments. Technical Note

Introduction. Setup of Exchange in a VM. VMware Infrastructure

Security and Cloud Compunting - Security impacts, best practices and solutions -

McAfee Server Security

Ease Server Support With Pre-Configured Virtualization Systems

Virtualization Impact on Compliance and Audit

Server Virtualization A Game-Changer For SMB Customers

HOW TO PROTECT YOUR VIRTUAL DESKTOPS AND SERVERS? Security for Virtual and Cloud Environments

Firewalls. Securing Networks. Chapter 3 Part 1 of 4 CA M S Mehta, FCA

IT INFRASTRUCTURE MANAGEMENT SERVICE ADDING POWER TO YOUR NETWORKS

Description of Actual State Sensor Types for the Software Asset Management (SWAM) Capability. 7 Jul 2014

Virtualization. Michael Tsai 2015/06/08

Hyper-V R2: What's New?

CA Virtual Assurance/ Systems Performance for IM r12 DACHSUG 2011

VMware: Advanced Security

Addressing the Most Common Security Risks in Data Center Virtualization Projects

EMC E Exam Name: Virtualized Data Center and Cloud Infrastructure Design Specialist

Top 10 Reasons to Virtualize VMware Zimbra Collaboration Server with VMware vsphere. white PAPER

Transcription:

HowDoesVirtualizationChangeYour ApproachtoEnterpriseSecurityand Compliance? SevenStepstoaVirtual awaresecuritystrategy. MichaelBaum Co founder ChiefCorporate&Business DevelopmentOfficer ScottShepard CISSP,CISM PrincipalConsultant Splunk Inc. 250 Brannan Street San Francisco, CA 94107 www.splunk.com GlassHouse Technologies, Inc. 200 Crossing Boulevard Framingham, MA 01720 www.glasshouse.com Copyright 2009 Splunk Inc. and GlassHouse Technologies, Inc.. All rights reserved.

SevenStepstoaVirtual awaresecuritystrategy Virtualization is a disruptive new technology that can greatly improve IT operational effectiveness while reducing overall costs, making it a critical initiative for IT Directors charged to do more with less. VirtualizationhasthepotentialtotransformeverylayeroftheenterpriseITstack,bringingconsolidationand increasedutilizationofphysicalassets,versioncontrolofentireoperatingsystemsandapplications,and instant virtualization as one of the fastest growingemerging technologies. Estimatesare thatthe server virtualizationsoftwaremarketwillgrowatacompoundannualrateof28%from2008through2013(from $1.8billionto$6.2billion). However,asvirtualizationadoptioncontinuestoincrease,ithasopenedaheateddebateinthemarketover the security and compliance of virtual environments. On one side, many virtualization product vendors arguethatimplementingvirtualizationincreasessecuritybyisolatingfunctionsintotheirownenvironments. However,manysecurityproductvendorscounterthatvirtualizationintroducesnewrisksincludingnovel pointsofattack,theabilityforvirtualresourcestoeasilyevadepolicyandthevolatilityofcriticalsecurityand compliancedata.whoisright?therearecoretruthsinbotharguments.aswithanynewtechnology,in ordertoachieveasecureimplementation,itisnecessarytoaugmentexistingpolicesandpracticeswithan understandingofhowvirtualizationworks. Ratherthandwellonthedebate,thefocusshouldbeonenablinga virtual aware securityandcompliance strategy adaptingbestpracticestotheuniquecharacteristicsofavirtualenvironment.enablingavirtualaware security and compliance strategy requires accounting for not only the technology aspects of the implementation,butalsothepeople,processandpolicycomponents.thiswhitepaperoutlinessevensteps toestablishingavirtual awaresecurityandcompliancestrategy.althoughvmwareiscitedforillustrating and explaining concepts within this document, the recommendations are applicable to any virtual environmentregardlessofthevendororproductsused. 1.AlignYourSecurityStrategywithYourBusinessRiskTolerance Astheuseofvirtualizationhasgrown,therehasbeenawaveofproductsandsolutions,includingvendors, Altor, Catbird, and Reflex, introduced in the market to address different aspects of security in virtual environments.but,indiscriminatelyimplementingsecuritytechnologiescanleavegapsinprotectionand impacttheperformanceofyourvirtualizedenvironments.inordertomakebusinessappropriatedecisions onsecuritymeasuresandsolutionstoimplement,youmuststartbyidentifyingyourbusinessrisktolerance. Thisisdefinedasthebalancebetweenthesecuritymeasuresimplementedandtheamountofriskyouare willing to take in conducting business. Security measures should always be implemented within the frameworkofadefinedsecuritystrategyandthatstrategymustalignwithkeybusinessdriversandthe businessriskappetite. Thefirststepinidentifyingrisktoleranceandbuildingyoursecuritystrategyistounderstandandidentify your business drivers for a specific virtualization environment and the organization as a whole. When consideringvirtualization,businessdriversmayincludereducingitinfrastructurecosts,improvingservice failovercapabilitiesoragreaterreturnon,andutilizationof,theinvestmentyouhavealreadymadeinit assets.thisshouldbefollowedwithasecurityriskassessmentinordertogainanunderstandingofyour current or baseline risk profile. This will provide the inputs for defining an initial security policy that is designedtoprotectcriticalassetswhileachievingtheidentifiedbusinessdrivers.keepinmindthatthe policymustmeetapplicablelawsandcompliancemandatesrelevanttoyourindustryandorganizationas HowDoesVirtualizationChangeYourApproachtoEnterpriseSecurityandCompliance? Copyright2009SplunkInc.andGlassHouseTechnologies,Inc.AllRightsReserved. Page2

wellasremediatethecriticalvulnerabilitiesidentifiedduringtheriskassessmentprocess.understandingthe business drivers and risk tolerance for specific virtualization initiatives will help you balance the security measuresrequiredtomeetbothyourbusinessandsecurityobjectives.considerthecasewhereyourmedia studioisusingvirtualizationinacloudserviceproviderenvironmenttoapplyextracomputeresourcesand speedupprojects.inthisexample,yourrisktolerancemaybefairlyhighandthesecuritymeasuresyou applyataminimum.contrastthiswithyourcrmsystemthatmanagescriticalsales,marketing,support andcustomeraccountinformation.yourrisktoleranceforthisapplicationislikelyverylowandthesecurity measuresappliedwillbesignificant. Figure1:VirtualEnvironmentRiskTolerance The next step is to identify the control points and technologies that can be applied to address the appropriate security measures. Control points identify where to place security monitoring and control technologiestoimplementthegivensecuritymeasuresandpolicies.controlpointsaretypicallyplacedon the user, network, system, application, or the data. Some control points, for example, network control points, may change drastically when moving from a physical to virtual environment. In a physical environment monitoring messages, logs, configurations and packets can be accomplished in a fairly straightforwardmannerusinganynumberoftools.inavirtualenvironment,virtualmachines(vms)have theabilitytoabstractthenetworkthroughvirtualswitchesandsomeofthetraditionalnetworkcontrol points may have moved inside the hypervisor itself. For example, since inter VM communication stays withinthehypervisor,theinformationmaynotbeabletobeeasilycollectedandmonitoredwithtraditional physicalnetworksecuritycontrolpointslikefirewalls,logmanagersorintrusiondetectionsystems(ids). Yourvirtualsecurityandcompliancestrategywillneedtoaccountforanychangesincontrolpointsand ensurethatyoursecuritysolutionisappropriateandeffectivewithinavirtualizedenvironment.traditional security products don t typically provide the same level of security when virtualized as they did in the physical environment due to physical limitations. For example, physical IDS and firewalls are not always capableofhandlingthejumboframes(largerpacketsizes)thatareusedtotransferdatawithinavirtual switch and physical monitoring and log management solutions may not be capable of collecting the necessaryinformationfromthehypervisoritself,forexample. HowDoesVirtualizationChangeYourApproachtoEnterpriseSecurityandCompliance? Copyright2009SplunkInc.andGlassHouseTechnologies,Inc.AllRightsReserved. Page3

Figure2:ChangingControlPoints Finally,afterthesecuritymeasuresandassociatedcontrolpointsintheformofprocessesandtechnologies havebeenimplemented,thelaststepistoperformariskandvulnerabilityassessmentinordertoverifythat thesecuritypolicyandbusinessobjectiveshavebeenmet.inordertoremaineffective,thesecuritystrategy needs regular validation by conducting periodicsecurity assessments against the implemented security measures,thecurrentsecuritypolicyandthebusinessdrivers.expectthesecuritystrategytochangeover time.theoutputoftheriskassessmentisusedtotuneandadjustthesecuritymeasuresasnecessary.the endresultwillbeasecurevirtualenvironmentandstrategythatisinlinewiththebusinessrisktolerancefor eachenvironmentandtheorganizationasawhole. 2.SecureVirtualMachinesLikePhysicalMachines ThereisacommonmisconceptionthatVMsdonotrequirethesameprotectivemeasuresasphysicalones. ThemisconceptionstemsfromtheabstractionandhidingoftheVMonavirtualnetworkbehindorinside physicalhardwarethoughnetworkaddresstranslation(nat).thismaygivetheimpressionthatsincethe VMisnotaphysicalentity,itcannotbeseenbytheoutsideworld.However,theVMhasitsownIPaddress andmustprovideaserviceporttoacceptcommunicationfromtheoutsideworldleavingitopentothe same vulnerabilities and threats as a separate physical machine. There is no additional security that is inheritedjustbydeployingvirtualization.therefore,vmsneedtheallofthesamecontrolsandprotective measures, including but not limited to: software patches, antivirus, change management, and intrusion prevention. AnadditionalmisconceptionisthattheVMsaresomehowhiddenbehindthehostoperatingsystemor hypervisor.mostvmswillneedtobeexposedinordertoprovideclientswithaccesstotheapplicationsand services on the VM. Even if the VMs are hidden behind Network Address Translation(NAT), and not directlyreachable,theyarealmostcertainlyofferingaservice,suchasemail,web,oradatabase,thatis forwarded to them through that protective layer. Those services can still be attacked through the hypervisor.applicationattacks,particularlytowebapplications,areanincreasinglycommonattackvector. Simplyput,theVMsmustcomplywithandmaintainthesamelevelofsecurityasthephysicalsystemonthe networkandavirtualizedapplicationisasvulnerabletoexploitasanon virtualone. HowDoesVirtualizationChangeYourApproachtoEnterpriseSecurityandCompliance? Copyright2009SplunkInc.andGlassHouseTechnologies,Inc.AllRightsReserved. Page4

Figure3:VirtualResourcesBehaveLikePhysicalResourcesontheNetwork NotonlydoestheVMneedtobesecured,butalsosodoesthehostoperatingsystemorvirtualizationlayer (inmanycasesthehypervisorreplacesthehostoperatingsystemwithabaremetalvirtualizationos).itis best to use a hardened, thin host operating system or hypervisor, similar to VMware ESXi. These thin operatingsystemsalreadyhavemostoftheirunnecessaryservicesandapplicationsdisabledandremoved to reduce the chance of a vulnerability exposure. When implementing a thin host operating system considerwhatservicescouldbere enabledthroughunsupportedfeatures.forexample,anadministrator with console access to an ESXi server can enable remote SSH connections, or other services, simply by accessingarootlevelcommandpromptandthenenablingthefeaturesinthenetworkconfigurationfile. Makesuretoperformasecurityassessmentofthehostoperatingsystem,usingappropriatetoolsthatare designedforvirtualenvironments,toensurethattheenabledsystemservicesmeetthesecuritypolicy. Figure4:SecuringHostOS/VirtualizationOS HowDoesVirtualizationChangeYourApproachtoEnterpriseSecurityandCompliance? Copyright2009SplunkInc.andGlassHouseTechnologies,Inc.AllRightsReserved. Page5

3.VirtualMachineIsolation Whendiscussingvirtualization,mostsecurityprofessionalsfirstidentifysecurityconcernsoverhowtheVMs areisolatedfromeachotherandfromthehostoperatingsystem.initialvendorsecuritystrategiesfocused onwaystoisolatethevirtualizedoperatingsystemssothatacompromisedvmcouldnotgainaccesstothe other guest systems in the virtual environment. Additionally, VMware and other vendors go into great detaildiscussinghowtoisolatethemanagementinterfaces. However, in February of 2008, VMware introduced VMsafe, which allows access to the same internal applications VMware uses to manage the virtual infrastructure. With this capability, a special VM with promiscuous modeforwardingenabledcanmonitorthetrafficofallvmsonthevirtualswitch.besides network,thespecialvmcanbeconfiguredtomonitorothervirtualizedcomponents(i.e.process,memory, ordisk).vmsafewasintroducedtoimproveperformanceofsimilaractivitiesinallvms.forexample,why run anti virus in each VM, when a single VM can run anti virus and perform file scanning for all VMs? However,thiscapabilityviolatesthefundamentalphilosophyofvirtualmachineisolation. Figure5:ViolatingVMIsolation Atthispoint,moveforwardcautiouslywithVMsafeorsimilarsolutionsuntilthistechnologymatures.VM isolationshouldberetainedandeachvmshouldmaintainsecuritywithinthevirtualenvironmentandnot relyonvmsafe.virtualsecuritypolicyshouldrequirethatallvmtrafficcrossinganetworkboundaryroute outside of the virtual environment pass through physical networking security measures in the form of firewalls,intrusiondetectionsensors,datalossprevention,andothernetworkprotectiveandmonitoring technologies. Once the technology matures, VMsafe will likely prove quite beneficial in improving the securityofallvmsintheenvironment. 4.LimitandMonitorAdministrativeAccess Theintroductionofthehypervisorrequiresadditionalmanagementsoftware.Thisraisessecurityconcerns becausethemanagementsoftwaregrantsadministrativeaccesstomultiplevms.toaddressthisissue, establishrole basedaccesscontrolsfortheindividualvmsthroughthevcentertomirrorthephysicalaccess controls that had been established before virtualization. Additionally, establish network based firewall controlstolimitnetworkaccesstoadministrativeinterfaces.severelyrestrictthenumberofadministrators thathaveconsole/rootlevelaccesstothehostoperatingsystem.thisaccess,aswellasalladministrative HowDoesVirtualizationChangeYourApproachtoEnterpriseSecurityandCompliance? Copyright2009SplunkInc.andGlassHouseTechnologies,Inc.AllRightsReserved. Page6

activities,mustbeloggedtoacentralizedlogmanagementserver(seesectiononsecuritymonitoring).in additiontoaccesscontrols,utilizeencryptionandmonitoringsoftware(sshandsudo,respectively)toavoid thesniffingofadministratorcredentialsandtomonitorforabuseofadministratorprivileges. Figure6:LimitingAdministrativeAccess Inadditiontoprotectionofthemanagementsoftware,protectingthevirtualfilesthatmakeuptheVMis critical.utilizebestpracticestoencryptthemwhennotinuse,andlimitadministrativeaccesstothesefiles. WhenVMotionorsimilartechnologyisusedtotransferthesefilesbetweenvirtualenvironments,employ encryptedchannelsoroutofbandadministrativechannels. 5.ProtectVirtualMachineResources Virtualization offers the flexibility to leverage under utilized computing power within the virtual environment.whathappenswhenmultiplevmsinthevirtualizedenvironmentcomeunderadenial ofserviceattack?inatraditional,physicallyseparatedenvironment,thesystems,whicharenotunderattack, arenotaffected.however,inavirtualenvironmenttheunderlyingphysicalinfrastructureandallvmsmay beaffected.forexample,ina4ghzphysicalinfrastructure,iffourvmswereeachallocated2ghzofvirtual processingpower,adenialofserviceattackontwovmswouldadverselyimpacttheperformanceofthe remainingtwovmseventhoughtheyarenotunderadenialofserviceattack. Expandingthisexample,assumetherearefourVMsspreadacrossmultiplenetworkboundariesinaDMZ ( demilitarizedzone thebufferzonethatseparatestheinternetandyourprivatelan).twoofthevms makeupawebclusterthatisaccessiblefromtheinternet.theothertwovmsareontheinternalnetwork andarenotdirectlyaccessiblefromtheinternet.usingtheexampleconfiguration,whereeachofthefour VMsareallocated2GHz,adenialofserviceattackontheWebclusterwillhaveaperformanceimpactonthe twointernalnetworkvms.theendresultisthattheserviceavailabilityofallfourvmswouldbedegraded. HowDoesVirtualizationChangeYourApproachtoEnterpriseSecurityandCompliance? Copyright2009SplunkInc.andGlassHouseTechnologies,Inc.AllRightsReserved. Page7

Figure7:PhysicalHostPartitioning Figure8:ResourceLoadBalancing To maintain the desired level of service availability across all VMs, resource (processor and memory) allocation should be managed based on the desired service levels for the VMs, and not solely on the business driver in reduction of physical servers. Establishing reservations, shares, and limits, will ensure stabilityandavailabilityofcriticalvmsifmultiplevmscomeunderdenialofserviceattack.additionally, thesesettingsshouldbemonitoredandadjustedovertimeasthevirtualenvironmentevolves.thiscanbe donemanuallyorthroughvmwaredrs(distributedresourcescheduler),whichallocatesandbalances computingcapacityforvirtualenvironmentsonmultipleesxhosts. 6.EnforceVirtualMachineConfigurationandPatchManagementPolicies Inaphysicalenvironment,configurationandpatchmanagementaremandatoryformaintainingasecure environment.thissameprincipleappliesequallytothevirtualenvironment.allvirtualsystemsshouldfall underthesameconfigurationandpatchmanagementprocess.withvirtualization,however,thereisone notabledifference.howdoyouaddressconfigurationandpatchmanagementforoff linevms?utilizing serverendpointprotectiontoensureanyoff linevmsarebroughtintosecuritycompliancebeforetheygo online can solve this. Additionally, all VMs used for disaster recoveryplanning must be brought online periodicallytoensurethattheyarecompliantwithcurrentsecuritypolicy,andensureimmediateactivation duringanemergency. HowDoesVirtualizationChangeYourApproachtoEnterpriseSecurityandCompliance? Copyright2009SplunkInc.andGlassHouseTechnologies,Inc.AllRightsReserved. Page8

Figure9:EnforcingConfigurationPolicies Withavirtualenvironment,configurationandpatchmanagementofthehostoperatingsystemisamust. Vulnerabilitiesandpoorconfigurations,ifexploited,canimpacttheentirevirtualizedinfrastructure.Insome cases additional processes need to be created to handle bare metal host operating systems that are hardenedandstripped down.sincethesearereducedoperatingsystems,patchingandconfigurationtools may not be capable of applying the same patches to the host operating system. A customized patch management and configuration process must be established for patching the host OS. Ideally, the customizedprocessshouldleveragevirtualization shighavailabilitycapabilitiesthatmovecriticalvmsfrom onevirtualenvironmenttoanotherwhiletheunderlyinghostoperatingsystemispatched.lesscriticalvms cangoofflinewhilethehostosisbeingpatched.inbothcases,ensurethecustomizedprocessincludes notificationstoallusers,administrators,andownersofthesevms. 7.SecurityMonitoring Today sitcomputingenvironmentiscomplex,withbusinessrequirementsdrivinganinfrastructurethatis madeupofawidevarietyofapplications,systems,devicesandtechnologies.thethreatsandvulnerabilities inherentwithintoday senvironmentsmakemaintenanceandsecurityaconstantconcern.asimplechange to a single component can have a rippling effect on many other applications and systems across the enterprise. Industry best practices dictate the need for monitoring and reporting on the securityand compliancestateofyourenvironment. Addinganewtechnology,suchasvirtualization,toanalreadycomplexenvironmentmagnifiesthesecurity issues.deployingvirtualizationrequiresadditionalsecuritymonitoringoftheadministrationactivities,the virtualizationmanagementinterface,andaccesstothevirtualmachinelogs,messagesandevents.muchof this data will also need to be retained for security investigations and compliance reporting. Effective monitoringandreportingacrossavirtualenvironmentcanbetrickyasvirtualresourcesandtheirassociated securityandcompliancedatamigratebetweenphysicalsystemsandpotentiallydisappearalltogether. HowDoesVirtualizationChangeYourApproachtoEnterpriseSecurityandCompliance? Copyright2009SplunkInc.andGlassHouseTechnologies,Inc.AllRightsReserved. Page9

Figure10:VirtualizationSecurityMonitoringandReporting Security monitoring and reporting can be achieved by first performing an inventory of the security and compliancedatayourphysicalandvirtualresourcesgenerateincludingthelocation(memory,filesystem, network port) and the best way to access the data. Often accessing the logs and messages from a virtualizedenvironmentcanbetricky,asmanyvirtualizationvendorshaven tdesignedveryrobust,scalable APIsordataforwardingmechanisms.Capturingdatainnearrealtimeisimportantgiventhemigrationand volatilityofvirtualresourcesanddata.onceidentifiedthedatasourcesandcollectionmechanism,you ll needtodeployasecurityeventmanagementandreportingsolutiontocorrelateallthedifferenttypesof events and technologies in your virtual stack (applications, operating system, network, storage, access control). Best practice is not to deploy security monitoring and reporting solutions as part of the virtualized environment,asadministratorshavetheabilitytoremovetracesoftheirownactivity.onceyourdatais consolidated, the logs, events and message can be correlated to provide actionable alerts, enable comprehensivesecurityinvestigations,speedtroubleshootingofcomplexproblemsandarchivedtomeet complianceretentionandreportingrequirements. GettingAheadoftheGame Takingadvantageofnewtechnologiesneednotbeariskyproposition.Bycombiningsecuritybestpractices andanunderstandingofhowthetechnologyworks,companiescanefficientlyandsecurelyimplementthe promisedbenefits.byutilizingtherecommendationsoutlinedinthispaperyoucandefinetheappropriate risk basedsecuritypoliciesandimplementnecessarycontrolstoachieveasecurevirtualenvironment. Developawellthoughtout virtual aware securitystrategy. Assessandunderstandyourvulnerabilities Enhanceexistingsecuritymeasures,controlpointsandmonitoringtoaddressvirtualizationgaps. Balanceacceptableriskwithbusinessdrivestoachievethebenefitsofvirtualization. HowDoesVirtualizationChangeYourApproachtoEnterpriseSecurityandCompliance? Copyright2009SplunkInc.andGlassHouseTechnologies,Inc.AllRightsReserved. Page10

References SecurityDesignoftheVMwareInfrastructure3Architecture bycharuchaubal,vmware SecurityConsiderationsandBestPracticesforSecuringVirtualMachines byneilmacdonald,gartner, 6March2007 ESX SERVER SECURITY TECHNICAL IMPLEMENTATION GUIDE Version 1, Release 1 Developed by DefenseInformationSystemsAgencyfortheDepartmentofDefense,28April2008 Dataquest Insight: Virtualization Market Size Driven by Cost Reduction, Resource Utilization and ManagementAdvantages bygartner,5january2009 TheGuidetoITSearch bysplunk,january2008 TheBusinessModelOntologyaPropositioninaDesignScienceApproach byalexanderosterwalder, UNIVERSITEDELAUSANNE,2004 AbouttheAuthors MichaelBaumco foundedsplunkwithtwofriendsandanambitiontoassisthumansinthebattleagainst increasingitcomplexityandtheonslaughtofmachinegenerateddata.asfoundingceo,michaelledthe teamthatquicklyscaledsplunkfromageekyideatooneofthefastestgrowingprivatesoftwarecompanies in Silicon Valley. The company has transformed how more than 1,100 enterprises, service providers and governmentorganizationsandmorethan350,000usersworldwideunderstandandmanagecomplexit environments.splunkwasthewinnerofdeloitte's2008fastestgrowingrisingstarsinsiliconvalleyand recognizedasoneofthetopplacestoworkinthebayareabythesanfranciscotimes.nowmichaelis leadingtheteambuildingsplunk'sglobalecosystemofconsultants,solutiondevelopers,resellers,managed serviceprovidersandtechnologypartners. ScottShepard,CISSP,CISM,isaPrincipalConsultantforGlassHouseTechnologies,Inc.Heisaninformation securityexpertwhohasledthedevelopmentofabroadportfolioofmarket leading,differentiatedsecurity servicesolutionsandarchitectures.inhispriorpositionasthedirectoryofsecurityarchitectureatmotorola, heledthedevelopmentandtechnicalbuild outofthe E zones architectureinsupportmotorola sseamless Mobility business vision. Scott received recognition for this unique security implementation with multiple industryawards. Allthetrademarksorbrandsinthisdocumentareregisteredbytheirrespectiveowner(s).VMware,theVMwarelogo, VMotionaretrademarksorregisteredtrademarksofVMware,Inc..Allothermarksandnamesmentionedhereinmaybe trademarksoftherespectivecompanies.allrightsreserved. HowDoesVirtualizationChangeYourApproachtoEnterpriseSecurityandCompliance? Copyright2009SplunkInc.andGlassHouseTechnologies,Inc.AllRightsReserved. Page11

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information