Virtualization System Security



Similar documents
Securing your Virtual Datacenter. Part 1: Preventing, Mitigating Privilege Escalation

VMware ESX Server 3 Configuration Guide

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013

VMware Security Briefing. Rob Randell, CISSP Senior Security Specialist SE

VMWARE Introduction ESX Server Architecture and the design of Virtual Machines

Virtualization Security Checklist

Securely Architecting the Internal Cloud. Rob Randell, CISSP Senior Security and Compliance Specialist VMware, Inc.

Security. Environments. Dave Shackleford. John Wiley &. Sons, Inc. s j}! '**»* t i j. l:i. in: i««;

Learn the Essentials of Virtualization Security

managing the risks of virtualization

Learn the essentials of virtualization security

Cloud Security Overview

PICO Compliance Audit - A Quick Guide to Virtualization

Compromise-as-a-Service

Virtualization Technologies and Blackboard: The Future of Blackboard Software on Multi-Core Technologies

Virtualization Security

How to Configure an Initial Installation of the VMware ESXi Hypervisor

Database Security Guide

An overwhelming majority of IaaS clouds leverage virtualization for their foundation.

TECHNOLOGYBRIEF. The Impact of Virtualization on Network Security. Discover. Determine. Defend.

Securing Industrial Control Systems on a Virtual Platform

Virtualisation. A newsletter for IT Professionals. Issue 2. I. Background of Virtualisation. Hardware

Active Fabric Manager (AFM) Plug-in for VMware vcenter Virtual Distributed Switch (VDS) CLI Guide

Auditing Virtualized Environments

VMware ESXi 3.5 update 2

Installing and Administering VMware vsphere Update Manager

Virtualization Security and Best Practices. Rob Randell, CISSP Senior Security Specialist SE

Virtualization for Cloud Computing

Top virtualization security risks and how to prevent them

Hypervisor Software and Virtual Machines. Professor Howard Burpee SMCC Computer Technology Dept.

Preparing an RFI for. This RFI has been updated to reflect the new requirements in Version 3.0 of the PCI DSS, which took effect January 2015.

DMZ Virtualization Using VMware vsphere 4 and the Cisco Nexus 1000V Virtual Switch

Virtualization and Cloud Computing

Security and Cloud Compunting - Security impacts, best practices and solutions -

Servervirualisierung mit Citrix XenServer

VMware: Advanced Security

FISMA / NIST REVISION 3 COMPLIANCE

GE Measurement & Control. Cyber Security for NEI 08-09

FINAL DoIT v.8 APPLICATION SECURITY PROCEDURE

VMware vcenter Update Manager Administration Guide

Mitigating Information Security Risks of Virtualization Technologies

Table of Contents. Virtual Server Software Trade Study Architecture Working Group, Systems Administrators Group , Revised

Medical Device Security Health Imaging Digital Capture. Security Assessment Report for the Kodak DryView 8150 Imager Release 1.0.

8070.S000 Application Security

VMware vsphere-6.0 Administration Training

Altor Virtual Network Security Analyzer v1.0 Installation Guide

Network Access Control in Virtual Environments. Technical Note

ALTERNATIVES FOR SECURING VIRTUAL NETWORKS

Cedric Rajendran VMware, Inc. Security Hardening vsphere 5.5

Locking down a Hitachi ID Suite server

Storage Sync for Hyper-V. Installation Guide for Microsoft Hyper-V

Protecting the Irreplacable. November 2013 Athens Ian Whiteside, F-Secure

Securing the Journey to the Private Cloud. Dominique Dessy RSA, the Security Division of EMC

Networking for Caribbean Development

What is virtualization

Acronis Backup & Recovery 11.5

Remote PC Guide Series - Volume 1

ANNEXURE-1 TO THE TENDER ENQUIRY NO.: DPS/AMPU/MIC/1896. Network Security Software Nessus- Technical Details

FINAL DoIT v.4 PAYMENT CARD INDUSTRY DATA SECURITY STANDARDS APPLICATION DEVELOPMENT AND MAINTENANCE PROCEDURES

How To Make A Virtual Machine Aware Of A Network On A Physical Server

Index C, D. Background Intelligent Transfer Service (BITS), 174, 191

PHD Virtual Backup for Hyper-V

Host Hardening. Presented by. Douglas Couch & Nathan Heck Security Analysts for ITaP 1

Install Guide for JunosV Wireless LAN Controller

Medical Device Security Health Imaging Digital Capture. Security Assessment Report for the Kodak Capture Link Server V1.00

Thick Client Application Security

Quick Start Guide for VMware and Windows 7

Unmasking Virtualization Security. Eric A. Hibbard, CISSP, CISA Hitachi Data Systems

Red Hat enterprise virtualization 3.0 feature comparison

Best Practices for Monitoring Databases on VMware. Dean Richards Senior DBA, Confio Software

Solaris For The Modern Data Center. Taking Advantage of Solaris 11 Features

VIRTUALIZATION 101. Brainstorm Conference 2013 PRESENTER INTRODUCTIONS

PARALLELS SERVER BARE METAL 5.0 README

App Orchestration Setup Checklist

User Guide for VMware Adapter for SAP LVM VERSION 1.2

VMware vcenter Update Manager Administration Guide

Directions for VMware Ready Testing for Application Software

Cyber Security In High-Performance Computing Environment Prakashan Korambath Institute for Digital Research and Education, UCLA July 17, 2014

Virtually Pwned Pentesting VMware. Claudio

Recommended IP Telephony Architecture

Before we can talk about virtualization security, we need to delineate the differences between the

NetScaler VPX FAQ. Table of Contents

A Survey on Virtual Machine Security

Medical Device Security Health Imaging Digital Capture. Security Assessment Report for the Kodak CR V4.1

Windows Operating Systems. Basic Security

Virtualization Technologies (ENCS 691K Chapter 3)

Virtualization. Dr. Yingwu Zhu

Penetration Test Report

Comparing Free Virtualization Products

JOB ORIENTED VMWARE TRAINING INSTITUTE IN CHENNAI

VMware vsphere Design. 2nd Edition

RSA Authentication Manager 8.1 Virtual Appliance Getting Started

Backup & Disaster Recovery Appliance User Guide

PCI DSS Virtualization Guidelines. Information Supplement: PCI Data Security Standard (PCI DSS) Version: 2.0 Date: June 2011

GFI White Paper PCI-DSS compliance and GFI Software products

VMware Virtual Infrastucture From the Virtualized to the Automated Data Center

Ensure that the server where you install the Primary Server software meets the following requirements: Item Requirements Additional Details

Patch Management. Module VMware Inc. All rights reserved

What is Virtualization and How Do I Audit It? Rick Schnierer and Chris Tennant

ADC9521: Surviving Regulatory Compliance in the Virtual Infrastructure

Transcription:

Virtualization System Security Bryan Williams, IBM X-Force Advanced Research Tom Cross, Manager, IBM X-Force Security Strategy 2009 IBM Corporation

Overview Vulnerability disclosure analysis Vulnerability classes Vulnerability examples Virtualization-system specific attacks Known virtualization system attacks Public virtualization system exploits Summary of virtualization system security concerns Technologies for virtualization-based security enhancement Configuration recommendations

The Importance of Virtualization System Security Businesses are increasingly relying on virtualization technology In Q4 2009, 18.2% of servers shipped were virtualized 1 20% increase over 15.2% shipped in Q4 2008 Growing interest in cloud computing will fuel further demand Vulnerability disclosures have grown as interest has grown Source: IBM X-Force 2010 Midyear Trend Report 1 Source: IDC

The Risk Imposed by Virtualization System Vulnerabilities Disclosed vulnerabilities pose a significant security risk 40% of all reported vulnerabilities have high severity Tend to be easy to exploit, provide full control over attacked system Exploits have been publically disclosed for 14% of vulnerabilities

The Risk To Production Systems Most reported vulnerabilities affect production virtualization systems Production systems run on the bare metal hypervisor acts as operating system Contrast with workstation systems, which run on top of a host OS

Vendor Disclosures by Vendor Low percentages for Oracle, IBM, and Microsoft VMware: 80.9% RedHat: 6.9% Citrix: 5.8% Oracle: 1.8% IBM: 1.1% Microsoft: 0.9%

Virtualization System Vulnerability Classes Vulnerabilities can be classified by what they affect Virtualization Server Guest VM Users 5 System Administrators Virtualization System 1 Admin VM Guest VM Hypervisor Hardware Guest VM 2 3 4 6 Management Console Management Server

Virtualization System Vulnerability Classes Management console vulnerabilities Affect the management console host Can provide platform or information allowing attack of management server Can occur in custom consoles or web applications Management server vulnerabilities Potential to compromise virtualization system configuration Can provide platform from which to attack administrative VM Administrative VM vulnerabilities Compromises system configuration In some systems (like Xen), equivalent to a hypervisor vulnerability in that all guest VMs may be compromised Can provide platform from which to attack hypervisor and guest VMs

Virtualization System Vulnerability Classes Guest VM vulnerabilities Affect a single VM Can provide platform from which to attack administrative VM, hypervisor, and other guest VMs Hypervisor vulnerabilities Compromise all guest VMs Cannot be exploited from guest VMs Hypervisor escape vulnerabilities A type of hypervisor vulnerability Classified separately because of their importance Allow a guest VM user to escape from own VM to attack other VMs or hypervisor Violate assumption of isolation of guest VMs

Production Virtualization System Vulnerabilities By Class Mgmt Server (6.3%) Guest VM (15.0%) Hypervisor (1.3%) Indeterminate (6.3%) Hypervisor escape (37.5%) Mgmt console (16.3%) Admin VM (17.5%)

Virtualization System Vulnerability Examples Management console CVE-2009-2277: A cross-site scripting vulnerability in a VMware web console allows remote attackers to steal cookie-based authentication credentials Management server CVE-2008-4281: VMware VirtualCenter management server can allow a local attacker to use directory traversal sequences to gain elevated privileges Administrative VM CVE-2008-2097: A buffer overflow in a VMWare management service running in the administrative VM could allow remote authenticated users to gain root privileges

Virtualization System Vulnerability Examples Guest VM CVE-2009-2267: A bug in the handling of page fault exceptions in VMware ESX Server could allow a guest VM user to gain kernel mode execution privileges in the guest VM Hypervisor CVE-2010-2070: By modifying the processor status register, a local attacker can cause the Xen kernel to crash Hypervisor escape CVE-2009-1244: An error in the virtual machine display function on VMware ESX Server allows an attacker in a guest VM to execute arbitrary code in the hypervisor

New Virtualization System-Specific Attacks VM jumping/guest hopping Attackers take advantage of hypervisor escape vulnerabilities to jump from one VM to another VM attacks Attacks during deployment and duplication Deletion of virtual images Attacks on control of virtual machines Code/file injection into virtualization file structure

New Virtualization System-Specific Attacks VM migration VM migration is transfer of guest OS from one physical server to another with little or no downtime Implemented by several virtualization products Provides high availability and dynamic load balancing VMware VMotion brochure

New Virtualization System-Specific Attacks VM migration attack If migration protocol is unencrypted, susceptible to man-in-the-middle attack Allows arbitrary state in VM to be modified In default configuration, XenMotion is susceptible (no encryption) VMware s VMotion system supports encryption Proof-of-concept developed by John Oberheide at the Univ. of Michigan John Oberheide et. al. University of Michigan

Known Virtualization System Attacks Management server attacks Exploit management console vulnerabilities that divulge password information Exploit management console vulnerabilities to gain access to management server Exploit vulnerabilities that allow local management server users to gain elevated privileges Administrative VM attacks exploit vulnerabilities to: Cause a denial of service by halting the system Cause a denial of service by crashing the administrative VM Obtain passwords that are stored in cleartext Exploit buffer overflows in exposed services to execute arbitrary code Exploit vulnerable services to gain elevated privileges Bypass authentication

Known Virtualization System Attacks Guest VM attacks exploit vulnerabilities to: Gain elevated privileges Crash the virtual machine Truncate arbitrary files on the system Execute arbitrary code with elevated privileges Hypervisor attacks exploit vulnerabilities to: Cause the hypervisor to crash Escape from one guest VM to another

Example Configuration Issues Virtual machine configuration Resource reservations and limits (for example, on CPU usage) can be established for individual VMs Allows assignment of more system resources to specific VMs Improper configuration can allow a DoS against one virtual host to affect other hosts on the same server Failure to enable log file rotation can fill disk and DoS the ESX Server Failure to disable unused devices can introduce unnecessary risk

Example Configuration Issues Virtual network configuration Virtual switches are used to define the topology of virtual networks VMware

Example Configuration Issues Improper configuration can allow unintended communication among guest VMs Network services are enabled to connect virtual machines and kernel services to the physical network Kernel services include features such as virtual machine migration Failure to disable unused services can introduce unnecessary risk VLANs can be used to aggregate multiple virtual switch ports under a common configuration Incorrect aggregation can result in misconfiguration of ports

New Virtualization System-Specific Attacks Hyperjacking Consists of installing a rogue hypervisor One method for doing this is overwriting pagefiles on disk that contain paged-out kernel code Force kernel to be paged out by allocating large amounts of memory Find unused driver in page file and replace its dispatch function with shellcode Take action to cause driver to be executed Shellcode downloads the rest of the malware Host OS is migrated to run in a virtual machine Has been demonstrated for taking control of Host OS Hyperjacking of hypervisors may be possible, but not yet demonstrated Hypervisors will come under intense scrutiny because they are such attractive targets Known hyperjacking tools: BluePill, SubVirt, Vitriol

Virtualization System Public Exploits 36 public exploits against production virtualization systems have been released Most of these are attacks against third-party components of these systems CVE-2009-2267 Guest OS user can gain elevated privileges on guest OS by exploiting a bug in handling of page faults Affects ESX server 4 and other VMware products Exploit binary posted at lists.grok.org.uk

Virtualization System Public Exploits CVE-2009-3760 Remote attacker can write PHP code to Web server configuration script to execute arbitrary PHP code with privileges of server Affects XenCenterWeb Exploit URLs are provided in a Neophasis post:

Virtualization System Public Exploits CVE-2007-5135 OpenSSL buffer overflow vulnerability allows remote attacker to execute arbitrary code on the system Affects VMware ESXi server 3.5, presumably the administrative VM (the service console ) Neophasis post describes the exploit Involves sending multiple ciphers to take advantage of an off-by- one error in OpenSSL s cipher processing code

Summary of Virtualization System Security Concerns Virtualization systems have added new vulnerabilities to infrastructure 259 new vulnerabilities over the last 5 years (XFDB) Use of virtualization systems doesn t add inherent security same connectivity to servers is still needed Addition of new operating system (hypervisor) increases attack surface Doesn t replace existing OSes Potential for new types of attacks Migration of VMs for load balancing can make them more difficult to secure Ease of addition of new VMs can increase likelihood that insecure systems will go online New management systems are needed for virtualization systems - increases attack surface

Technologies for Virtualization-Based Security Enhancement Some technologies can take advantage of virtualization to improve security IBM Security Virtual Server Protection for VMWare Takes advantage of virtualization to provide IPS protection for all communication between VMs on a virtualization server Traditional IPS provides protection only where appliances are installed Future may see virtualization-based sandboxing Sandbox environment is a locked-down OS that restricts what programs can do for example, disallow network access Sandboxes could run in separate VMs and be used for opening untrusted files and running untrusted applications

Virtualization System Configuration Recommendations Don t connect virtualization system hosts to operational networks until fully configured Management server configuration Management servers should be segregated from operational networks via an appropriately configured firewall or router Restrict access of management system databases to the management server, a database administrator, and backup software Limit access to remote management tools Use limited accounts Connections to virtualization systems should be encrypted and authenticated Use logging

Virtualization System Configuration Recommendations Administrative VM configuration Avoid installing third-party software Disable or restrict access to unused network services Synchronize clocks on virtualization servers and management servers to aid log analysis Manage log size to avoid filling partitions Implement file system integrity checking and password policies Only allow server administrators to manage administrative VMs Disable root console logins

Virtualization System Configuration Recommendations Guest VM configuration Harden servers Update and patch OS Use single role servers disable unnecessary services Use local firewall to insure limited host control Use limited scope admin accounts with strong passwords Protect virtual machine files Use access control lists Use encryption Use auditing of file operations (access, creation, deletion, ) Disable unnecessary or unused virtual devices Use hardened VM images as basis for new VMs VMware supports templates for creation of new VM images

Virtualization System Configuration Recommendations Virtualization environment configuration Install hypervisor updates and patches If possible, install VMs with different security profiles on different physical machines The existence of hypervisor escape vulnerabilities makes this prudent Otherwise, use virtual firewalls between groups of machines with different security postures Isolate VM traffic by defining VLAN port groups in virtual switches and associating each VM virtual adapter with the appropriate port group If supported, configure port groups to: Restrict virtual adapters from entering promiscuous mode Avoid changing virtual NICs own MAC addresses

Summary Virtualization system interest and vulnerabilities have both increased Virtualization system vulnerabilities can be characterized by what they affect Known attacks exist against all virtualization system components Public exploits have been released for some virtualization system vulnerabilities Virtualization systems have introduced new types of attacks Currently, virtualization systems make networks less secure Some technologies can offer virtualization-based security enhancement Proper configuration can reduce virtualization system risk

References X-Force 2010 Midyear Trend Report http://www-935.ibm.com/services/us/iss/xforce/trendreports/ X-Force database http://xforce.iss.net/ VMWare ESX Server 3 Configuration Guide http://www.vmware.com/pdf/vi3_35/esx_3/r35/vi3_35_25_3_server_config.pdf NSA ESX 3 Server Configuration Guide http://www.nsa.gov/ia/_files/support/i733-009r-2008.pdf Virtualization Security (Microsoft presentation) http://download.microsoft.com/download/8/c/6/8c62bac5-af9b-4815-be7f- 3165c61ddd81/Day2Session-VirtualizationSecurity-RickClaus.pdf Subverting Vista Kernel for Fun and Profit (BlackHat presentation by Joanna Rutkowska) http://web.archive.org/web/20070928060104/blackhat.com/presentations/bh-usa-06/bh- US-06-Rutkowska.pdf SubVirt: Implementing malware with virtual machines (U. of Michigan and Microsoft) http://www.eecs.umich.edu/virtual/papers/king06.pdf Empirical Exploitation of Live Virtual Machine Migration (John Oberheide et. al.) http://www.eecs.umich.edu/fjgroup/pubs/blackhat08-migration.pdf

References From Virtualization vs. Security to Virtualization Based Security (Steve Orrin, Intel presentation) http://event.isacantx.org/_event_files/346_lunch_orrin_virtsec_part2_v1.pdf VMware Security Hardening Guide http://www.vmware.com/pdf/vi3_security_hardening_wp.pdf Wikipedia article on sandboxing http://en.wikipedia.org/wiki/sandbox_(computer_security) What you need to know about Security Your Virtual Network (Daniel Petri) http://www.petri.co.il/what-you-need-to-know-about-vmware-virtualization-security.htm

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information