KVM Security - Where Are We At, Where Are We Going

Similar documents
CTS2134 Introduction to Networking. Module Network Security

Utilizing Solaris 10 Security Features. Presented by: Nate Rotschafer Peter Kiewit Institute Revised: August 8, 2005

Recommended IP Telephony Architecture

Security Enhanced Linux and the Path Forward

Red Hat Enterprise Linux 7 Virtualization Security Guide

VIEWABILL. Cloud Security and Operational Architecture. featuring RUBY ON RAILS

VMWARE Introduction ESX Server Architecture and the design of Virtual Machines

Using an Open Source Framework to Catch the Bad Guy. Norman Mark St. Laurent Senior Solutions Architect, Red Hat

Linux Network Security

Analysis of the Linux Audit System 1

Linux Firewall. Linux workshop #2.

Virtual Systems with qemu

Industrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1

A Virtualized Linux Integrity Subsystem for Trusted Cloud Computing

Executive Summary and Purpose

Implementing Cisco IOS Network Security v2.0 (IINS)

IMPLEMENTATION OF INTELLIGENT FIREWALL TO CHECK INTERNET HACKERS THREAT

Implementing Cisco IOS Network Security

Top Secret KVM, Lessons Learned from an ICD 503 Deployment

Unifying Information Security. Implementing TLS on the CLEARSWIFT SECURE Gateway

information security and its Describe what drives the need for information security.

NETASQ & PCI DSS. Is NETASQ compatible with PCI DSS? NG Firewall version 9


Protecting and controlling Virtual LANs by Linux router-firewall

Securing Data on Microsoft SQL Server 2012

Network Security. Tampere Seminar 23rd October Overview Switch Security Firewalls Conclusion

In today s world the Internet has become a valuable resource for many people.

Secure Networks for Process Control

How To Set Up An Ip Firewall On Linux With Iptables (For Ubuntu) And Iptable (For Windows)

Track 2 Workshop PacNOG 7 American Samoa. Firewalling and NAT

MS-55096: Securing Data on Microsoft SQL Server 2012

Structured Threats 21 External Threats 22 Internal Threats 22 Network Attacks 22 Reconnaissance Attacks 22 Access Attacks 23 Data Retrieval 23 System

IINS Implementing Cisco Network Security 3.0 (IINS)

Intro to Linux Kernel Firewall

Did you know your security solution can help with PCI compliance too?

J ai pas de TUN et je m en TAP

KVM Security Comparison

Firewall Piercing. Alon Altman Haifa Linux Club

Linux KVM Virtual Traffic Monitoring

ReadyNAS Remote White Paper. NETGEAR May 2010

Security White Paper The Goverlan Solution

Customized Data Exchange Gateway (DEG) for Automated File Exchange across Networks

iscsi Security (Insecure SCSI) Presenter: Himanshu Dwivedi

Module I-7410 Advanced Linux FS-11 Part1: Virtualization with KVM

Solution of Exercise Sheet 5

Secure VidyoConferencing SM TECHNICAL NOTE. Protecting your communications VIDYO

VMware: Advanced Security

Firewalls. Ingress Filtering. Ingress Filtering. Network Security. Firewalls. Access lists Ingress filtering. Egress filtering NAT

ΕΠΛ 674: Εργαστήριο 5 Firewalls

Secure computing: SELinux

The QEMU/KVM Hypervisor

: Interconnecting Cisco Networking Devices Part 1 v2.0 (ICND1)

Securing Your Cloud with Xen Project s Advanced Security Features

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013

...e SELinux fosse più sicuro?...and if Linux was more secure? (Play on words with the Italian language)

Load Balancing - Single Multipath Route HOWTO

1. Cyber Security. White Paper Data Communication in Substation Automation System (SAS) Cyber security in substation communication network

Load Balancing Trend Micro InterScan Web Gateway

3 Days Course on Linux Firewall & Security Administration

Developing Network Security Strategies

WLAN Attacks. Wireless LAN Attacks and Protection Tools. (Section 3 contd.) Traffic Analysis. Passive Attacks. War Driving. War Driving contd.

How does IBM deliver cloud security? An IBM paper covering SmartCloud Services 1

Network Security Fundamentals

CMPT 471 Networking II

Enhancing Hypervisor and Cloud Solutions Using Embedded Linux Iisko Lappalainen MontaVista

Project 4: IP over DNS Due: 11:59 PM, Dec 14, 2015

ACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD CCNA SECURITY. VERSION 1.0

Exploring Layer 2 Network Security in Virtualized Environments. Ronny L. Bull & Jeanna N. Matthews

Summary of the SEED Labs For Authors and Publishers

APNIC elearning: Network Security Fundamentals. 20 March :30 pm Brisbane Time (GMT+10)

Basics of Internet Security

Mandatory Access Control Systems

Introduction to IT Security

FINAL DoIT v.8 APPLICATION SECURITY PROCEDURE

FIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.

FRONT RUNNER DIPLOMA PROGRAM INFORMATION SECURITY Detailed Course Curriculum Course Duration: 6 months

Mobility Task Force. Deliverable F. Inventory of web-based solution for inter-nren roaming

Module 8. Network Security. Version 2 CSE IIT, Kharagpur

SOFTWARE ENGINEERING 4C03. Computer Networks & Computer Security. Network Firewall

Chapter 20 Firewalls. Cryptography and Network Security Chapter 22. What is a Firewall? Introduction 4/19/2010

RuggedCom Solutions for

Cconducted at the Cisco facility and Miercom lab. Specific areas examined

What IT Auditors Need to Know About Secure Shell. SSH Communications Security

OPC UA vs OPC Classic

Enabling Secure Mobile Operations with Commercial Products

How To Pass The Information And Network Security Certificate

Security. Inaccessible Star? Philippe TEUWENCédric BLANCHER. Hack.lu 2006 October

Firewalls and Intrusion Detection

NETWORK SECURITY (W/LAB) Course Syllabus

ΕΠΛ 475: Εργαστήριο 9 Firewalls Τοίχοι πυρασφάλειας. University of Cyprus Department of Computer Science

Cloud S ecurity Security Processes & Practices Jinesh Varia

What is included in the ATRC server support

Networking Technology Online Course Outline

Acano solution. Security Considerations. August E

Cyber Security In High-Performance Computing Environment Prakashan Korambath Institute for Digital Research and Education, UCLA July 17, 2014

MongoDB Security Guide

Windows 2000 Security Architecture. Peter Brundrett Program Manager Windows 2000 Security Microsoft Corporation

Introduction to Cloud Computing

JOB READY ASSESSMENT BLUEPRINT COMPUTER NETWORKING FUNDAMENTALS - PILOT. Test Code: 4514 Version: 01

Tom Eastep Linuxfest NW April 26-27, 2008 Bellingham, Washington

Transcription:

Klaus Heinrich Kiwi Software Engineer LinuxCon Brazil August 31, 2010 KVM Security - Where Are We At, Where Are We Going Klaus Heinrich Kiwi, IBM LTC 2010 IBM Corporation

KVM Security - Where Are We At, Where Are We Going Agenda High-level architecture Secure Management Virtual Network SELinux + svirt Auditing Guest-image cryptography Future 2 2010 IBM Corporation

High-level architecture 3 2010 IBM Corporation

High-level architecture - What makes KVM so cool? KVM Guest = Userland process (like any other) Process separation Modular design: Aligned with Open-source and Linux philosophy Re-use of know, tested and proofed interfaces and subsystems Libvirt: Simplification, better out-of-box security 4 2010 IBM Corporation

High-level architecture - Current real-world scenario In practice = All guest running as root or qemu Privileged network set-up step (CAP_NET_ADMIN...) Libvirt rapidly evolving to cover more scenarios, better security... 5 2010 IBM Corporation

KVM Security - Where Are We At, Where Are We Going Agenda High-level architecture Secure Management Virtual Network SELinux + svirt Auditing Guest-image cryptography Future 6 2010 IBM Corporation

Secure Management 1)Local (or SSH) Standard UNIX perms, PolicyKit 2)TCP + sasl separate credential DB, encrypted channel 3)TLS Standard PKI with certificates 7 2010 IBM Corporation

Secure Management- Special care to VNC Graphical Console Default is still clear-text TCP session available to every local user vncpasswd considered weak Alternative: VNC over TLS (with client cert verification) or SASL 8 2010 IBM Corporation

Secure Management Console Gráfico (VNC) Things to keep in mind Isolate the management network. Use firewalls. VNC Graphic console Dynamic port range Weak authentication per default Local users can try to connect If graphical console can't be avoided: VNC-over-TLS or SASL TCP simples sem autenticação ou criptografia Avoid using Unix root to perform management VNC over Prefer TLS SASL certificado credential digital database Can combine with TLS certificates! 9 2010 IBM Corporation

KVM Security - Where Are We At, Where Are We Going Agenda High-level architecture Secure Management Virtual Network SELinux + svirt Auditing Guest-image cryptography Future 10 2010 IBM Corporation

Virtual Network 1) Simple Bridge Link-layer (OSI layer 2) ETHERNET FRAME forwarding Not specific to Virtualization (remember re-use, Linux philosophy...) Well-known Risks: ARP spoofing MAC flooding 11 2010 IBM Corporation

Virtual Network 2) Simple Bridge + ebtables # ebtables -P FORWARD DROP # ebtables -s 54:52:00:11:22:33 -i vif1 -j ACCEPT # ebtables -o vif+ -j ACCEPT 12 2010 IBM Corporation

Virtual Network 3) IP Routing Or NAT Network-layer (OSI layer 3) IP PACKET forwarding + Requires IP addresses (added complexity?) + Requires L2 bridge anyway (risks are still valid!) 13 2010 IBM Corporation

Virtual Network VLAN 802.1q Bridge + sub-interfaces in specific VLAN ID Configuration: vconfig Important: keep 1 bridge per VLAN ID (avoid mixing VLANs) 14 2010 IBM Corporation

Virtual Network Important Note: iptables processing in Bridge interfaces conntrack module works on global context /etc/sysctl.conf: net.bridge.bridge-nf-call-ip6tables = 0 net.bridge.bridge-nf-call-iptables = 0 net.bridge.bridge-nf-call-arptables = 0 15 2010 IBM Corporation

Virtual Network Cuidado: iptables em Bridges Thinks to keep in mind Avoid using dynamic configuration Fixed MAC address, fixed IP configuration ebtables Flood, spoof protection from rogue guests Unless absolutely necessary, disable iptables processing on bridge interfaces. Contexto global em certos módulos como conntrack /etc/sysctl.conf: VLANs 802.1q = simplification!! net.bridge.bridge-nf-call-ip6tables = 0 Advanced net.bridge.bridge-nf-call-iptables filtering sometimes requires libvirt bypassing = 0 net.bridge.bridge-nf-call-arptables libvirt > 0.8.2 has advanced filtering support = 0 16 2010 IBM Corporation

KVM Security - Where Are We At, Where Are We Going Agenda High-level architecture Secure Management Virtual Network SELinux + svirt Auditing Guest-image cryptography Future 17 2010 IBM Corporation

SELinux Before SELinux DAC = Discretionary Access Control Standard UNIX perms (user/group/other, read/write/execute) User has control over his/her objects/files Compromised user gives up control to attacker 18 2010 IBM Corporation

SELinux Standard SELinux policy MAC = Mandatory Access Control System-wide policy Domain separation Interactions must be explicitly allowed In practice: Enforced domain separation 19 2010 IBM Corporation

SELinux svirt-enabled virtualization Further divide the system into categories (MCS) Guests running in same domain, but different category Simple and Easy to use! By default, No interaction between categories is allowed svirt = SELinux policy + libvirt driver 20 2010 IBM Corporation

KVM Security - Where Are We At, Where Are We Going Agenda High-level architecture Secure Management Virtual Network SELinux + svirt Auditing Guest-image cryptography Future 21 2010 IBM Corporation

Auditing Motivation: Virtualization is a resonably contained activity Privileged credentials (root) still needed for many mgmt tasks Linux Audit : Bootloader: root (hd0,1) kernel /vmlinuz-el5.x86_64 ro root=/dev/sda1 rhgb audit=1 initrd /initramfs-el5.x86_64.img # chkconfig auditd on /etc/audit/audit.rules: Cut records for any configuration change Cut records for unusual interactions 22 2010 IBM Corporation

Auditing audit.rules: examples # Log non-standard access to the TLS private key -a exit,always \ -F path=/etc/pki/libvirt/private/serverkey.pem \ -F subj_type!=virtd_t # Non-standard changes to guest images -a exit,always -F obj_type=virt_image_t \ -F perm=wa -F subj_type!=qemu_t # Qemu interactions with other domains -a exit,always -F arch=b64 -S all -F perm=wax \ -F subj_type=qemu_t -F obj_type!=qemu_t More detailed examples in Securing KVM guests and the host system Blueprint http://publib.boulder.ibm.com/infocenter/lnxinfo/v3r0m0/topic/liaai/kvmsec/kvmsecstart.htm or http://blog.klauskiwi.com/ 23 2010 IBM Corporation

KVM Security - Where Are We At, Where Are We Going Agenda High-level architecture Secure Management Virtual Network SELinux + svirt Auditing Guest-image cryptography Future 24 2010 IBM Corporation

Guest-image cryptography dm-crypt & qcow2 Data-at-rest tamper, unauthorized access protection dm-crypt = block-level transparent encryption (host or guest kernel) Qemu/KVM couldn't care less (seen as raw image anyway) # cryptsetup qcow2 = Qemu image format adv. Features, crypto, libvirt sup. 25 2010 IBM Corporation

KVM Security - Where Are We At, Where Are We Going Agenda High-level architecture Secure Management Virtual Network SELinux + svirt Auditing Guest-image cryptography Future 26 2010 IBM Corporation

Looking forward Qemu wrapper for tap interfaces, CAP_NET_ADMIN handling Run as (multiple) unprivileged users Sandboxed Qemu Extend the concept of a Qemu-wrapper into a virt-cage Drop access to every but minimally required set of syscalls Custom Policy editor for svirt Allow specific interactions between guests/categories KVM Common Criteria certification RHEL 5 and RHEL6 Virtual Trusted Platform Module (vtpm) More libvirt additions network filtering, image crypto, mgmt 27 2010 IBM Corporation

Questions? Klaus Heinrich Kiwi klaus@klauskiwi.com Slides are already avaiable at: http://blog.klauskiwi.com 28 2010 IBM Corporation

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information