Your SlideShare is downloading. ×
0
VirtSec,  and the Open Source impact
VirtSec,  and the Open Source impact
VirtSec,  and the Open Source impact
VirtSec,  and the Open Source impact
VirtSec,  and the Open Source impact
VirtSec,  and the Open Source impact
VirtSec,  and the Open Source impact
VirtSec,  and the Open Source impact
VirtSec,  and the Open Source impact
VirtSec,  and the Open Source impact
VirtSec,  and the Open Source impact
VirtSec,  and the Open Source impact
VirtSec,  and the Open Source impact
VirtSec,  and the Open Source impact
VirtSec,  and the Open Source impact
VirtSec,  and the Open Source impact
VirtSec,  and the Open Source impact
VirtSec,  and the Open Source impact
VirtSec,  and the Open Source impact
VirtSec,  and the Open Source impact
VirtSec,  and the Open Source impact
VirtSec,  and the Open Source impact
VirtSec,  and the Open Source impact
VirtSec,  and the Open Source impact
VirtSec,  and the Open Source impact
VirtSec,  and the Open Source impact
VirtSec,  and the Open Source impact
VirtSec,  and the Open Source impact
VirtSec,  and the Open Source impact
VirtSec,  and the Open Source impact
VirtSec,  and the Open Source impact
VirtSec,  and the Open Source impact
VirtSec,  and the Open Source impact
VirtSec,  and the Open Source impact
VirtSec,  and the Open Source impact
VirtSec,  and the Open Source impact
VirtSec,  and the Open Source impact
VirtSec,  and the Open Source impact
VirtSec,  and the Open Source impact
VirtSec,  and the Open Source impact
VirtSec,  and the Open Source impact
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

VirtSec, and the Open Source impact

1,951

Published on

or the lack thereof..

or the lack thereof..

1 Comment
0 Likes
Statistics
Notes
  • Be the first to like this

No Downloads
Views
Total Views
1,951
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
40
Comments
1
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. INUITS The real voyage of discovery consists in having new eyes . Marcel Proust
  • 2. Kris Buytaert
    • Senior Linux and Open Source Consultant @inuits.be
    • 3. „ Infrastructure Architect“
    • 4. Surviving the 10 th floor test
    • 5. OSSTMM
    • 6. Co-Author Virtualization with Xen
    • 7. Guest Editor at Virtualization.com
  • 8. Today
    • What is Virtualization
    • 9. What is VirtSec
    • 10. Fud and Reality
    • 11. VirtSec and Open Source
    • 12. CloudSec
  • 13. What is Virtualization ?
    • Running different operating systems together on one machine
    • 14. Isolate Operating system from the underlying hardware resources
    • 15. Running multiple identical operating systems together on one machine
  • 16. Why Virtualization Matters
    • Consolidation
    • 17. Saving Idle CPU Cycles
    • 18. Separating Development/Staging/Production
    • 19. Hardware independency
    • 20. Security
    • 21. Greener Environment
    • 22. All the cool kids are doing it
  • 23. Why Virtualization is dangerous
    • A vendor view of High availability
    • 24. Live Migration is not a HA Solution
    • 25. Vendor Lock In
    • 26. Heavy IO
    • 27. Hardware dependencies & Live Migration
    • 28. Security ?
  • 29. Virtualization and Open Source
    • Leading the Pack
    • 30. Paravirtualization
    • 31. VT Support
    • 32. The core Virtual Infrastructure is open
    • 33. Proprietary vendors try to catch up
    • 34. And Build the Management FrameWorks
  • 35. Virtualization to Me Xen KVM VirtualBox Linux Vserver OpenVZ Linux Containers LibVirt Convirt Qemu OpenQRM Enomaly UML
  • 36. What is VirtSec ?
    • Securing Virtual Platforms , Hypervisors, Host OS
    • 37. Securing the Guest OS in a Virtual Environment
    • 38. Running Security tools in a Virtual Environment
  • 39. Isn't VirtSec just a way for the security people to jump on the Virtualization Hype ?
  • 40.  
  • 41. What changes with Virtualization ?
    • The Network stack
      • System vs Network vs Virtualization
      • 42. The network goes inside the machine
    • Live Migration
      • Across different VLAN's
      • 43. Vlan Spaghetti
    • Scale
      • 1 physical machine = MANY VM's
  • 44. Legacy Apps
    • Claim: Legacy Apps can't be secured properly
      • That old badge logging app running on Win95
      • 45. That old batch job running on SCO
    • Doesn't matter if they are virtual or not
  • 46. The Virtual Network
    • Claim: NIDS can't see Inter VM traffic
    • 47. What about Inter App traffic on the same host , only now we've isolated app from eachother
    • 48. Bridging / Routing InterVM traffic rather than using proprietary sockets
  • 49. Flux and Scale
    • Claim: Traditional HIDS can't follow the quick changing state of Hosts
    • 50. My HA Clusters, are Active Passive, Active Active, or N+M too. Their state is in constant flux too
    • 51. The role Config Management and Platform Automation grows every second.
  • 52. Static Security was DEAD before Virtualization
    • High Availability Clusters
    • 53. But the problem is still growing
    • 54. VM Relocation
    • 55. Live VM Migration
    • 56. Rapid ReDeployment
    • 57. Multiple Instances of a service
  • 58. Thank you App Developer
    • Virtual Apliances are Awesome
    • 59. A flying start
    • 60. They save you time
    • 61. They give you a nice preview of technology
  • 62. Virtual Appliance & Security
    • Who build it ?
    • 63. Is the app secured
    • 64. What about authentication integration ?
    • 65. How to update it ?
    • 66. They KILL your time
  • 67. Image Sprawl, your update nightmare
    • Image sprawl
      • Copy VM, Deploy VM, Modify VM, Copy VM
    • How do you patch 1 VM ?
    • 68. Did you patch before or after that one was copied ?
    • 69. How do you patch 100 VM's ?
    • 70. What about machines that are offline ?
  • 71. Image Sprawl, your update nightmare The biggest challenges we have in virtualization are operational and organizational rather than technical. Christofer Hoff
  • 72. Image Sprawl, your update nightmare
    • Automate Deployment
    • 73. Implement Configuration Management
    • 74. Map Security management to Config Mgmt
    • Prepare to Survive the 10 th floor test !
  • 75. Hypervisor Security
  • 76. Deus Ex Machina
    • Remember the E10K fiasco ?
      • No you won't be able to get from one VM to another VM ?
      • 77. You bet they will !
    • Buffer overflow in Management soft ?
  • 78. Ballooning
    • Critical feature from a proprietary vendor
    • 79. Not available in off the shelf Xen/OracleVM
    Go away or I will replace you with a small shellscript
  • 80. Blue Pill vs Red Pill
    • Blue Pill by Invisible Labs
    • 81. Placing a Hypervisor under an OS
    • 82. Hoping no one realizes it
    • Existing Source for POC
    • 83. Ignorance vs Truth
  • 84. Blue Pill, a real threat ?
    • POC vs Real Life
        • Become root first
        • 85. Then exploit the VM vulnerability ?
  • 86. Managing Virtual Machines
    • Early Management Frameworks
    • 87. Any client can connect ...
    • An example ..
  • 88. What is openQRM
    • open-source project at sourceforge.net (GPL)
    • 89. data-center management platform
    • 90. Not just your virtual platforms
    • 91. provides generic virtualization layer
    • 92. Deploy on demand
    • 93. Support for physical , Xen, VMWare, Vserver, KVM
    • 94. OpenQRM 4 is a full rewrite
    • 95. Cloud Deployment
  • 96. OpenQRM & Security
    • Authentication based on IP
    • 97. No Encryption
    • 98. No handshake
    • 99. Anyone who can spoof the openQRM server IP can reboot / redeploy your infrastructure
    • 100. Being fixed
  • 101. Open Source
    • Not Marketing Driven
    • 102. Written because there is a need
    • 103. To scratch an itch
    • 104. Peer review
    • 105. Typically more secure than Proprietary
    • 106. Leading Innovation in Virtualization
  • 107. Open Source & VirtSec
    • No known projects
    • 108. No Need for specialized projects / tools
    • 109. The VirtSec Vendors claim
      • First proprietary -> Then Open Source
      • 110. Open Source doesn't innovate
    • The Open Source Experts claim
      • Better Architectures
      • 111. No need for bloated hyped tools
  • 112. Is VirtSec a market? It's an instantiation of technology, practice and operational adjustment brought forth as a derivative of a disruptive technology and prevailing market conditions. Does that mean it's a feature as opposed to a market? No. In my opinion, it's an evolution of an existing market, rife with existing solutions and punctuated by emerging ones. The next stop is how "security" will evolve from VirtSec to CloudSec... Christofer Hoff
  • 113. Isn't CloudSec just a way for the security people to jump on the Cloud Hype ?
  • 114. The Cloud ? Cloud computing refers to the use of Internet ("cloud") based computer technology for a variety of services. It is a style of computing in which dynamically scalable and often virtualised resources are provided as a service over the Internet. The concept incorporates software as a service (SaaS), Web 2.0 and other recent, well-known technology trends, in which the common theme is reliance on the Internet for satisfying the computing needs of the users.
  • 115. SAAS <(>) Cloud
  • 116. SaaSSec
    • One Vendor
    • 117. Full control over
      • His application
      • 118. His application stack
    • Supposed to manage his platform in Secure Fashion
    • 119. But do you TRUST him ?
  • 120. CloudSec
    • Deploying in an untrusted domain
      • This is not your average DMZ
      • 121. You don't even own the Vhost
    • Cloud Datacenters Attrackt Attackers
      • Identical Hypervisors => Only 1 exploit needed
      • 122. Cloud Hijacking
    • Pre and Post Deployment
      • What was there and what stays behind ?
  • 123. CloudSec
    • Increase security as never before
    • 124. Encrypt all inter Vhost traffic
    • 125. FireWall as Never before
    • 126. Don't store critical data in the cloud
      • Use it for analytics
      • 127. Workload offload
      • 128. Volatile data
    • Build your own Private Cloud
  • 129. Conclusion
    • Risks Change
    • 130. Scale Changes
    • 131. Automation matters
    • 132. Complexity is the Enemy of Reliability
    • 133. Watch out for FUD
      • Specially in the closed world
  • 134. Security still isn't a product you can buy It's not even a process It's a lifestyle
  • 135. ` Kris Buytaert < [email_address] > Further Reading http://www.krisbuytaert.be/blog/ http://www.inuits.be/ http://www.virtualization.com/ http://www.oreillygmt.com/ ? !

×