Avoiding Security Mistakes In Virtualized Environments Ahmed Sallam Senior Technologist, Software Architecture & Strategy ...
How to Avoid <ul><ul><li>Holistic approach to Virtualization Security </li></ul></ul><ul><ul><ul><li>VM image files securi...
Scanning of offline Virtual Images Running VMs Offline Images Scans VMs stored locally Scans VMs stored centrally
Securing underneath the OS VMSafe example <ul><li>Be prepared for a notion of protecting VM </li></ul><ul><li>Monitor & co...
Security underneath the OS The evolution <ul><li>Protection for all virtualized devices </li></ul>
Enterprise Virtual Firewall / NIPS © 2009 The SANS™ Institute - www.sans.org
In Summary <ul><ul><li>Tighter integration of security capabilities futures </li></ul></ul><ul><ul><li>Security virtualiza...
Thank You © 2009 The SANS™ Institute - www.sans.org
Upcoming SlideShare
Loading in …5
×

Sans Mc Afee Pandel Slides

313 views
283 views

Published on

Published in: Technology, News & Politics
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
313
On SlideShare
0
From Embeds
0
Number of Embeds
32
Actions
Shares
0
Downloads
2
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • Holistic Approach Don’t take a hit and miss approach to Virtualization Security. Consider Vendor Partners that bring solutions to the table vs. point products to help you tame these complex environments vs. you having to manage the diverse technology. Baked In Implement Security Best Practices when designing your environment, like. A Secure Design Approach Separate and Isolate Management Networks Plan for VM mobility Partition trust zones Combine trust zones using virtual network segmentation and virtual network management best practices Combine trust zones using portable VM protection there are 3 rd -party tools that can help with this A Secure Deployment approach Harden VMware Infrastructure according to their guidelines There are other 3 rd -party: STIG, CIS, Xtravirt Security Risk Assessment template, etc. Always secure virtual machines like you would physical servers Anti-virus, Patching, Host-based intrusion detection/prevention and Use Templates and Cloning to enforce conformity of virtual machines Hidden Costs Planning for training of personnel should be taken into consideration, also software security products (agents or appliances) if needed as a result of your up front design work. Don’t forget to work with your vendor over pricing models for software if they will need to be changed.
  • Top Market Challenges Virtual machine (VM) sprawl: Enterprise applications are easier to provision and deploy in virtual environments when compared to physical servers. In many cases, it takes as little as 15 minutes to bring up an application (Source: Gartner). Ease of deployment leads to VMs even for small workloads, further exacerbating the sprawl. Proliferation of VM creates a periodic need for virtualized applications to be brought offline for patching, configuration, testing and backup. Archived VMs stay offline for extended periods of time, some for as long as 7years to meet regulatory requirements (e.g. Financial apps/transactions have to be saved for 7years) Operating systems and applications within an archived VM remain un-patched while Microsoft continues to introduce new security patches monthly. Same applies to other application vendors. Offline VMs pose a serious risk upon activation since their security profile is out-of-date. VirusScan Enterprise for Offline Virtual Images is the solution. Integrated support for offline VMs Ensures security on offline VMs is up-to-date Identify malware Remove malware Automate security updates Manageable by ePO our global management console VSE for OVI - Flexible Deployment Scenarios Scans VMs stored locally Scans VMs stored centrally
  • Traditional Solution Pros Maximum utilization of ESX/Hardware platform No security restrictions on data paths within ESX, “policies applied in the network”   Cons Vulnerability in virtualization layer can break separation All traffic between VMs is passed over the network Firewall is blind to VM internal network, only sees traffic sent to it, potential for inter-VM traffic that is uninspected Virtual switch/network based separation of server traffic Cost savings limited to server consolidation, firewall may be under-utilized or over-utilized McAfee Virtual F/W It’s really a firewall for the “virtual world”, it can assist with Correcting security oversights in your virtualization efforts by: Enabling inter-VM access control policies Delivering IPS inspection of traffic within the virtual network Delivering fully integrated McAfee Anti-virus, SSL decryption, and McAfee SmartFilter URL filtering utilizing our Trusted Source Technology It can Improve audit capabilities, facilitate separation and control, so it really is a full function device for the virtual environment.
  • Tighter integration of security capabilities initiatives like VMSafe will Protect the VM by inspection of virtual components (CPU, Memory, Network and Storage). Providing complete integration and awareness of VMotion, Storage VMotion, HA, etc. This in turn will provide an unprecedented level of security for the application and the data inside the VM. Security virtualization challenge really has to do with people and processes Adapting processes that are used in securing physical assets, for configuration management, patch management, or change management generally, are evermore important in this new environment. Education on unique virtualization security issues and capabilities. We have to ensure that not only security, but audit, operations, and others are educated on these topics, so they can properly interface with the security group when they will.
  • Sans Mc Afee Pandel Slides

    1. 1. Avoiding Security Mistakes In Virtualized Environments Ahmed Sallam Senior Technologist, Software Architecture & Strategy Chief Software Architect © 2009 The SANS™ Institute - www.sans.org
    2. 2. How to Avoid <ul><ul><li>Holistic approach to Virtualization Security </li></ul></ul><ul><ul><ul><li>VM image files security </li></ul></ul></ul><ul><ul><ul><li>VMs traditional end point security </li></ul></ul></ul><ul><ul><ul><li>Securing the virtual network (NIPS, Firewall) </li></ul></ul></ul><ul><ul><ul><li>Mitigating vulnerable and out of patch VMs </li></ul></ul></ul><ul><ul><li>Security must be “Baked In” when designing Virtual Environments </li></ul></ul><ul><ul><ul><li>Security at the hypervisor level </li></ul></ul></ul><ul><ul><ul><li>Security underneath the operating system </li></ul></ul></ul><ul><ul><ul><li>VMSafe is a good example </li></ul></ul></ul>© 2009 The SANS™ Institute - www.sans.org
    3. 3. Scanning of offline Virtual Images Running VMs Offline Images Scans VMs stored locally Scans VMs stored centrally
    4. 4. Securing underneath the OS VMSafe example <ul><li>Be prepared for a notion of protecting VM </li></ul><ul><li>Monitor & control memory inside VMs </li></ul>
    5. 5. Security underneath the OS The evolution <ul><li>Protection for all virtualized devices </li></ul>
    6. 6. Enterprise Virtual Firewall / NIPS © 2009 The SANS™ Institute - www.sans.org
    7. 7. In Summary <ul><ul><li>Tighter integration of security capabilities futures </li></ul></ul><ul><ul><li>Security virtualization challenge has to do with people and processes </li></ul></ul><ul><ul><li>Education on unique virtualization security issues and capabilities. </li></ul></ul>© 2009 The SANS™ Institute - www.sans.org
    8. 8. Thank You © 2009 The SANS™ Institute - www.sans.org

    ×