Visibility & Security for the Virtualized Enterprise
 

Visibility & Security for the Virtualized Enterprise

on

  • 318 views

As enterprises embrace virtualization, they need to be able to see what’s happening throughout their environment and then apply effective security mechanisms. This session describes the kind of ...

As enterprises embrace virtualization, they need to be able to see what’s happening throughout their environment and then apply effective security mechanisms. This session describes the kind of information that enterprises should collect from physical and virtual infrastructures, the kind of analysis to perform and the ways tools like encryption can be applied in securing the virtualized enterprise.


Objective 1: Describe what information an enterprise needs to collect to effectively manage and secure their physical and virtual environments.
After this session you will be able to:
Objective 2: Understand the kinds of analysis that needs to be done on collected information in order to make effective security decisions.
Objective 3: Identity ways in which security capabilities can be applied in securing the virtualized enterprise.

Watch more on http://www.brainshark.com/emcworld/vu?pi=zHJzQJGhyzB8sLz0

Statistics

Views

Total Views
318
Views on SlideShare
318
Embed Views
0

Actions

Likes
0
Downloads
9
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Visibility & Security for the Virtualized Enterprise Visibility & Security for the Virtualized Enterprise Presentation Transcript

  • Visibility & Security for the Virtualized Enterprise John McDonald, CISSP © Copyright 2013 EMC Corporation. All rights reserved. 1
  • Roadmap Information Disclaimer  EMC makes no representation and undertakes no obligations with regard to product planning information, anticipated product characteristics, performance specifications, or anticipated release dates (collectively, “Roadmap Information”).  Roadmap Information is provided by EMC as an accommodation to the recipient solely for purposes of discussion and without intending to be bound thereby.  Roadmap information is EMC Restricted Confidential and is provided under the terms, conditions and restrictions defined in the EMC NonDisclosure Agreement in place with your organization. © Copyright 2013 EMC Corporation. All rights reserved. 2
  • Agenda  Foundations  How Virtualization Impacts Your Security  Securing & Monitoring Virtual Environments  Summary © Copyright 2013 EMC Corporation. All rights reserved. 3
  • Foundations © Copyright 2013 EMC Corporation. All rights reserved. 4
  • Foundations  Attack surface  High Value Assets  Types of Security Controls © Copyright 2013 EMC Corporation. All rights reserved. 5
  • What is An Attack Surface?  Originally proposed by the Software Engineering Institute at Carnegie Mellon University  The attack surface of a system the set of ways in which an adversary can enter the ‘system’ and potentially cause damage – Intentional or unintentional  Hence, the larger the attack surface, the more difficult it is to secure the system © Copyright 2013 EMC Corporation. All rights reserved. 6
  • Information is Created and Stored DMZ Attack Points: • OS (multiple) • Local storage • Web Server PII PHI PCI IP Networ k SAN Internet Custome r/Client /Patient Database Web Server Application Server Database Server Storage Array Infrastructure © Copyright 2013 EMC Corporation. All rights reserved. 7
  • Information is Created and Stored DMZ Networ k Attack Points: • OS (multiple) • Local storage • Web Server Internet Customer/ Client /Patient SAN PII PHI PCI IP Web Server Database Application Server Attack Points: • OS (multiple) • Local storage • App (multiple) Database Server Storage Array Infrastructure © Copyright 2013 EMC Corporation. All rights reserved. 8
  • Information is Created and Stored DMZ Attack Points: • OS (multiple) • Local storage • Web Server SAN Networ k PII PHI PCI IP Internet Customer/ Client /Patient Attack Points: • Switches • Routers •Sniffers Web Server Application Server Attack Points: • OS (multiple) • Local storage • App (multiple) Database Database Server Attack Points: • OS (multiple) • Local storage • DB (multiple) Storage Array Infrastructure © Copyright 2013 EMC Corporation. All rights reserved. 9
  • Information is Created and Stored DMZ Attack Points: • OS (multiple) • Local storage • Web Server Attack Points: • Switches • Routers •Sniffers PII PHI PCI IP Internet Customer /Client /Patient SAN Networ k Web Server Application Server Attack Points: • OS (multiple) • Local storage • App (multiple) Database Server Attack Points: • OS (multiple) • Local storage • DB (multiple) Infrastructure © Copyright 2013 EMC Corporation. All rights reserved. Attack Points: • Switches • Controllers • Host Drivers Database Storage Array Attack Points: • Mgt Interface • Copies • Backups 10
  • Information is Accessed and Managed DMZ Attack Points: • OS (multiple) • Local storage • Web Server Attack Points: • Switches • Routers •Sniffers SAN Networ k PII PHI Database PCI IP Internet Customer /Client /Patient Web Server Application Server Attack Points: • OS (multiple) • Local storage • App (multiple) Database Server Attack Points: • OS (multiple) • Local storage • DB (multiple) Infrastructure © Copyright 2013 EMC Corporation. All rights reserved. Attack Points: • Switches • Controllers • Host Drivers Storage Array Attack Points: • Mgt Interface • Copies • Backups 11
  • Information is Accessed and Managed SAN PII PHI Database PCI IP Database Server Storage Array Infrastructure © Copyright 2013 EMC Corporation. All rights reserved. 12
  • Numerous Attack Points Information is Accessed and Managed Partner s Customer Attack Points: • OS (multiple) Service • Service App Attack Points: • Intercepted email • Wrong addressee Emai l • Local storage SAN Attack Points: • OS (multiple) • Backup App • Snap/Clone Attack Points: • OS (multiple) • Lost/stolen device • Local storage PII PHI Database PCI IP Client s Employees Customer s Suppliers Portal/ Intranet Attack Points: • OS (multiple) • Web Server • Network © Copyright 2013 EMC Corporation. All rights reserved. Backup Server Database Server Attack Points: • Lost/Stolen • Unauthorized Access Copy Attack Points: Storag • Network Communications e Business Mobile Devices Array Attack Points: Attack Points: Attack Points: • Unauthorized DR • OS (multiple) • Device exploit Applications •Lost/stolen Access Infrastructure • Business App • Physical Theft Site device • Local storage 13
  • What is an Information Attack Surface? The Information Attack Surface for a given type of information equals the combination of the attack surfaces of all components that ‘touch’ that type of information • For the entire lifecycle of that information • Virtualization adds another layer to the attack surface © Copyright 2013 EMC Corporation. All rights reserved. 14
  • What are High-Value Assets? • An asset that, if compromised, will have a significant impact on: – – – – – Revenue/Critical Business Processes Intellectual Property/Trade Secrets Brand/Image Legal/Regulatory Compliance Total Customer Experience • Assets can be systems (HVSA) or information (HVIA) © Copyright 2013 EMC Corporation. All rights reserved. 15
  • Types of Security Controls • Three types of security controls to consider – Preventive – Prevent compromise from occurring in the first place (Firewall, AV, Encryption, etc.) – Detective – Detects if compromise has or is occurring and what happened (SIEM, IDS/HDS, forensics, etc.) – Corrective – Allows environment to be returned to previous non-compromised state (e.g. AV, backups, DR, etc.) • Preventive provides the greatest value, but becoming increasingly difficult (e.g. 0-day vulnerabilities. APTs, etc.) © Copyright 2013 EMC Corporation. All rights reserved. 16
  • How Virtualization Impacts Security © Copyright 2013 EMC Corporation. All rights reserved. 17
  • Virtualization’s Impact  New threat landscape  Servers as files  Server sprawl  Super Admins  Multitenancy © Copyright 2013 EMC Corporation. All rights reserved. 18
  • New Threat Landscape © Copyright 2013 EMC Corporation. All rights reserved. 19
  • Virtualization Threat Modeling  You need to understand the changes the virtualization introduces into your threat model – Sources – Where the attack originates (don’t forget physical and accidents) – Objectives – The goals of the attack – Methods – How the attack is accomplished  ‘Objectives’ and ‘Methods’ tend to drive an attackers targets  Objectives that are focused on compromising sensitive assets or disrupting your environment can target your virtualization environment © Copyright 2013 EMC Corporation. All rights reserved. 20
  • Threat Modeling Process Threat Modeling Process 1. Identify Assets (including VMs) Lead Designer, Business Owner 2. Create an Architecture Overview 3. Decompose the Attack Surface Designer Architect Security Lead 4. Identify the Threats Brainstorm Session 5. Document the Threats 6. Rate the Threats © Copyright 2013 EMC Corporation. All rights reserved. Designer, Development, Infrastructure, Documentation, Testers, Security, Project Management 21
  • Physical Servers • Most organizations have good physical security • Physical servers are well protected from theft Data Center © Copyright 2013 EMC Corporation. All rights reserved. 22
  • Virtualization Changes Server Security  Servers are now files, which can easily be copied/stolen – Locally or over a network – Along with the information they contain (.vmdk files) = Now © Copyright 2013 EMC Corporation. All rights reserved. 23
  • Server Sprawl  Virtualization makes adding servers easier – Which inevitably results in more servers – Which in turn means more copies of sensitive information and a larger attack surface = Now © Copyright 2013 EMC Corporation. All rights reserved. 24
  • Super Admins  Previously, system admins only had access to servers they were directly responsible for – With virtualization environments, VM admins can access the files representing the servers in the domains they manage – ‘Introspection’ capabilities provide potential visibility into every VM © Copyright 2013 EMC Corporation. All rights reserved. 25
  • Multi-tenancy  Many virtual environments support multiple different business organizations in a single environment – Cloud providers  Each environment may have different security requirements; all require segregation from the others © Copyright 2013 EMC Corporation. All rights reserved. 26
  • Securing & Monitoring Your Virtual Environment © Copyright 2013 EMC Corporation. All rights reserved. 27
  • Securing & Monitoring  Ensure solid foundations  Understand the threats  Protect & control access  Monitor & respond  Advanced solutions © Copyright 2013 EMC Corporation. All rights reserved. 28
  • Ensure Solid Foundations  There are a number of processes that need to be solid before you can effectively secure a virtual (or any) environment – – – – Classification Change control Patch management Configuration management  Underlying all of these should be a solid documentation foundation – You can’t secure what you don’t understand! © Copyright 2013 EMC Corporation. All rights reserved. 29
  • General Process Impact  One of the biggest advantages of virtualization is that it tends to simplify many processes – What used to require accessing many physical servers can be easily accomplished from a single VM management console – But this can also be a weakness from a security perspective  A common problem is that this simplification tends to lead to a more lax approach to these processes – – – – Change control New server creation Asset management Patch management  Which in turn reduces the effectiveness of these process controls © Copyright 2013 EMC Corporation. All rights reserved. 30
  • Foundations: Classification  Classification is the process of defining standard security ‘buckets’ based on broad protection requirements – Usually 3-4 classification levels  Example: – – – – Restricted Internal Company Confidential Company Sensitive Public  Every asset should be assigned a classification – Servers, databases, switches, etc. – Based on the highest classification of information it ‘touches’ © Copyright 2013 EMC Corporation. All rights reserved. 31
  • Foundations: Classification (contd.)  Need to define protection requirements for VMs based on classification – Each classification should mandate both general and technology-specific standards ▪ Examples: — All OS instances that process information classified as ‘Company Confidential’ shall themselves be classified ‘Company Confidential’ » » — — All attempted, successful and failed login attempts shall be logged and reviewed All access changes must be reviewed and approved Windows instances classified as ‘Company Confidential’ shall not run the following services:… Linux instances classified as ‘Company Confidential’ shall not run the following daemons:…  The VM environment itself should have a classification – And associated security configuration standards © Copyright 2013 EMC Corporation. All rights reserved. 32
  • Foundations: Change Control  Automated, comprehensive & integrated change control for VM environments – Should cover ALL changes! – Automated detection of changes (event logs) and correlation to approved change requests – Should include changes to the VM environment itself  Change events should be sent to a SIEM system for analysis and correlation – Configuration change events as well as security events © Copyright 2013 EMC Corporation. All rights reserved. 33
  • Foundations: Configuration Management  Unmanaged/uncontrolled changes are one of the most common sources of security vulnerabilities – ‘Temporary’ changes to fight some fire that never get undone  VM environment and VMs should be scanned regularly to ensure compliance with define configuration standards  Consider utilizing standards-based automated configuration definition framework – Security Configuration Automation Protocol (SCAP) – XML-based NIST standard (submitted to ISO) © Copyright 2013 EMC Corporation. All rights reserved. 34
  • Understand the Threats  Virtualization adds an entirely new series of attack vectors to your environment – Understanding and monitoring potential threats is critical – Both internal and external threats  You need to be aware of new threats and be able to rapidly adjust your security profile to address them  You need to develop a threat intelligence team that monitors threat news from multiple sources – VMWare, McAfee, Symantec, hacker forums, Black Hat, etc.  Be careful to distinguish between ‘threats’ and ‘vulnerabilities’ © Copyright 2013 EMC Corporation. All rights reserved. 35
  • Protect & Control Access  Controlling who has access to what files and who can perform which functions is critical – Using tools like Introspection, VM admins become ‘super admins’ – Can access files and data structures in any running VM  Don’t forget the basics – – – – Strong passwords Password rotation Avoid shared accounts Multi-factor or risk-based authentication for privileged accounts – Document an map all accounts to specific users © Copyright 2013 EMC Corporation. All rights reserved. 36
  • Protect & Control Access: Roles  Role-based access control provides the ability to strongly segregate access – Roles define which components a user can access and what they can (and can’t) do – Users are assigned roles  Most VM environments provide default roles – Custom roles should be created to segregate access and control – OS instance (VM) admins should be allowed access to only the VMs they’re responsible for  Implementing and managing fine-grained role-based access can be complex, but critical  VM host admins should be treated as some of the most sensitive accounts in your environment! – Strong authentication – Full monitoring of all activities – Restricted activities (e.g. web surfing) © Copyright 2013 EMC Corporation. All rights reserved. 37
  • Sample Default Roles (VMWare)  No Access: A permanent role that is assigned to new users and groups. Prevents a user or group from viewing or making changes to an object  Read-Only: A permanent role that allows users to check the state of an object or view its details, but not make changes to it  Administrator: A permanent role that enables a user complete access to all of the objects on the server. The root user is assigned this role by default, as are all of the users who are part of the local Windows Administrators group associated with vCenter Server. At least one user must have administrative permissions in VMware.  Virtual Machine Administrator: A sample role that allows a user complete and total control of a virtual machine or a host, up to and including removing that VM or host  Virtual Machine Power User: A sample role that grants a user access rights only to virtual machines; can alter the virtual hardware or create snapshots of the VM  Virtual Machine User: Grants user access rights exclusively to VMs. The user can power on, power off, and reset the virtual machine, as well as run media from the virtual discs.  Resource Pool Administrator: Allows the user to create resource pools (RAM and CPU reserved for use) and assign these pools to virtual machines  Datacenter Administrator: Permits a user to add new datacenter objects  VMware Consolidated Backup User: Required to allow VMware Consolidated Backup to run  Datastore Consumer: Allows the user to consume space on a datastore  Network Consumer: Allows the user to assign a network to a virtual machine or a host © Copyright 2013 EMC Corporation. All rights reserved. 38
  • Protect & Control Access: Encryption  Encryption can be thought of as a form of access control – Only actors with access to the decryption keys can access the content  Doing encryption right can be a challenge – Need to understand the threats you’re trying to protect against (use cases) – One size does not fit all with encryption! – Numerous potential ‘side effects’ that need to be considered © Copyright 2013 EMC Corporation. All rights reserved. 39
  • The Encryption Stack • Encrypting at a given layer tend to protect all layers below • High layer encryption addresses more threat profiles • Cost and complexity tend to go up as you move up the stack © Copyright 2013 EMC Corporation. All rights reserved. 40
  • Encryption: Considerations  What are the drivers? (threats, regulations, policy, etc.)  Key and algorithm strength  Solution acquisition, implementation, management & impact costs  Performance impact (encrypted data cannot be compressed)  Protection Domains (where will the data be protected?)  User Context/Access Control  Transition  Key Management (who has access, key rotation, key retention, etc.)  Secondary Operations (backups, data de-duplication, replication, etc.)  Government Regulations © Copyright 2013 EMC Corporation. All rights reserved. 41
  • Monitor & Respond  Continuous real-time monitoring of security-related events in a virtual environment is critical to maintaining security – Attacks happen fast – The longer an attacker is active in your environment, the more damage that can be done  Monitoring is primarily a detective control, but may prevent further damage by detecting early  Need to define and document requirements (based on threat environment) – What will be monitored? – What events will be collected? – What do the events mean?  Modern complex environments generate huge amounts of event data – Need to be able to make sense of it all – Types of events collected should be based on classification © Copyright 2013 EMC Corporation. All rights reserved. 42
  • Monitor & Respond: Event Monitoring  Most obvious collection requirements are security events – Focus on failures and errors – For all critical components, not just host instances (e.g. network devices, VM events, storage, etc.)  However, management and change events can be just as critical – Create new VM – Change access permissions – Accesses to VM files  Numerous tools available – Splunk, RSA Security Analytics, Catbird, etc.  In a multi-tenancy environment, you may need to provide unique event log feeds to each tenant – All events relevant to their components (not just host events) © Copyright 2013 EMC Corporation. All rights reserved. 43
  • Monitor & Respond: Responding  Detecting a security event is meaningless unless it can be addressed effectively – Need to have a comprehensive structured incident response plan  The team responsible for the virtual environment must be integrated into the response plan  The use of VMs can actually simplify the forensic process – Easy to make a snapshot of impacted servers © Copyright 2013 EMC Corporation. All rights reserved. 44
  • Advanced Solutions: Key Management  In a multi-tenancy environment, some tenants may require stronger protection of VMs – Even if VM admin can’t access host OS, they can still access the VM files  Some vendors provide a split-key distributed key management solution – Allows each tenant to control a portion of their VM’s encryption keys – Afore Solutions is one example © Copyright 2013 EMC Corporation. All rights reserved. 45
  • Advanced Solutions: SCIT  Self-Cleansing Intrusion Tolerance – Invented by a team at George Mason University – Supports the assertion that you will never be able to completely prevent all intrusions, especially in vulnerable servers (e.g. web servers, DNS servers, etc.)  Uses a rotating set of ‘gold image’ VMs to regularly replace potentially infected ones © Copyright 2013 EMC Corporation. All rights reserved. 46
  • Summary  Virtualization adds additional attack vectors to what is already an extremely complex attack surface  Basic foundational capabilities are critical to effectively securing a virtual environment  As with any technology you need to understand the requirements and threats before you can secure it  Controlling and protecting access and appropriate monitoring are critical © Copyright 2013 EMC Corporation. All rights reserved. 47