Alessio L.R. Pennasilico
mayhem@aipsi.org
twitter: mayhemspp
FaceBook: alessio.pennasilico
Virtualization (in)security
Thu...
Virtualization (in)security mayhem@aipsi.org
$ whois mayhem
Board of Directors:
CLUSIT, Associazione Informatici Professio...
Virtualization (in)security mayhem@aipsi.org
Classical threats
Escape from VM
diversi esempi nel tempo,
ne vedremo altri i...
Virtualization (in)security mayhem@aipsi.org
altre minacce
malware vm-aware
4
Thursday, 21 October, 2010
Virtualization (in)security mayhem@aipsi.org
Confidenzialità
posso clonare macchine accese
e fare quello che voglio sui cl...
Virtualization (in)security mayhem@aipsi.org
Management VLAN
Gli host/hypervisor si dicono
diverse cose interessanti
Dove ...
Virtualization (in)security mayhem@aipsi.org
Traffico di servizio
accesso all’interfaccia amministrativa
test reachability...
Virtualization (in)security mayhem@aipsi.org
Soluzioni?
Dividere
Filtrare
Analizzare
8
Thursday, 21 October, 2010
Virtualization (in)security mayhem@aipsi.org
Logical
9
Thursday, 21 October, 2010
Virtualization (in)security mayhem@aipsi.org
Physical
10
Thursday, 21 October, 2010
Virtualization (in)security mayhem@aipsi.org
disruption
Cosa succede se rendo “irraggiungibili” gli
IP monitorati per la g...
Virtualization (in)security mayhem@aipsi.org
Unauthorized access
Brute force?
Exploit (undocumented services)?
Exploit app...
Virtualization (in)security mayhem@aipsi.org
netstat
tcp	
  	
  	
  	
  0	
  	
  	
  	
  	
  0	
  0.0.0.0:5989	
  	
  	
  ...
Virtualization (in)security mayhem@aipsi.org
Perchè
intercettare / rallentare il traffico iSCSI / NFS
storage in replica p...
Virtualization (in)security mayhem@aipsi.org
Migration
Manipolare le VM durante la migrazione?
http://www.eecs.umich.edu/t...
Virtualization (in)security mayhem@aipsi.org
Migration
Posso spostare VM infette
di datacenter in datacenter...
16
Thursda...
Virtualization (in)security mayhem@aipsi.org
Dubbi...
traffico “trusted” tra datacenter per garantire
la migration delle V...
Virtualization (in)security mayhem@aipsi.org
Dormant VM
outdated policy
outdated signatures (AV, IPS)
manipolabili? >;-)
1...
Virtualization (in)security mayhem@aipsi.org
Botnet e Cloud?
19
Thursday, 21 October, 2010
Virtualization (in)security mayhem@aipsi.org
Traffico interVM
firewall virtuali?
feature dell’hypervisor?
prodotti di terz...
Virtualization (in)security mayhem@aipsi.org
Prodotti agent based
multipiattaforma?
(comprende backup, AV, IPS...)
21
Thur...
Virtualization (in)security mayhem@aipsi.org
Budget?
81% delle intrusioni avvengono su reti che non
sodisfano i requiremen...
Virtualization (in)security mayhem@aipsi.org
Conclusioni
Usare la virtualizzazione?
Si, ma…
Dividere, Filtrare, Analizzare...
Alessio L.R. Pennasilico
mayhem@aipsi.org
twitter: mayhemspp
FaceBook: alessio.pennasilico
Domande?
These slides are writt...
Upcoming SlideShare
Loading in...5
×

Smau 2010 MIlano: Seminario AIPSI Virtualizzazione Sicura

1,306

Published on

Published in: Technology, News & Politics
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,306
On Slideshare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
9
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Smau 2010 MIlano: Seminario AIPSI Virtualizzazione Sicura

  1. 1. Alessio L.R. Pennasilico mayhem@aipsi.org twitter: mayhemspp FaceBook: alessio.pennasilico Virtualization (in)security Thursday, 21 October, 2010
  2. 2. Virtualization (in)security mayhem@aipsi.org $ whois mayhem Board of Directors: CLUSIT, Associazione Informatici Professionisti, Associazione Italiana Professionisti Sicurezza Informatica, Italian Linux Society, OpenBSD Italian User Group, Hacker’s Profiling Project 2 Security Evangelist @ Thursday, 21 October, 2010
  3. 3. Virtualization (in)security mayhem@aipsi.org Classical threats Escape from VM diversi esempi nel tempo, ne vedremo altri in futuro :) 3 Thursday, 21 October, 2010
  4. 4. Virtualization (in)security mayhem@aipsi.org altre minacce malware vm-aware 4 Thursday, 21 October, 2010
  5. 5. Virtualization (in)security mayhem@aipsi.org Confidenzialità posso clonare macchine accese e fare quello che voglio sui cloni? 5 Thursday, 21 October, 2010
  6. 6. Virtualization (in)security mayhem@aipsi.org Management VLAN Gli host/hypervisor si dicono diverse cose interessanti Dove facciamo passare il traffico “di servizio”? 6 Thursday, 21 October, 2010
  7. 7. Virtualization (in)security mayhem@aipsi.org Traffico di servizio accesso all’interfaccia amministrativa test reachability per HA vMotion iSCSI, NFS 7 Thursday, 21 October, 2010
  8. 8. Virtualization (in)security mayhem@aipsi.org Soluzioni? Dividere Filtrare Analizzare 8 Thursday, 21 October, 2010
  9. 9. Virtualization (in)security mayhem@aipsi.org Logical 9 Thursday, 21 October, 2010
  10. 10. Virtualization (in)security mayhem@aipsi.org Physical 10 Thursday, 21 October, 2010
  11. 11. Virtualization (in)security mayhem@aipsi.org disruption Cosa succede se rendo “irraggiungibili” gli IP monitorati per la gestione dell’HA? 11 Thursday, 21 October, 2010
  12. 12. Virtualization (in)security mayhem@aipsi.org Unauthorized access Brute force? Exploit (undocumented services)? Exploit application layer? (SOAP) 12 Thursday, 21 October, 2010
  13. 13. Virtualization (in)security mayhem@aipsi.org netstat tcp        0          0  0.0.0.0:5989            0.0.0.0:*              LISTEN tcp        0          0  0.0.0.0:902              0.0.0.0:*              LISTEN             tcp        0          0  0.0.0.0:903              0.0.0.0:*              LISTEN             tcp        0          0  0.0.0.0:427              0.0.0.0:*              LISTEN             tcp        0          0  0.0.0.0:80                0.0.0.0:*              LISTEN             tcp        0          0  0.0.0.0:22                0.0.0.0:*              LISTEN             tcp        0          0  0.0.0.0:443              0.0.0.0:*              LISTEN             13 Thursday, 21 October, 2010
  14. 14. Virtualization (in)security mayhem@aipsi.org Perchè intercettare / rallentare il traffico iSCSI / NFS storage in replica per HA/DR 14 Thursday, 21 October, 2010
  15. 15. Virtualization (in)security mayhem@aipsi.org Migration Manipolare le VM durante la migrazione? http://www.eecs.umich.edu/techreports/cse/2007/CSE-TR-539-07.pdf Jon Oberheide, Evan Cooke, Farnam Jahanian: Xensploit 15 Thursday, 21 October, 2010
  16. 16. Virtualization (in)security mayhem@aipsi.org Migration Posso spostare VM infette di datacenter in datacenter... 16 Thursday, 21 October, 2010
  17. 17. Virtualization (in)security mayhem@aipsi.org Dubbi... traffico “trusted” tra datacenter per garantire la migration delle VM? Traffico protetto? Traffico Trusted / VPN come canale di accesso amministrativo? 17 Thursday, 21 October, 2010
  18. 18. Virtualization (in)security mayhem@aipsi.org Dormant VM outdated policy outdated signatures (AV, IPS) manipolabili? >;-) 18 Thursday, 21 October, 2010
  19. 19. Virtualization (in)security mayhem@aipsi.org Botnet e Cloud? 19 Thursday, 21 October, 2010
  20. 20. Virtualization (in)security mayhem@aipsi.org Traffico interVM firewall virtuali? feature dell’hypervisor? prodotti di terze parti? 20 Thursday, 21 October, 2010
  21. 21. Virtualization (in)security mayhem@aipsi.org Prodotti agent based multipiattaforma? (comprende backup, AV, IPS...) 21 Thursday, 21 October, 2010
  22. 22. Virtualization (in)security mayhem@aipsi.org Budget? 81% delle intrusioni avvengono su reti che non sodisfano i requirement delle più diffuse norme/best practice / guidelines Gartner 22 Thursday, 21 October, 2010
  23. 23. Virtualization (in)security mayhem@aipsi.org Conclusioni Usare la virtualizzazione? Si, ma… Dividere, Filtrare, Analizzare, Patchare 23 Thursday, 21 October, 2010
  24. 24. Alessio L.R. Pennasilico mayhem@aipsi.org twitter: mayhemspp FaceBook: alessio.pennasilico Domande? These slides are written by Alessio L.R. Pennasilico aka mayhem. They are subjected to Creative Commons Attribution- ShareAlike 2.5 version; you can copy, modify or sell them. “Please” cite your source and use the same licence :) Grazie per l’attenzione! Thursday, 21 October, 2010
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×