SBC 2012 - Một số vấn đề bảo mật trong Virtualization (Nguyễn Hinh)
Upcoming SlideShare
Loading in...5
×
 

SBC 2012 - Một số vấn đề bảo mật trong Virtualization (Nguyễn Hinh)

on

  • 953 views

 

Statistics

Views

Total Views
953
Slideshare-icon Views on SlideShare
616
Embed Views
337

Actions

Likes
1
Downloads
48
Comments
0

6 Embeds 337

http://kmasecurity.blogspot.com 168
http://securitybootcamp.vn 159
http://kmasecurity.blogspot.jp 6
http://www.securitybootcamp.vn 2
https://twitter.com 1
http://www.kmasecurity.blogspot.com 1

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    SBC 2012 - Một số vấn đề bảo mật trong Virtualization (Nguyễn Hinh) SBC 2012 - Một số vấn đề bảo mật trong Virtualization (Nguyễn Hinh) Presentation Transcript

    • SECURITY BOOTCAMP 2012 | Make yourself to be an expert! 1 2Common issues of Virtualization Security Nguyễn Hinh | hinhnguyen00@gmail.com
    • SECURITY BOOTCAMP 2012 | Make yourself to be an expert! 2 About Me Hinh Nguyen 2 hinhnguyen00@gmail.com UIT Focus on Virtualization & Cloud Computing
    • SECURITY BOOTCAMP 2012 | Make yourself to be an expert! 3 Content I. Overview 2 II. Benefits of Virtualization III. Risks for Virtualized Environments IV. RecommendationsCommon issues of Virtualization Security 2
    • SECURITY BOOTCAMP 2012 | Make yourself to be an expert! Virtualization Overview 4 2 With vMotion instances launching every second, there are more VMs in motion globally than actual aircraft.” -- Paul Maritz, CEO, VMwareCommon issues of Virtualization Security 3
    • SECURITY BOOTCAMP 2012 | Make yourself to be an expert! Virtualization Security Overview 5 • Gartner: 60% of VMs will be LESS SECURE than the 2 Physical Servers they replace (through 2012) http://www.gartner.com/it/page.jsp?id=1322414 Better Less SecureCommon issues of Virtualization Security 4
    • SECURITY BOOTCAMP 2012 | Make yourself to be an expert! 6 Why??? Why - “Hypervisor creates new attack surface” 2 - Designer/OperatorCommon issues of Virtualization Security 5
    • SECURITY BOOTCAMP 2012 | Make yourself to be an expert! 7 2 II. BENEFITS OF VIRTUALIZATIONCommon issues of Virtualization Security 6
    • SECURITY BOOTCAMP 2012 | Make yourself to be an expert! II.1. Reduce cost 8 • Reduce maintenance cost, save power 2 • Reduce quantity of hardware & software to purchase • Reduce “server sprawl”Common issues of Virtualization Security 7
    • SECURITY BOOTCAMP 2012 | Make yourself to be an expert! II.2. More Secure 9 Disaster Recovery & Forensic analysisSandboxing 2 HA capabilities unstable app & compromised HA, FT, …. snapshot server Mixed: 1 physical server (master) Risk: “VM Escape” – VMs (slave) Common issues of Virtualization Security 8
    • SECURITY BOOTCAMP 2012 | Make yourself to be an expert! 10 2 III. RISKS FOR VIRTUALIZED ENVIRONMENTSCommon issues of Virtualization Security 9
    • SECURITY BOOTCAMP 2012 | Make yourself to be an expert! III. Risks for Virtualized Environments 11 2Common issues of Virtualization Security 10
    • SECURITY BOOTCAMP 2012 | Make yourself to be an expert! III. Risks for Virtualized Environments 12 • Hypervisor • Host/platform 2 • Communication • Isolation between guest and guest • Isolation between guest and hostCommon issues of Virtualization Security 11
    • SECURITY BOOTCAMP 2012 | Make yourself to be an expert! 13 2 IV. RECOMMENDATIONSCommon issues of Virtualization Security 12
    • SECURITY BOOTCAMP 2012 | Make yourself to be an expert! IV.14Recommendations • Restrict physical access • Implement defense2 in depth • Enforce least privilege and separation of duties • Harden the hypervisor • Harden virtual machines and other componentsCommon issues of Virtualization Security 13
    • SECURITY BOOTCAMP 2012 | Make yourself to be an expert! IV.15Recommendations 2Common issues of Virtualization Security 14
    • SECURITY BOOTCAMP 2012 | Make yourself to be an expert! IV.16Recommendations 2Common issues of Virtualization Security 15
    • SECURITY BOOTCAMP 2012 | Make yourself to be an expert! IV.17Recommendations 2Common issues of Virtualization Security 15
    • SECURITY BOOTCAMP 2012 | Make yourself to be an expert! • Update OS,… like physical server 18 VM • Limit sharing console: 2 • Control access resource, disconnet unauthorized device • Use AD, verify “ESX Admin” group ESXi 2 • passwork policy • Config FW (SSH), NTP, SNMP… • SSL for NFC • Assign role to specific users • Verify vSphere plug-in vCenter • Client connect vCenter by SSL with trusted CA-signed cert • Disable datastore browser • Management, vMotion & storage traffic is isolated vNetwork • Forged Transmits & MAC address change policy: reject • Port groups are not native VLAN
    • SECURITY BOOTCAMP 2012 | Make yourself to be an expert! 19 Q&A 2Common issues of Virtualization Security
    • SECURITY BOOTCAMP 2012 | Make yourself to be an expert! 20 2