Security Challenges in the Virtualized World IBM Virtual Server Protection for VMware


Published on

Published in: Education
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Security Challenges in the Virtualized World IBM Virtual Server Protection for VMware

  1. 1. 110.03. IBM Virtual Server Protection2011 Security Challenges in the Virtualized World IBM Virtual Server Protection for VMware Peter Rossi, IBM Senior Security Specialist © 2009 IBM Corporation
  2. 2. Agenda■ IBM Security Framework■ Security Challenges in the Virtualized World –Vulnerability examples■ IBM Virtual Server Protection for VMware2 10.03.2011 © 2011 IBM Corporation
  3. 3. IBM Security Framework3 10.03.2011 © 2011 IBM Corporation
  4. 4. IBM delivers a new approach to Security Management IBMs approach is to strategically IBMs approach is to strategically manage risk end-to end across all manage risk end-to end across all risk areas within an organization. risk areas within an organization.4 10.03.2011 © 2011 IBM Corporation
  5. 5. IBM Security Framework Give the right users access to the right resources at the right time Protect sensitive business data Keep applications available and protected from malicious or fraudulent use. Optimize service availability by mitigating risks Provide actionable intelligence & improve physical infrastructure security5 10.03.2011 © 2011 IBM Corporation
  6. 6. IBM Tivoli Security Focus Areas Trusting Managing Securing Protecting Identities Access Services Data IBM Payroll HCR U6 IBM Online banking E Customers, partners, RC FO EN L IC Y employees (known) PO IBM is #1 in this space Loan applications Retail sales Criminals, competitors, hackers (unknown) Inventory IBM is #1 in this space Manage those you know. Protect against those you don’t. COMPLIANCE IBM is #1 in this space Prove that you’re in control.6 10.03.2011 © 2011 IBM Corporation
  7. 7. Security Challenges in the Virtualized World7 10.03.2011 © 2011 IBM Corporation
  8. 8. Server and Network Convergence8 10.03.2011 © 2011 IBM Corporation
  9. 9. Security Challenges with Virtualization: What is the Impact to Overall Security Posture?9 10.03.2011 © 2011 IBM Corporation
  10. 10. Security Challenges with Virtualization: New Risks Traditional Threats Traditional threats can attack New threats to VM VMs just like real systems environments Virtual server sprawl —————————— Dynamic state —————————— Dynamic relocationManagementVulnerabilities——————————Secure storage of VMsand the managementdata Resource sharing—————————— ——————————Requires new Single point of failureskill sets ———————————————————— Loss of visibilityInsider threat Stealth rootkits in hardware MORE COMPONENTS = MORE EXPOSURE10 10.03.2011 © 2011 IBM Corporation
  11. 11. The Importance of Virtualization System Security■ Businesses are increasingly relying on virtualization technology■ In Q4 2009, 18.2% of servers shipped were virtualized1 – 20% increase over 15.2% shipped in Q4 2008■ Growing interest in cloud computing will fuel further demand■ Vulnerability disclosures have grown as interest has grown1Source: IDC11 10.03.2011 © 2011 IBM Corporation
  12. 12. The Risk Imposed by Virtualization System Vulnerabilities■ Disclosed vulnerabilities pose a significant security risk■ 40% of all reported vulnerabilities have high severity – Tend to be easy to exploit, provide full control over attacked system■ Exploits have been publically disclosed for 14% of vulnerabilities12 10.03.2011 © 2011 IBM Corporation
  13. 13. Vendor Disclosures Include Some Surprising Results ■ Low percentages for Oracle, IBM, and Microsoft VMware: 80.9% RedHat: 6.9% Citrix: 5.8% Oracle: 1.8% IBM: 1.1% Microsoft: 0.9%13 10.03.2011 © 2011 IBM Corporation
  14. 14. Virtualization System Vulnerability Classes■ Vulnerabilities can be classified by what they affect Virtualiza o n Server Guest VM Users 5 System Administrators Virtualization System Admin Guest Guest VM VM VM Hypervisor 1 Hardware 2 3 4 6 Management Console Management Server14 10.03.2011 © 2011 IBM Corporation
  15. 15. Virtualization System Vulnerability Classes■ 1. Management console vulnerabilities –Affect the management console host –Can provide platform or information allowing attack of management server –Can occur in custom consoles or web applications■ 2. Management server vulnerabilities –Potential to compromise virtualization system configuration –Can provide platform from which to attack administrative VM■ 3. Administrative VM vulnerabilities –Compromises system configuration –In some systems (like Xen), equivalent to a hypervisor vulnerability in that all guest VMs may be compromised –Can provide platform from which to attack hypervisor and guest VMs15 10.03.2011 © 2011 IBM Corporation
  16. 16. Virtualization System Vulnerability Classes■ 4. Hypervisor vulnerabilities –Compromise all guest VMs –Cannot be exploited from guest VMs■ 5. Guest VM vulnerabilities –Affect a single VM –Can provide platform from which to attack administrative VM, hypervisor, and other guest VMs■ 6. Hypervisor escape vulnerabilities –A type of hypervisor vulnerability –Classified separately because of their importance –Allow a guest VM user to “escape” from own VM to attack other VMs or hypervisor –Violate assumption of isolation of guest VMs16 10.03.2011 © 2011 IBM Corporation
  17. 17. Virtualization System Vulnerability Examples■ Management console –CVE-2009-2277: A cross-site scripting vulnerability in a VMware web console allows remote attackers to steal cookie-based authentication credentials■ Management server –CVE-2008-4281: VMware VirtualCenter management server can allow a local attacker to use directory traversal sequences to gain elevated privileges■ Administrative VM –CVE-2008-2097: A buffer overflow in a VMWare management service running in the administrative VM could allow remote authenticated users to gain root privileges17 10.03.2011 © 2011 IBM Corporation
  18. 18. Virtualization System Vulnerability Examples■ Guest VM –CVE-2009-2267: A bug in the handling of page fault exceptions in VMware ESX Server could allow a guest VM user to gain kernel mode execution privileges in the guest VM■ Hypervisor –CVE-2010-2070: By modifying the processor status register, a local attacker can cause the Xen kernel to crash■ Hypervisor escape –CVE-2009-1244: An error in the virtual machine display function on VMware ESX Server allows an attacker in a guest VM to execute arbitrary code in the hypervisor18 10.03.2011 © 2011 IBM Corporation
  19. 19. Production Virtualization System Vulnerabilities By Class Hypervisor (1.3%) Indeterminate (6.3%) Mgmt Server (6.3%) Hypervisor Guest VM (15.0%) escape (37.5%) Mgmt console (16.3%) Admin VM (17.5%)19 10.03.2011 © 2011 IBM Corporation
  20. 20. Gartner’s Perspective on Secure Virtualization “IBM has the first commercial implementation of a rootkit detection/prevention offering that works from outside of the virtual machine it is protecting...” -Neil MacDonald, Gartner Neil MacDonald, Gartner20 10.03.2011 © 2011 IBM Corporation
  21. 21. IBM Virtual Server Protection for VMware21 10.03.2011 © 2011 IBM Corporation
  22. 22. Virtualization Security Solutions Existing solutions Threat protection Integrated virtual certified for protection of delivered in a virtual form- environment-aware threat virtual workloads factor protection ■ Firewall § Firewall § Firewall ■ Intrusion Prevention § Intrusion Prevention § Intrusion Prevention ■ System auditing § Virtual network segment § Virtual host protection and ■ File integrity monitoring protection/policy network policy enforcement ■ Anti-malware enforcement § Network access control ■ Security configuration Mgmt § Virtual infrastructure monitoring22 10.03.2011 © 2011 IBM Corporation
  23. 23. Integrated Security■ Non-intrusive o No reconfiguration of the virtual network SiteProtector o No presence in the guest OS Management■ Less management overhead o One Security Virtual Machine (SVM) per physical server Management SVM VM VM o 1:many protection-to-VM ratio Policy Applications Response Applications Applications■ Automated Engines o Privileged presence gives SVM holistic view of OS Hardened OS OS the virtual network OS o Protection automatically applied as VM comes Kernel Kernel Kernel Kernel online VMsafe■ Lower overhead o Eliminates redundant processing tasks Hypervisor■ Protection for any guest OS Hardware23 10.03.2011 IBM Confidential © 2011 IBM Corporation
  24. 24. IBM Confien al d IBM Virtual Server Protection for VMware Integrated threat protection for VMware vSphere 4 Helps customers to be more secure, compliant and cost-effective by delivering integrated and optimized security for virtual data centers. SiteProtector Management Benefits ■ Vulnerability-centric, protocol-aware analysis and protection ■ Abstraction from underlying network configuration ■ Automated protection for new VMs ■ Network-level workload segmentation ■ Privileged-level protection of OS kernel structures24 10.03.2011 © 2011 IBM Corporation
  25. 25. Our Protocol Analysis Module is the engine behind our products Intrusion prevention just got smarter with extensible protection backed by the power of X-Force Client-Side Application Web Application Threat Detection & Virtual Patch Data Security Application Control Protection Protection PreventionWhat It Does: What It Does: What It Does: What It Does: What It Does: What It Does:Shields vulnerabilities Protects end users Protects web applications Detects and prevents Monitors and identifies Manages control offrom exploitation against attacks targeting against sophisticated entire classes of threats unencrypted personally unauthorized applicationsindependent of a applications used application-level attacks as opposed to a specific identifiable information and risks within definedsoftware patch, and everyday such as such as SQL Injection, exploit or vulnerability. (PII) and other segments of the network,enables a responsible Microsoft Office, Adobe XSS (Cross-site confidential information such as ActiveXpatch management PDF, Multimedia files and scripting), PHP file- Why Important: for data awareness. Also fingerprinting, Peer Toprocess that can be Web browsers. includes, CSRF (Cross- Eliminates need of provides capability to Peer, Instant Messaging,adhered to without fear of site request forgery). constant signature explore data flow through and tunneling.a breach Why Important: updates. Protection the network to help At the end of 2009, Why Important: includes the proprietary determine if any potential Why Important:Why Important: vulnerabilities, which Expands security Shellcode Heuristics risks exist. Enforces networkAt the end of affect personal capabilities to meet both (SCH) technology, which application and service2009, 52% of all computers, represent the compliance requirements has an unbeatable track Why Important: access based onvulnerabilities disclosed second-largest category and threat evolution. record of protecting Flexible and scalable corporate policy andduring the year had no of vulnerability against zero day customized data search governance.vendor-supplied patches disclosures and vulnerabilities. criteria; serves as aavailable to remedy the represent about a fifth of complement to datavulnerability. all vulnerability security strategy. disclosures.25 10.03.2011 © 2011 IBM Corporation
  26. 26. IBM Confien al d Automated Discovery/vNACFeatures SiteProtector■ Virtual network access Management control (VNAC)■ Automated discovery SVM is notified The SVM reports to■ Virtual Infrastructure as soon as a VM SiteProtector that a new comes online auditing integration VM is online and initiates a discovery scan.Benefits■ Rogue VM protection■ Virtual Infrastructure monitoring■ Virtual network awareness■ Quarantine or limit network access until VM security posture has been validated SVM limits network communications (quarantine group) until the VM is placed in a non-quarantine group26 10.03.2011 © 2011 IBM Corporation
  27. 27. Security Footprint Reduction CPU-intensive “Lighter” agent used processing removed where guest OS from the guest OS and context is required■ Security isolated in Security consolidated in SVM Virtual Machine■ Less presence in guest OS equals: o improved stability o more CPU/memory available for workloads o decreased attack surface■ Customer-defined thresholds for security resource usage■ Over time, guest OS presence will be reduce to the absolute minimum27 10.03.2011 © 2011 IBM Corporation
  28. 28. Mobility (VMotion) SiteProtector Management■ Maintain security posture Abstraction from underlying irrespective of the physical server physical servers provides on which the VM resides dynamic security adapted for mobility28 10.03.2011 © 2011 IBM Corporation
  29. 29. Introspection-Based Rootkit Detection■ Threat – Malware that embeds itself in the operating system to avoid detection■ Functionality – Rootkit detection engine that uses memory introspection to identify modifications to key guest OS kernel data structures (SSDT & IDT) by malware29 10.03.2011 © 2011 IBM Corporation
  30. 30. Virtual Infrastructure Auditing■ Threat – Virtual machine state change or migration that mixes trust zones■ Functionality – Hooks into VMware management auditing to report events interesting from a security perspective30 10.03.2011 © 2011 IBM Corporation
  31. 31. VMsafe Network Packet Inspection API Security Virtual Machine SlowPath Agent■ vNetwork Data Path Agent DVFilter Library (FastPath Agent) VM VM – Installs as a kernel module and directly intercepts VMM VMM VMM packets in the virtual network packet stream■ vNetwork Control Path Agent FastPath Agent (SlowPath Agent) FastPath – Resides in a security virtual Agent introspection appliance and can be used VMkernel for further thorough processing vswitch01 VMkernel Hardware Interface VMX parameters for SVM: ESX Server ethernet2.networkName = "ibm- vmwarenetwork-appliance" Physical Hardware VMX parameters for VM: = "ibm-iss-vmkmod" VM network traffic ethernet0.filter0.onFailure = "failOpen" VMsafe introspection31 10.03.2011 © 2011 IBM Corporation
  32. 32. VMsafe CPU & Memory API Security Virtual■ Can inspect memory Machine locations and CPU registers VMsafe■ Hypervisor Extension Library VM VM implemented as VMX/VMM V V M M modules s s VMM a VMM a VMM■ VMsafe API Library on SVM f f e e■ Capabilities – Detect current application state in the protected VMs CPU – Sense system VMkernel introspection configuration state from the control registers VMX parameters for SVM: VMkernel Hardware Interface ESX Server ethernet1.networkName = "ibm- vmwareintrospect-appliance" Physical VMX parameters for VM: Hardware vmsafe.enable = "true" vmsafe.agentAddress = "" VM Memory/CPU calls VMsafe Vmsafe VMX/VMM extension vmsafe.agentPort = "49999" vmsafe.failOpen = "TRUE" VMsafe introspection32 10.03.2011 © 2011 IBM Corporation
  33. 33. IBM Virtual Server Protection for VMware helps to meet compliance best practices1. Configuration and change management processes should be extended to encompass the virtual infrastructure – Automatic discovery and protection as a VM comes online – Dashboard visibility into the virtual host OS and the virtual network to identify vulnerabilities. – IBM Virtual Patch® technology protects vulnerabilities on virtual servers regardless of patch strategy2. Maintain separate administrative access control although server, network and security infrastructure is now consolidated – Virtual network access control • Quarantines or limits network access from a virtual server until VM security posture has been confirmed – Virtual Infrastructure auditing3. Provide virtual machine and virtual network security segmentation – Network-level workload isolation4. Maintain virtual audit logging – Virtual Infrastructure monitoring and reporting*Source: RSA Security Brief: Security Compliance in a Virtual World 10.03.2011 © 2011 IBM Corporation
  34. 34. IBM Virtual Server Security for VMware helps customers to be more secure, compliant and cost-effective Integrated threat protection for the VMware vSphere 4 platformHelps meet regulatorycompliance mandates by Protects and tracksproviding security and access of critical datareporting functionality housed on virtual machinescustomized for the virtualinfrastructure How we help your business Increases virtualCreated for and server uptime andintegrated with the availability with virtualvirtual platform rootkit detection Increases ROI with dynamic VM security and discovery34 10.03.2011 © 2011 IBM Corporation
  35. 35. For more information on IBM Virtualization Security Solutions White paper Virtualizations Security Solutions Web page (click the graphic) (click the graphic) Links work in slide show mode.35 10.03.2011 © 2011 IBM Corporation
  36. 36. Question? Thank you!36 10.03.2011 © 2011 IBM Corporation
  37. 37. Trademarks and notes■ IBM Corporation 2010■ IBM, the IBM logo,, AIX, IBM Internet Security Systems, Proventia, Real Secure, SiteProtector, X-Force and Virtual Patch are trademarks or registered trademarks of International Business Machines Corporation in the United States, other countries, or both. If these and other IBM trademarked terms are marked on their first occurrence in this information with the appropriate symbol (® or ™), these symbols indicate US registered or common law trademarks owned by IBM at the time this information was published. Such trademarks may also be registered or common law trademarks in other countries. A current list of IBM trademarks is available on the Web at “Copyright and trademark information” at■ VMware, the VMware "boxes" logo and design, Virtual SMP and VMotion are registered trademarks or trademarks (the "Marks") of VMware, Inc. in the United States and/or other jurisdictions.■ References in this publication to IBM products or services do not imply that IBM intends to make them available in all countries in which IBM operates.■ The customer is responsible for ensuring compliance with legal requirements. It is the customer’s sole responsibility to obtain advice of competent legal counsel as to the identification and interpretation of any relevant laws and regulatory requirements that may affect the customer’s business and any actions the reader may have to take to comply with such laws. IBM does not provide legal advice or represent or warrant that its services or products will ensure that the customer is in compliance with any law or regulation.37 10.03.2011 © 2011 IBM Corporation
  38. 38. 38 10.03.2011 © 2011 IBM Corporation