Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Virtualization security

4,196 views

Published on

null Pune May 2012 Meet

Published in: Education, Technology
  • Be the first to comment

  • Be the first to like this

Virtualization security

  1. 1. Virtualizati on -By Ma ng e s h Gunj a l
  2. 2. Topics to be Covered: Vir t ua l iz at io n Vir t ua l Ma c hine Mo nit o r T y p es o f Vir t ua l iz at io n Why Vir t ua l iz at io n..? Vir t ua l iz at io n Ap p l ic at io n Ar e a s Vir t ua l iz at io n Ris k s Vir t ua l iz at io n Se c ur it y VM Sp r awl Mis c e l l a ne o us
  3. 3. Virtualization - Mul t ip l e Op e r a t ing Sy s t e ms o n a Sing l e Phy s ic a l Sy s t e m - Mul t ip lt e Ex e c utrio y ing Ha r d wa r e Sha r e he Und e l - n Re s o ur c e s . Env ir o nme nt s , - Ha r d wa r e a nd So f t wa r e Pa r t it io ning , - T ime -Sha r ing , - Pa r t ia l o r Co mp l e t e Ma c hine Simul a t io n/ - Se p a r a tio n o f a Re s o ur c e Emul a t io no r Re q ue s t f o r a s e r v ic e .
  4. 4. S o u r c e : Vir t ua l iz a t io nOv e r v ie wwhit e p a p e r , By
  5. 5. - Vir t ua l Ma c hine Mo nit o r ( VMM)- Emul a t io n o r s imul a t io n- Vir t ua l Ma c hine s- I s o l a t e d Env ir o nme nt
  6. 6. S o u r c e : Vir t ua l iz a t io nOv e r v ie wwhit e p a p e r , By
  7. 7. ParaVirtualization S o u r c e : Vir t ua l iz a t io n Ov e r v ie w whit e p a p e r , By
  8. 8. Why Virtualization..? Se r v e r Co ns o l id at io n. Leg a c y Ap p l ic at io ns. Sa nd b o x . Ex e c ut io n o f Mul t ip l e Op e r at ing Sy s t e ms. Simul at io n o f Ha r d wa r e a nd Ne t wo r k ing Dev ic es. Po we r f ul De bugging a nd Pe r f o r ma nc e Mo nit o r ing Fa ul t a nd Er r o r Co nt a inme nt Ap p l ic at io n a nd Sy s t e m Mo b il it y Sha r e d Me mo r y Mul t ip r o c ess o r s Bus iness Co nt inuit y
  9. 9. S o u r c e : Vir t ua l iz a t io nOv e r v ie wwhit e p a p e r , By
  10. 10. I n f r a s t r u c t u r e is wha tc o nne c t s r e s o ur c e s t o y o urb us ine s s .V ir t u a l I n f r a s t r u c t u r e is ad y na mic ma p p ing o f y o urr e s o ur c e s t o y o ur b us ine s s . S o u r c e : Vir t ua l iz a t io n Ov e r v ie wR e s u l t : d e c r e a s e d c o s t s a nd whit e p a p e r , By
  11. 11. VirtualizationApplication Areas Des k t o p Vir t ua l iz at io n Ap p l ic at io n Vir t ua l iz at io n
  12. 12. VirtualizationApplication Areas Se r v e r Vir t ua l iz a t io n St o r a g e Vir t ua l iz a t io nI nf r a s t r uc t ur e Vir t ua l iz at io n Ne t wo r k Vir t ua l iz a t io n
  13. 13. Virtualization Risks- I ne x p e r ie nc e I nv o l v e d .- I nc r e a s e d Cha nne l s f o r At t a c k .- Cha ng e Ma na g e me nt Co nt r o l .- I T Ass e t T r a c k ing a nd Ma na g e me nt .- Se c ur ing Do r ma nt Vir t ua l Ma c hines.- Sha r ing Dat a b e t we e n Vir t ua l Ma c hines.
  14. 14. Exploitation on Virtualization- Malicious Code Activities through Detection of VM.- Denial of Service on the Virtual Machine.- Virtual Machine Escape
  15. 15. Historical Incident- VMware Multiple Denial Of Service Vulnerabilities Some VMware products support storing configuration information in VMDB files. Under some circumstances, a malicious user could instruct the virtual machine process (VMX) to store malformed data, causing an error. This error could enable a successful Denial-of- Service attack on guest operating systems.Link:
  16. 16. Virtualization Security Hy p e r v is o r Se c ur it y Ho s t / Pl at f o r m Se c ur it y Se c ur ing Co mmunic at io ns Se c ur it y b e t we e n Gues t s Se c ur it y b e t we e n Ho s t s a nd Gues t s Vir t ua l iz e d I nf r a s t r uc t ur e Se c ur it y Vir t ua l Ma c hine Sp r awl
  17. 17. Hardening Steps to Secure Virtualisation Environment - Server Service Console- Restriction to Internal Trusted Network- Block all the incoming and outgoing traffic except for necessary ports.- Monitor the integrity and modification of the configuration files- Limit ssh based client communication to a discrete group of ip addresses- Create separate partitions for /home, /tmp, and /var/log
  18. 18. Hardening Steps toSecure VirtualisationEnvironment - Virtual Network Layer- Network breach by user error or omission.- MAC Address spoofing (MAC address changes)- MAC Address spoofing (Forged transmissions)
  19. 19. Hardening Steps to Secure Virtualisation Environment - Virtual Machine- Apply standard infrastructure security measures into virtual infrastructure- Set the resource reservation and limits for each virtual machine
  20. 20. Virtual Machine Sprawl Unc he c k e d c r e at io n o f ne w Vir t ua l Ma c hines ( Vms ) T he VMs t hat a r e c r e at e d f o r a s ho r t -t e r m p r o j e c t a r e s t il l us ing CPU, RAM a nd ne t wo r k r es o ur c es, a nd t hey c o ns ume s t o r a g e ev e n if t hey a r e powe r e d of f . VM s p r awl c o ul d l e a d t o a c o mp ut ing e nv ir o nme nt r unning o ut o f r es o ur c es at a muc h q uic k e r -t ha n-e x p e c t e d r at e , a nd it c o ul d s k e w wid e r c a p a c it y - p l a nning e x e r c is es.
  21. 21. Miscellaneous Ka s p e r s ky La b ha s int r o d uc e d Ka s p e r s ky Se c ur it y f o r Vir t ua l iz at io n, a v ir t ua l s e c ur it y a p p l ia nc e t hat int egr at es wit h VMwa r e v Shie l d End po int t o p r ov id e a g e nt l ess, a nt i ma l wa r e s e c ur it y. VMwa r e So ur c e Co d e Le a k Rev e a l s Vir t ua l iz at io n Se c ur it y Co nc e r ns. Sy ma nt e c ha s it s own wid e r a ng e o f t o o l s f o r Vir t ua l iz at io n Se c ur it y : − Sy ma nt e c Cr it ic a l Sy s t e m Pr ot e c t io n − Sy ma nt e c Dat a Lo ss Pr ev e nt io n − Sy ma nt e c Co nt r o l Co mp l ia nc e Suit e − Sy ma nt e c Se c ur it y I nf o r mat io n Ma na g e r
  22. 22. References- VMware.com- Microsoft.com- SANS.org- Gartner.com- Trendmicro.com- Symantec.com
  23. 23. Thank You

×