A brief overview of server virtualization for information security and audit professionals. I gave earlier versions of this talk at the SV and SF ISACA conferences in 2010, this version is for the UC Compliance and Audit Symposium.
• Overview and Introduction to Virtualisation
• Security Risks in Virtualised Environments
• Controls in Virtualised Environments
• Summary and Conclusions
VMworld 2013: Introducing NSX Service Composer: The New Consumption Model for...VMworld
VMworld 2013
Merritte Stidston, McKesson
James Wiese, VMware
Learn more about VMworld and register at http://www.vmworld.com/index.jspa?src=socmed-vmworld-slideshare
VMworld 2013: Security Automation Workflows with NSX VMworld
VMworld 2013
Gargi Keeling, VMware
Don Wood, McKesson
Troy Casey, McKesson
Learn more about VMworld and register at http://www.vmworld.com/index.jspa?src=socmed-vmworld-slideshare
VMworld 2013
Azeem Feroz, VMware
Sachin Vaidya, VMware
Learn more about VMworld and register at http://www.vmworld.com/index.jspa?src=socmed-vmworld-slideshare
• Overview and Introduction to Virtualisation
• Security Risks in Virtualised Environments
• Controls in Virtualised Environments
• Summary and Conclusions
VMworld 2013: Introducing NSX Service Composer: The New Consumption Model for...VMworld
VMworld 2013
Merritte Stidston, McKesson
James Wiese, VMware
Learn more about VMworld and register at http://www.vmworld.com/index.jspa?src=socmed-vmworld-slideshare
VMworld 2013: Security Automation Workflows with NSX VMworld
VMworld 2013
Gargi Keeling, VMware
Don Wood, McKesson
Troy Casey, McKesson
Learn more about VMworld and register at http://www.vmworld.com/index.jspa?src=socmed-vmworld-slideshare
VMworld 2013
Azeem Feroz, VMware
Sachin Vaidya, VMware
Learn more about VMworld and register at http://www.vmworld.com/index.jspa?src=socmed-vmworld-slideshare
WHITE PAPER: Threats to Virtual Environments - Symantec Security Response TeamSymantec
Virtualization in enterprises has been a growing trend for years, offering attractive opportunities for scaling, efficiency, and flexibility. According to Forrester Research1, over 70 percent of organizations are planning to use server virtualization by the end of 2015.
Often, companies delay implementing virtualization due to security concerns or adopt virtualization before deploying advanced security measures. However, virtual machines and their hosting servers are not immune to attack. Introducing virtualization technology to a business creates new attack vectors that need to be addressed, such as monitoring the virtual networks between virtual machines. We have seen malware specifically designed to compromise virtual machines and have observed attackers directly targeting hosting servers. Around 18 percent of malware detects virtual machines and stops executing if it arrives on one.
Virtual systems are increasingly being used to automatically analyze and detect malware. Symantec has noticed that attackers are creating new methods to avoid this analysis. For example, some Trojans will wait for multiple left mouse clicks to occur before they decrypt themselves and start their payload. This can make it difficult or impossible for an automated system to come to an accurate conclusion about the malware in a short timeframe. Attackers are clearly not ignoring virtual environments in their plans, so these systems need to be protected as well.
VMware vRealize Network Insight delivers intelligent operations for software-defined networking and security across virtual, physical and multiple-clouds with micro-segmentation planning, 360 visibility and NSX operations.
An Introduction to PowerShell for Security AssessmentsEnclaveSecurity
With the increased need for automation in operating systems, every platform now provides a native environment for automating repetitive tasks via scripts. Since 2007, Microsoft has gone “all in” with their PowerShell scripting environment, providing access to every facet of the Microsoft Windows operating system and services via a scriptable interface. Not only can administrators completely administer and audit an operating system from this shell, but most all Microsoft services, such as Exchange, SQL Server, and SharePoint services as well. In this presentation James Tarala of Enclave Security will introduce students to using PowerShell scripts for assessing the security of thee Microsoft services. Auditors, system administrators, penetration testers, and others will all learn practical techniques for using PowerShell to assess and secure these vital Windows services.
Enterprise PowerShell for Remote Security AssessmentsEnclaveSecurity
As organizations assess the security of their information systems, the need for automation has become more and more apparent. Not only are organizations attempting to automate their assessments, the need is becoming more pressing to perform assessments centrally against large numbers of enterprise systems. Forensic analysts, incident handlers, penetration testers, and auditors all regularly find themselves in situations where they need to remotely assess a large number of systems through an automated set of tools. Microsoft’s PowerShell scripting language has become the defacto standard for many organizations looking to perform this level of distributed automation. In this presentation James Tarala, of Enclave Security, will describe to students the enterprise capabilities PowerShell offers and show practical examples of how PowerShell can be used to perform large scale Windows security assessments.
An overview of Whats New in VMware vRealize Network Insight 3.4. vRealize Network Insight provides micro-segmentation planning, 360 visibility and troubleshooting and VMware NSX day 2 operations management.
Effectively Utilizing LEMSS: Top 11 Security Capabilities You Can Implement T...Lumension
With the availability of Lumension® Endpoint Management and Security Suite (L.E.M.S.S.) v7.2 just around the corner, it’s time to take a deep dive into the new capabilities available for your organization implement to improve your IT risk and systems management.
Learn the Top 11 NEW capabilities in L.E.M.S.S. and how you can effectively implement and take advantage of these capabilities in L.E.M.S.S. – both existing and new in v7.2 – to improve your security by leveraging modules and add-ons within LEMSS.
Using SCCM 2012 r2 to Patch Linux, UNIX and MacsLumension
Today, everything has to be patched. From desktop and laptop to server and every operating system in between. With compliance, what we have to pay attention to is what’s actually out there on our network – not just what you wish were there.
Servers (Windows, UNIX and Linux)Even Windows-centric environments have at least a few UNIX or Linux servers that need to be secure and patched. Linux and UNIX servers often fulfill critical functions with few and short maintenance windows. These can be a real pain point for admins who specialize in Windows or are managed by an entirely different admin.
Desktops (Windows and Macs)Maybe you are responsible for desktops instead of servers. Again it’s not just a Windows story any more. More and more people are opting for Macs instead of Windows. Watch the vulnerability lists and you’ll see that Macs need patching too.
The kicker though is the 80/20 rule. If at least 80% of the computers on your network are Windows and the remaining 20% are everything else – it’s a safe bet, given the maturity and ease of WSUS, that 20% of your patching effort goes to Windows but 80% of your effort is consumed with patching all the different flavors of UNIX, Linux and your Mac computers. We need one system to manage all our patches and one pane of glass to prove compliance from data center to desktop.
Believe it or not System Center 2012 R2 provides the infrastructure to do just that – it just needs a little help. Last time we showed you how you can patch 3rd party apps on Windows through System Center Update Manager. This time we’ll show you how you can patch non-Windows systems using the new System Center clients for UNIX, Linux and Mac.
Moving Forward with Network Virtualization (VMware NSX)VMware
The most agile, secure and scalable networks have moved intelligence from hardware into software using network virtualization. If you’re ready to evolve your network towards the future, we can help.
Get the details on network virtualization in our comprehensive, easy-to-read book: Network Virtualization For Dummies. Download your copy: vmware.com/go/nvdummies
Security and Virtualization in the Data CenterCisco Canada
This presentation will discuss, effectively integrating security, core Data Center fabric technologies and features, secutiry as part of the core design, designs to enforce micro segmentation in the data center, enforce separation of duties in virtualized and cloud environments and security to enforce continuous compliance.
WHITE PAPER: Threats to Virtual Environments - Symantec Security Response TeamSymantec
Virtualization in enterprises has been a growing trend for years, offering attractive opportunities for scaling, efficiency, and flexibility. According to Forrester Research1, over 70 percent of organizations are planning to use server virtualization by the end of 2015.
Often, companies delay implementing virtualization due to security concerns or adopt virtualization before deploying advanced security measures. However, virtual machines and their hosting servers are not immune to attack. Introducing virtualization technology to a business creates new attack vectors that need to be addressed, such as monitoring the virtual networks between virtual machines. We have seen malware specifically designed to compromise virtual machines and have observed attackers directly targeting hosting servers. Around 18 percent of malware detects virtual machines and stops executing if it arrives on one.
Virtual systems are increasingly being used to automatically analyze and detect malware. Symantec has noticed that attackers are creating new methods to avoid this analysis. For example, some Trojans will wait for multiple left mouse clicks to occur before they decrypt themselves and start their payload. This can make it difficult or impossible for an automated system to come to an accurate conclusion about the malware in a short timeframe. Attackers are clearly not ignoring virtual environments in their plans, so these systems need to be protected as well.
VMware vRealize Network Insight delivers intelligent operations for software-defined networking and security across virtual, physical and multiple-clouds with micro-segmentation planning, 360 visibility and NSX operations.
An Introduction to PowerShell for Security AssessmentsEnclaveSecurity
With the increased need for automation in operating systems, every platform now provides a native environment for automating repetitive tasks via scripts. Since 2007, Microsoft has gone “all in” with their PowerShell scripting environment, providing access to every facet of the Microsoft Windows operating system and services via a scriptable interface. Not only can administrators completely administer and audit an operating system from this shell, but most all Microsoft services, such as Exchange, SQL Server, and SharePoint services as well. In this presentation James Tarala of Enclave Security will introduce students to using PowerShell scripts for assessing the security of thee Microsoft services. Auditors, system administrators, penetration testers, and others will all learn practical techniques for using PowerShell to assess and secure these vital Windows services.
Enterprise PowerShell for Remote Security AssessmentsEnclaveSecurity
As organizations assess the security of their information systems, the need for automation has become more and more apparent. Not only are organizations attempting to automate their assessments, the need is becoming more pressing to perform assessments centrally against large numbers of enterprise systems. Forensic analysts, incident handlers, penetration testers, and auditors all regularly find themselves in situations where they need to remotely assess a large number of systems through an automated set of tools. Microsoft’s PowerShell scripting language has become the defacto standard for many organizations looking to perform this level of distributed automation. In this presentation James Tarala, of Enclave Security, will describe to students the enterprise capabilities PowerShell offers and show practical examples of how PowerShell can be used to perform large scale Windows security assessments.
An overview of Whats New in VMware vRealize Network Insight 3.4. vRealize Network Insight provides micro-segmentation planning, 360 visibility and troubleshooting and VMware NSX day 2 operations management.
Effectively Utilizing LEMSS: Top 11 Security Capabilities You Can Implement T...Lumension
With the availability of Lumension® Endpoint Management and Security Suite (L.E.M.S.S.) v7.2 just around the corner, it’s time to take a deep dive into the new capabilities available for your organization implement to improve your IT risk and systems management.
Learn the Top 11 NEW capabilities in L.E.M.S.S. and how you can effectively implement and take advantage of these capabilities in L.E.M.S.S. – both existing and new in v7.2 – to improve your security by leveraging modules and add-ons within LEMSS.
Using SCCM 2012 r2 to Patch Linux, UNIX and MacsLumension
Today, everything has to be patched. From desktop and laptop to server and every operating system in between. With compliance, what we have to pay attention to is what’s actually out there on our network – not just what you wish were there.
Servers (Windows, UNIX and Linux)Even Windows-centric environments have at least a few UNIX or Linux servers that need to be secure and patched. Linux and UNIX servers often fulfill critical functions with few and short maintenance windows. These can be a real pain point for admins who specialize in Windows or are managed by an entirely different admin.
Desktops (Windows and Macs)Maybe you are responsible for desktops instead of servers. Again it’s not just a Windows story any more. More and more people are opting for Macs instead of Windows. Watch the vulnerability lists and you’ll see that Macs need patching too.
The kicker though is the 80/20 rule. If at least 80% of the computers on your network are Windows and the remaining 20% are everything else – it’s a safe bet, given the maturity and ease of WSUS, that 20% of your patching effort goes to Windows but 80% of your effort is consumed with patching all the different flavors of UNIX, Linux and your Mac computers. We need one system to manage all our patches and one pane of glass to prove compliance from data center to desktop.
Believe it or not System Center 2012 R2 provides the infrastructure to do just that – it just needs a little help. Last time we showed you how you can patch 3rd party apps on Windows through System Center Update Manager. This time we’ll show you how you can patch non-Windows systems using the new System Center clients for UNIX, Linux and Mac.
Moving Forward with Network Virtualization (VMware NSX)VMware
The most agile, secure and scalable networks have moved intelligence from hardware into software using network virtualization. If you’re ready to evolve your network towards the future, we can help.
Get the details on network virtualization in our comprehensive, easy-to-read book: Network Virtualization For Dummies. Download your copy: vmware.com/go/nvdummies
Security and Virtualization in the Data CenterCisco Canada
This presentation will discuss, effectively integrating security, core Data Center fabric technologies and features, secutiry as part of the core design, designs to enforce micro segmentation in the data center, enforce separation of duties in virtualized and cloud environments and security to enforce continuous compliance.
Risk Analysis and Mitigation in Virtualized EnvironmentsSiddharth Coontoor
As companies move towards hybrid cloud solution there are still many private cloud solutions still out there. Traditional risk assessment techniques cannot be applied to such virtual servers. This paper is an attempt to identify key assets and assess risks related to these critical assets.
La plataforma Azure está compuesta por más de 200 productos y servicios en la nube diseñados para ayudarle a dar vida a nuevas soluciones que permitan resolver las dificultades actuales y crear el futuro. Cree, ejecute y administre aplicaciones en varias nubes, en el entorno local y en el perímetro, con las herramientas y los marcos que prefiera.
This report addresses the common challenge of BMS cyber security and its underlying components. Vulnerable elements across a range of components were investigated, with the vulnerabilities potentially affecting more than 10 million people.
During the research, some of the risks discovered within these BMS components include the potential ability for threat actors to:
Remotely lock or unlock doors and gates;
Control physical access of restricted areas;
Deny service (shutdown controllers);
Manipulate alarms and video surveillance;
Control temperature, boilers, air-condition, windows blinds, gas readings, etc.
Through a detailed analysis of the affected components, we provide clear cyber security recommendations for end users, vendors and system integrators, as well as a thorough technical breakdown including Proof of Concept exploit code, which allow unauthenticated remote code execution against the affected BMS products.
https://applied-risk.com/resources/i-own-your-building-management-system
VMworld 2013: The Missing Link: Storage Visibility In Virtualized Environments VMworld
VMworld 2013
Matt Cowger, EMC
Mahesh Kumar, VMware
Learn more about VMworld and register at http://www.vmworld.com/index.jspa?src=socmed-vmworld-slideshare
An overview of the information security job market and the Netflix security organization. Presented at Binghamton University's Upsilon Pi Epsilon (CS Honor Society) meeting on 10/30/2015.
Virtualization: Security and IT Audit Perspectives
1. Virtualization: IT Audit and Security Perspectives Jason Chan Director of Security, VMware chanj@vmware.com
2. Agenda 2 Background and Disclaimers Virtualization Basics and Business Drivers Audit and Security Topics of Interest New Attack Vectors Architectural Options and Opportunities Summary
3. 3 I work at VMware In IT (not R&D or Marketing) Security consulting and audit background Manage the ITGC/IT SOX program at VMware Previously involved with CISP/PCI @stake, Symantec, iSEC Partners Background and Disclaimers
4. Presentation Focus x86 server virtualization Application, desktop, storage virtualization (while interesting) are not covered Not VMware-specific Not comprehensive What is interesting about server virtualization from a security and IT audit perspective? 4
7. Abstraction of hardware to allow multiple “virtual machines” to co-exist on single physical system
8.
9. Server Virtualization in the Real World General implementation order: Dev and Test Environments LOB Applications Production/Mission Critical Overall workload virtualization is estimated around 16% as of 10/2009 Expected to be ~50% by 2012 8
10. Business Drivers: Cost Do more with less Centralize administration Drive a higher server/admin ratio Hardware, space, and power Consolidate and contain infrastructure Less hardware, fewer racks Lower power and cooling costs 9
15. Business Drivers: Agility Flexibility and ease of deployment and change Simple provisioning Multiple OS on a single server Easily scale up, down, in, and out High availability Simple clustering Location-independent agility for DR 11
18. Segregation of Duties Hypervisor and virtualization infrastructure are new components to manage Server, storage, network, and security duties are collapsed IT org structure must be able to support virtualization Critical considerations: Role-mapping within IT RBAC capabilities of virtualization platform Layered controls (prevent, detect, respond) Unfortunately, often given short shrift because of deployment patterns 15
19. Physical Security?!? Consider traditional data center controls in a virtual context Cameras – prevent theft, monitor physical access Biometrics, guards, man traps – control physical access Locked racks – prevent theft of physical assets 16
20. Virtual Corollaries to Physical Security Virtual console Accessible without respect to physical location Protect with idle timeouts, access control Storage of virtual disks “Theft” of a system possible without physical access Maintain control of virtual machine files (including templates and backups) “Rack and stack” Rogue provisioning without data center access Emphasize management infrastructure access controls and monitoring 17
21. Change and Configuration Management Virtualization enables fast and highly automated orchestration and provisioning Responsibilities may be consolidated VM sprawl and licensing compliance can become an issue without adequate controls Process needs to keep pace to leverage advantages while managing risk Ramifications for CMDB? Emphasize both preventative and detective controls 18
22. Capacity Management Virtual capacity is a new discipline for capacity and scalability engineers Power, network, CPU, etc. Over-subscription and peak load planning Dynamic capabilities of virtual workloads puts increased importance on planning HA, DR and planned maintenance can cause capacity issues 19
23. Infrastructure Hardening Hypervisor/VMM system hardening Security of administrative and support infrastructure Service accounts, networking Management network isolation Consolidation of functions makes this even more critical Virtual network configuration 20
24. Platform Security Security characteristics and capabilities of your virtualization platforms and vendors Software security quality Resource isolation across VMs Memory, disk, CPU, network Resource limits and reservations Management infrastructure RBAC, monitoring, remote administration, APIs 21
25. Security Advantages and Opportunities Interesting options for control placement and implementation Patching, firewalls, IPS, DLP, etc. Centralized view of resources Introspection at a previously unavailable level Management, monitoring, etc. Full system lifecycle management and visibility Actions on system state are traceable Decommissioning is auditable Templates and automation provide new opportunities for configuration management and refresh 22
27. VM Escape Considered “holy grail” of virtualization exploits “Escaping” through the virtualization layer to attack: The host Other virtual machines (out of band) Cloudburst Presented at Black Hat 2009 24
28. Hyperjacking VMBRs (Virtual Machine Based Rootkits) Insert a hypervisor underneath a running OS Can target a physical or virtual system Relies on hardware virtualization extensions Blue Pill, SubVirt, Vitriol 25
29. VM Migration Attacks HA/DR/maintenance feature Involves moving a VM across hardware Server, cluster, storage Attacks involve sniffing, capturing, and/or modifying VM traffic during migration 26
46. What Considerations Arise? Degree of resource utilization Cost to acquire and operate Complexity of design Reliance on virtualization Manageability of environment The “right” answers depend on organizational capabilities and risk management approach 33
48. Recommendations Understand: Virtualization security concerns and possibilities How existing processes and controls can be leveraged and will need to be enhanced Security controls offered by your virtualization platforms Have the architectural conversations Determine what’s organizationally appropriate 35
As with most technologies, there are accompanying concerns for security and audit professionalsProactively addressing these concerns gives you the best chance for success
Templates also facilitate compliance with standards