Virtually Secure: Uncovering the risks of virtualization
Organizations have been quickly leveraging the benefits of virtualized platforms in their datacenters, often unknowingly increasing the exposure of their most prized assets.
Michael will highlight the key concerns around virtualization technologies including the answers to questions such as are virtualized servers PCI compliant and what minimum controls must exist to protect the hypervisor? He will walk the audience through the latest technical threats and shed light on the solutions and controls available to secure your virtual environments.
2. Virtual Insecurity
Unknown Denial of Service on core servers
IT can not identify root cause
Copyright 2007 – Seccuris Inc.
3. Virtual Insecurity
Financial System
controls subverted
in unknown fashion
Audit systems and
forensic process
unable to assist
Copyright 2007 – Seccuris Inc.
5. Virtual Insecurity
60% of production virtual machines
will be less secure
than their physical counterparts…
…through 2009.
Copyright 2007 – Seccuris Inc.
6. WELCOME TO THE REST OF YOUR LIFE
What do we need to understand regarding
design, management and control
to implement virtualization successfully
in our critical environments?
Copyright 2007 – Seccuris Inc.
7. What is virtualization? (Overview)
Concept not new:
Done since the 1960’s
Physical Hardware = Host Machine
Operating System / Virtual
Appliance = Guest
VMs = Virtual Machine(s)
Hypervisor (VMM) = Virtual
Machine Monitor
Virtual Infrastructure = Composite
of VMM & Mgmt tools
Copyright 2007 – Seccuris Inc.
8. Hybrid VMM
Type-2 VMM
Guest Guest
1 2
Guest Guest
VMM 1 2
Host OS Host OS VMM
Hardware Hardware
Examples:
Windows
Server
Virtualization
Xen
VMWare ESX
Copyright 2007 – Seccuris Inc.
http://port25.technet.com/archive/2007/08/13/Interoperab-on-the-metal-and-on-the-wire.aspx
9. Virtualization Implementations
Full Virtualization
• Binary Translation – Privileged Instructions Rewritten
• Hypervisor in “Ring 0”, Guest in “Ring -1”
Copyright 2007 – Seccuris Inc.
10. Virtualization Implementations
Full Virtualization
• Hardware Supported Virtualization
(Accelerated Virtualization, Hardware Virtual Machine, Native
Virtualization)
• Hardware Hypervisor in “Privileged Level”, Guest in Ring 0
Copyright 2007 – Seccuris Inc.
12. On-going development of Virtualization
Generational Development of Virtualization
1. Development & Test
2. Consolidation
3. Virtualized Data Center
Increased complexity, controls & management processes
Copyright 2007 – Seccuris Inc.
13. Players in the Virtualization Market
The image cannot be display ed. Your computer may not hav e enough memory to open the image, or the image may hav e been corrupted. Restart y our computer, and then open the file again. If the red x still appears, y ou may hav e to delete the image and then insert it again.
The image cannot be display ed. Your computer may not hav e enough memory to open the image, or the image may hav e been corrupted. Restart y our computer, and then open the file again. If the red x still appears, y ou may hav e to delete the image and then insert it again.
Copyright 2007 – Seccuris Inc.
14. Players in the Virtualization Market
Copyright 2007 – Seccuris Inc.
15. VMWare – How does it work?
Binary Translation (System Call Proxy)
Like an emulator, VMware software provides a completely virtualized
set of hardware to the guest operating system.
VMware software virtualizes the hardware for a video adapter, a
network adapter, and hard disk adapters.
The host provides pass-through drivers for guest USB, serial, and
parallel devices.
Copyright 2007 – Seccuris Inc.
16. VMWare – How does it work?
The host provides
pass-through drivers for
guest USB, serial, and
parallel devices.
Video, Cache and other
hardware includes
pass-through as well…
Copyright 2007 – Seccuris Inc.
17. VMWare Products:
What is the difference?
Desktop Virtualization On Host OS
• VMWare Workstation Hybrid VMM
• VMWare Fusion
• VMWare Player
Server Virtualization On Bare Metal
• VMWare ESX Server Type-1 VMM
• VMWare Server - Freeware
Management & Automation Above it all
• VMWare Virtual Center Management Software
Copyright 2007 – Seccuris Inc.
18. Technical Concepts –
VMWare Implementation
Datacenter Components
• Computing Servers (Bare metal)
• Management Server – Single
Control point (Win 2k3)
• Desktop clients
Copyright 2007 – Seccuris Inc.
19. Technical Concepts –
VMWare Implementation
Datacenter Architecture
• Hosts, Clusters &
Resource Pools
• DRS and HA
• Dynamically Allocate System Resources
• High Availability
• VMotion
• Move guest between physical systems
Copyright 2007 – Seccuris Inc.
27. Technical Concepts –
VMWare Implementation
Data inventory & Information Classification
becomes a prime time issue
Copyright 2007 – Seccuris Inc.
28. Threats & Risks in Virtualization
• Technical Concerns
• Applied threats
Copyright 2007 – Seccuris Inc.
29. Threats & Risks – Technical Concerns
Technical Concerns
•Denial of Service
• Load issues (Time / Period)
• Bottle Necks (Physical)
• Bottle Necks (Logical)
How well do you know your
application processing time
cycles?
Copyright 2007 – Seccuris Inc.
30. Threats & Risks – Technical Concerns
Technical Concerns
•Communication Between VMs or
Between VMs
and Host
• Shared Directories
• Open Services (FTP, DHCP)
• Misconfigured network cards
How well built are your legacy
and custom applications?
Copyright 2007 – Seccuris Inc.
31. Threats & Risks – Technical Concerns
Technical Concerns
• VM Escape
• VM Monitoring from the Host
• VM Monitoring from Another VM
• VM Monitoring from network
based host
(Network / Storage)
“VM Escapes have happened”
Copyright 2007 – Seccuris Inc.
32. Threats & Risks – Technical Concerns
Technical Concerns
• External Modification of a
VM
• External Modification of
the Hypervisor
• Sun Bing’s Example
How much trust do you put
in your administrators?
Copyright 2007 – Seccuris Inc.
33. Threats & Risks in Virtualization
• Technical Concerns
• Applied threats
Copyright 2007 – Seccuris Inc.
34. Threats & Risks – Applied Threats
VMBR – Virtual Machine Based
Root Kits
APP 1 APP 2
SubVirt: Implementing malware
with virtual machines
BluePill: VM “Rootkit”
Before Attack
Copyright 2007 – Seccuris Inc.
35. Threats & Risks – Applied Threats
VMBR – Virtual Machine Based
Root Kits
APP 1 APP 2
SubVirt: Implementing malware
Evil
Host OS
with virtual machines App
Evil OS Evil VMM
BluePill: VM “Rootkit”
Hardware
Fundamental changes
to forensic system
investigation must After Attack
occur!
Copyright 2007 – Seccuris Inc.
36. Threats & Risks – Applied Threats
VMWare DHCP Server Remote Code
Execution Vulnerabilities
CVE-2007-0061, CVE-2007-0062,
CVE-2007-0063
(http://www.iss.net/threats/275.html)
IMPACTS VMM and VMs!
Copyright 2007 – Seccuris Inc.
37. Threats & Risks – Applied Threats
Hardware Visibility
(http://seclists.org/isn/2008/Mar/0055.html)
• Hardware segmentation
DOES NOT EXIST
• Race conditions, covert
channels, unknown
overflow issues are
possible!
Copyright 2007 – Seccuris Inc.
38. Security Controls for Virtualization
• Controls for Today
• Software & Appliances
• Controls in the future
Copyright 2007 – Seccuris Inc.
39. Security Controls for Virtualization
Controls for Today (CIS Best Practices)
Configuration:
• Limit Physical Access to Host
• Harden Base Operating System
• Configuration Maximums
• Firewalling Virtual Machine Layer Service Ports
• Use Encryption For Communication
• Virtualization Server Authentication
Copyright 2007 – Seccuris Inc.
40. Security Controls for Virtualization
Controls for Today
Configuration:
• Disabling Features (Including Screensavers and Suspend)
• File Sharing Between Host and Guests
• Time Synchronization
• Disconnect Unused Devices
Copyright 2007 – Seccuris Inc.
41. Security Controls for Virtualization
Controls for Today
Architecture Requirements
• Remote Management
• Patching and Vulnerabilities
• Logging & Auditing
Copyright 2007 – Seccuris Inc.
42. Security Controls for Virtualization
Controls for Today
Architecture & Configuration
Host and Network Defences
• File Integrity Checking
• Strong Passwords
• Disk Partitioning
• Backups
Copyright 2007 – Seccuris Inc.
43. Security Controls for Virtualization
Software & Appliances
• Host Based IDS/IPS
• Host Based Anti-Virus
• Host Change Control
• Host Logging
Copyright 2007 – Seccuris Inc.
44. Security Controls for Virtualization
Security Controls in the Future
• VMSafe – Hypervisor
Visibility & Control
• VMWare (aware) security
software
• Virtualizaiton (aware)
security hardware
Copyright 2007 – Seccuris Inc.
45. Security Controls for Virtualization
Is virtualization PCI
compliant?
“We are currently trying to
become PCI compliant,
but our auditor company
is saying that “in no shape
or form is virtualization PCI
compliant”. I disagree, but
I am not an auditor.”
Greg Ryan
Copyright 2007 – Seccuris Inc.
46. Obstacles to Success
The top obstacles to virtualization success include:
• Weak assignment of activities between
virtual machine administrators and security staff.
• Inadequate control over patching and tamper protection of
offline virtual machines other images.
Copyright 2007 – Seccuris Inc.
47. Obstacles to Success
The top obstacles to virtualization success include:
• Limited visibility to the host operating system and virtual
network to control vulnerabilities.
• Inhibited visibility to inter-virtual machine traffic for
intrusion prevention systems (IPSs).
• Deficient solution for mobile virtual machines that need
security policy and settings to migrate with them.
Copyright 2007 – Seccuris Inc.
48. Business Environment improvements
Policy & Procedure - What to look for?
• Can the organization ensure that:
• each virtual machine is appropriately configured and tested?
• can support virtual machines within its computing environment?
Copyright 2007 – Seccuris Inc.
49. Business Environment improvements
Policy & Procedure - What to look for?
• Does the organization have a plan for
assessing, monitoring and reporting on the
state of its physical and virtual systems?
• How will deployment and compliance of new virtual
machines be tracked?
Copyright 2007 – Seccuris Inc.
51. Technical Environment improvements
Resources
• Center for Internet Security
• http://www.cisecurity.org/
• VMware Security Center
• http://www.vmware.com/security/
Copyright 2007 – Seccuris Inc.
52. General Thoughts around Virtualization
The fallacy* of cost reduction
Copyright 2007 – Seccuris Inc.
53. General Thoughts around Virtualization
The fallacy of cost reduction
• Increased complexity
• Increase in exposure to:
• Technical misconfiguration
• Central points of access /
collusion for staff
Copyright 2007 – Seccuris Inc.
54. Moving forward with Virtualization
Understand how virtualization will change your
security program, architecture and controls
Make plans today for securing the virtualization
roadmap in your environment
Prepare for the inevitable impacts with design
review, control improvements & incident
handling
Copyright 2007 – Seccuris Inc.
55. How Seccuris assists your solution
Security Architecture & Design for
Virtual Environments
Virtualization Environment
Risk Assessment
Managed Security Services for
Virtual Environments
Copyright 2007 – Seccuris Inc.
56. Thanks
Michael Legary, SCP, CISSP, CISM, CISA, CCSA, GCIH, CPP
Founder & Chief Innovation Officer
Seccuris Inc.
This presentation contains reference
material and direct content from
Email: Michael.Legary@seccuris.com
multiple copyright holders.
Direct: 204-255-4490
Main: 204-255-4136 References available on request /
Fax: 204-942-6705 within presentation slide notes.
Resources
Center for Internet Security
http://www.cisecurity.org/
VMware Security Center
http://www.vmware.com/sec
urity/
Copyright 2007 – Seccuris Inc.