Virtualization allows multiple operating systems to run on a single physical system by sharing hardware resources. It provides isolation between virtual machines using a virtual machine monitor. Virtualization provides benefits like server consolidation, running legacy applications, sandboxing, and business continuity. However, it also presents risks if not properly secured, such as increased attack channels, insecure communications between virtual machines, and virtual machine sprawl consuming excess resources. Security measures are needed at the hypervisor, host, virtual machine, and network layers to harden the virtualization environment against threats.
2. Topics to be Covered:
Virtualization
Virtual Machine Monitor
Types of Virtualization
Why Virtualization..?
Virtualization Application Areas
Virtualization Risks
Virtualization Security
VM Sprawl
Miscellaneous
3. Virtualization
- Multiple Operating Systems on a Single Physical
System
- Share the Underlying Hardware Resources.
- Multiple Execution Environments,
- Hardware and Software Partitioning,
- Time-Sharing,
- Partial or Complete Machine Simulation/
Emulation
- Separation of a Resource or Request for a service.
8. Why Virtualization..?
Server Consolidation.
Legacy Applications.
Sandbox.
Execution of Multiple Operating Systems.
Simulation of Hardware and Networking Devices.
Powerful Debugging and Performance Monitoring
Fault and Error Containment
Application and System Mobility
Shared Memory Multiprocessors
Business Continuity
Virtualization is FUN...and plenty other reasons.
10. Infrastructure is what connects resources to your
business.
Virtual Infrastructure is a dynamic mapping of your
resources to your business.
Result: decreased costs and increased efficiencies
:
and responsiveness Source: Virtualization Overview
whitepaper, By VMWare.
12. Virtualization Application Areas
Server Virtualization
Storage Virtualization
Infrastructure Virtualization Network Virtualization
13. Virtualization Risks
- Inexperience Involved.
- Increased Channels for Attack.
- Change Management Control.
- IT Asset Tracking and Management.
- Securing Dormant Virtual Machines.
- Sharing Data between Virtual Machines.
14. Exploitation on Virtualization
- Malicious Code Activities through Detection of VM.
- Denial of Service on the Virtual Machine.
- Virtual Machine Escape
15. Historical Incident
- VMware Multiple Denial Of Service Vulnerabilities
Some VMware products support storing configuration
information in VMDB files. Under some circumstances, a
malicious user could instruct the virtual machine process
(VMX) to store malformed data, causing an error. This
error could enable a successful Denial
Denial-of-Service attack
on guest operating systems.
Link:
http://www.Securiteam.com/cves/2007/CVE-2007-1877.html
http://www.Securiteam.com/cves/2007/CVE
17. Hardening Steps to Secure Virtualisation
Environment - Server Service Console
- Restriction to Internal Trusted Network
- Block all the incoming and outgoing traffic except for
necessary ports.
- Monitor the integrity and modification of the configuration
files
- Limit ssh based client communication to a discrete group
of ip addresses
- Create separate partitions for /home, /tmp, and /var/log
18. Hardening Steps to Secure Virtualisation
Environment - Virtual Network Layer
- Network breach by user error or omission.
- MAC Address spoofing (MAC address changes)
- MAC Address spoofing (Forged transmissions)
19. Hardening Steps to Secure Virtualisation
Environment - Virtual Machine
- Apply standard infrastructure security
measures into virtual infrastructure
- Set the resource reservation and limits
for each virtual machine
20. Virtual Machine Sprawl
Unchecked creation of new Virtual Machines (Vms)
The VMs that are created for a short
short-term project are still
using CPU, RAM and network resources, and they
consume storage even if they are powered off.
VM sprawl could lead to a computing environment
running out of resources at a much quicker
quicker-than-
expected rate, and it could skew wider capacity
capacity-planning
exercises.
21. Miscellaneous
Kaspersky Lab has introduced Kaspersky Security for
Virtualization, a virtual security appliance that integrates with
VMware vShield Endpoint to provide agent less, anti malware
security.
VMware Source Code Leak Reveals Virtualization Security
Concerns.
Symantec has its own wide range of tools for Virtualization
Security:
− Symantec Critical System Protection
− Symantec DataLoss Prevention
− Symantec Control Compliance Suite
− Symantec Security Information Manager
− Symantec Managed Security Services
− Symantec Endpoint Solutions