Virtualization Security
Abstract
Virtualization Security is the need for rapidly growing Virtualized environment. This paper try to explain various factors affecting virtual security, assessment tools and various products to deal with it.
1) What is Virtualization?
Virtualization is anything that directly segregates any software resource from underlying hardware or system resource. It is done via using Hypervisor, also known as VMM (Virtual Machine Moniter). Multiple operating systems, including multiple instances of the same operating system, can share hardware resources. Unlike multitasking, which also allows applications to share hardware resources, the virtual machine approach using a hypervisor isolates failures in one operating system from other operating systems sharing the hardware.
2) Virtualization Standard
DMTF Open Standard for System Virtualization Management (http://www.dmtf.org/newsroom/pr/view?item_key=70d5d3ba78d39488626f838397a3d1e9812e5d40)
DMTF OVF Rel. 1 (www.dmtf.org/standards/published_documents/DSP0243_1.0.0.pdf) The Open Virtualization Format (OVF) Specification describes an open, secure, portable, efficient and extensible format for the packaging and distribution of software to be run in virtual machines.
3) What is Virtualization Environment
The virtualization environment is anything that directly or indirectly touches the virtualization host or virtual machines.
4) Change in Datacenter
Virtualization is changing datacenter into Green DataCenter (Green IT) and becoming cost effective solution for enterprises.
More and more companies are adopting Virtual environment and cloud for better operational functionality,
5) Famous Virtualization, Cloud Implementations,
5.1) The Rackspace Cloud
5.2) Amazon Elastic Compute Cloud
5.3) VMWare Technologies
5.4) Windows Azure
5.5) Google App Engine
5.6) SalesForce
5.7) Go Grid
5.8) Oracle VM Virtual Box
5.9) Red Hat Enterprise Virtualization Manager
6) Virtualization for Better Security
Industries are adopting Virtualization because of its better security functionality over traditional network components.
i) Cleaner and easier Disaster Recovery and Business Continuity Planning.
ii) Faster Recovery after attacks,
a. Compromised VM’s can be reverted to Last known Good Snapshot OR Backup.
b. No need to rebuild from scratch.
c. Better forensics capabilities,
i. Take entire VM as opposed to just one image.
ii. Contents of memory can be more easily captured.
iii) Patching is safer and more effective,
a. Actually test patches on identical images of critical machine as opposed to the mocked up lab environment.
b. Failed patches can be easily recovered through snapshots or clones.
c. Patch offline virtual machines.
iv) No need of multiple images for every different piece of hardware in the environment.
v) More “Cost Effective” Solution,
a. Security devices can also be virtualized, so internal security becomes a real option because of low cost of software solution versus hardware.
7) Traditional Security Approach
8) Security Risks in Virtualization
8.1) Misconfiguration
As per Gartner security survey biggest security risk for virtual environment is Misconfiguration and mismanagement.
Following attacks are possible in misconfigured environment,
i) MITM attack against Virtualization Admin.
It is possible if virtualization admin in organization lives in same broadcast domain as other users. Not careful about SSL Certificate implementation in VM. Main problem in VM is VM CLI Tools do NOT warn about invalid certificates. Which makes MITM easier (example: vCLI, VIMA, VMWare Perl SDK).
ii) Web Attack against Virtualization admin.
It is possible if admin uses same workstation to browse web which they use to administrate virtual environment. It is possible through phishing and other good old web attack techniques.
8.2) Dormant VM
8.3) Resource Contention
Resource contention can be problem with AV Full system scan on Virtual Environment as existing AV Solutions are not VM Aware. Simulation full AV Scans on the same host causes severe performance degradation. In Physical Environment all machines have independent hardware resource to distribute the load but in Virtual Environment resource are shared across multiple machines thus making it serious problem.
8.4) VM Sprawl
It is very easy to create virtual environment and most of the system administrators are following the VM Technology for ease of use. But by doing VM Sprawl they are compromising security as Security weaknesses replicate quickly in VM and there is lack of visibility into, or integration with, virtualization console increases management complexity.
8.5) Inter-VM Traffic
The major problem in Inter-VM Traffic, The network IDS/IPS cannot see the Inter-VM Traffic, It is invisible for network IDS/IPS. Because the VM operates the traffic in its own little network and not allowing it to come to Network IDS/IPS
8.6) VM Mobility / vMotion
When one VM Machine moves from one ESX Server to another Server on live environment It can cause an issue as the current solutions are not capable of handling the new location and auto configure Themselves to move the data or traffic through respective VM’s. Live migration capability is major issue.
8.7) Malware / Rootkits
Virtualization environment is prone to various malware and root kits attacks which are specially developed for it. One example is Operation Blue Pill by Joanna Rutkowska. This Root kit has Common HVM layer architecture to support SVM and VT-x, On the fly loading and unloading, Support for nested hypervisors on AMD NBP inside NBP inside NBP, Virtual PC inside NBP, etc...
9) Virtualization Security Assessment Tool
9.1) VASTO Virtualization Assessment Toolkit
The framework consists of tools, libraries, modules, and user interfaces. The basic function of the framework is a module launcher, allowing the user to configure an exploit module and launch it at a target system. If the exploit succeeds, the payload is executed on the target and the user is provided with a shell to interact with the payload. Hundreds of exploits and dozens of payload options are available.
There are a number of open source modules that perform a number of different attacks from hijacking a connection to the virtual infrastructures web-based management consoles against VMware VI/vSphere, Server 1.x, Converter and even Citrix XenCenter to password bruteforcing against VMware and Xen platforms, up to a path traversal attack against VMware ESX, ESXi and Server web interfaces. VASTO even includes an attack against VMware Studio.
9.2) VMInformer Assessment Toolkit
10)Best Practices for Virtualization
I. Hypervisor security
The hypervisor is a piece of software, in many cases, unless integrated directly with the host platform (see the next section). The major virtualization vendors release patches for their products like any other software providers, and the key to mitigating the risk of hypervisor vulnerabilities is a sound patch management process.
Examples of sound patch management practices include maintaining the latest service packs for both guests and hosts, alleviating any unnecessary applications that have a history of vulnerabilities, and applying the latest security rollup patches if and when they are supplied by the virtual software vendor.
II. Host/Platform Security
The host platform, which connects the VMM and virtual guests to the physical network, can vary widely in the type of configuration options available. This is largely dependent on system architecture; for example, VMware’s ESX Server platform has a number of similarities to Red Hat Linux. Given that many of these systems are able to be hardened considerably, a number of “best practice” configuration guidelines can be applied, including setting file permissions, controlling users and groups, and setting up logging and time synchronization. There are many freely available configuration guides from the virtualization platform vendors, the Center for Internet Security (CIS), NSA, and DISA.
III. Securing Communications
Securing communications between the host system and desktops or a management infrastructure component such as VMware’s vCenter is essential in order to prevent eavesdropping, data leakage, and Man-in-the-Middle attacks. Most of the well-known platforms today support SSH, SSL and IPSec for any communications that are required, and one or more of these should be enabled.
IV. Security between guests
One of the biggest security issues facing the virtualized enterprise revolves around the lack of visibility into traffic between guests. Inside a host platform is a virtual switch that each guest connects to – in essence, the host’s physical NICs are abstracted into a switching fabric. In many organizations, network monitoring and intrusion detection solutions have long been established to gain visibility and security alerting on critical network segments. With the advent of the virtual switch, all inter-VM traffic on a host is contained entirely within the host’s virtual switching components, so visibility and security is severely compromised. Fortunately, most enterprise-class virtualization solutions have traditional Layer-2 switching controls built in, so it’s possible to create Mirror ports on the virtual switch to monitor traffic.
V. Security between host/guests
it is required to Avoid “VM Escape”, where malicious code could “break out” of the VM Guest and execute on the underlying Host. The safest method for protecting against VM escape and other attacks that relate to guest-host interaction is to turn off services you don’t need.
11) Products for Virtual Environment,
11.1)VMSafe API By VMWare
11.2)Cisco Nexus 1000V Virtual Switches
11.3)Backup Storage and Protection for Virtualized Environment
NetApp BEX – Using Data Deduplication
11.4)Open vSwitch – Citrix
11.5)VMWare vNetwork Distributed Switch Architecture
11.6)Citrix XenServer 5.6 – Free & Open source Hypervisor
11.7) EMC Ionix ControlCenter
11.8) EMC Rainfinity File Virtualization Appliance
Posts
No comments:
Post a Comment