390 likes | 406 Views
Learn about virtualization and its impact on security architecture, including boundaries and best practices to protect your virtual infrastructure.
E N D
What Is Virtualization? “Virtualization is a framework or methodology of dividing the resources of a computer into multiple execution environments, by applying one or more concepts or technologies such as hardware and software partitioning, time-sharing, partial or complete machine simulation, emulation, quality of service, and many others.” http://www.kernelthread.com/publications/virtualization/
What Is Virtualization? “Virtualization is a framework or methodology of dividing the resources of a computer into multiple execution environments, by applying one or more concepts or technologies such as hardware and software partitioning, time-sharing, partial or complete machine simulation, emulation, quality of service, and many others.” http://www.kernelthread.com/publications/virtualization/ Abstraction of OS from HARDWARE
Virtualization Is Important Specifics vary by organization but there are always opportunities that can't be ignored
Virtualization Affects Architecture Changes how security boundaries are enforced
Security Boundaries? You do... Classify data and systems Partition data and systems of different classifications Right? http://www.flickr.com/photos/benimoto/2913950616/
OS-Enforced Boundaries User accounts File-system permissions
Drawing The Line No right answer, it depends on what boundaries you trust your virtual infrastructure to enforce One wrong answer is to abandon defense in depth and rely solely on virtual boundaries Your answer must balance risk and opportunity in a way that is right for your organization
Beyond VMWare: A Taxonomy Hardware Partitioning Expensive, no x86 hardware Isolation tightly coupled to hardware capabilities Inflexible, often static resource assignment Examples: IBM LPARS, Sun Dynamic System Domains High-strength guest isolation
Beyond VMWare: A Taxonomy Software Partitioning Inexpensive, available on x86 Isolation provided by software VMM Flexible and dynamic resource sharing Examples: VMWare, Xen, KVM Medium-strength guest isolation
Beyond VMWare: A Taxonomy Single-Kernel Partitioning Inexpensive, available on x86 Isolation provided by single shared kernel Automatic resource sharing Examples: Chroot jails, BSD jails, Sun Zones/Containers Low-strength guest isolation
Attacking Virtualized Environments Jailbreaks and Escapes Only possible in virtualized environments Exploit device virtualization code or legitimate communication infrastructure (like VMWare tools) Success results in ability to execute code on the host, or to read/write memory which is not allocated to the guest
Attacking Virtualized Environments Jailbreaks and Escapes Tavis Ormandy performed fuzzing of I/O devices and program instruction streams, found crash bugs in every virtualization platform tested Escape vulnerability for ESX announced on 4/10/2009 in CVE-2009-1244, Immunity weaponized it for Workstation
Attacking Virtualized Environments Migration Attacks Only possible in virtualized environments Exploit weak or missing confidentiality and integrity controls on guest migration facilities Success results in compromise of guest being migrated or disclosure of information
Attacking Virtualized Environments Migration Attacks Xensploit can trojan guests in transit during VMWare and Xen live migrations, developed at University of Michigan Successfully stripped requirement for authentiction from a live sshd process
Attacking Virtualized Environments Client Side Attacks Not unique in virtualized environments Exploit common desktop software like browsers, plugins, media players, etc Success results in ability to execute code on the workstation, payloads leveraging Virtual Infrastructure Client or API could have a very large scope
Attacking Virtualized Environments Network Service Attacks Not unique or different in virtualized environments Exploit a listening service Success typically results in ability to execute code on the guest or host running the service
Attacking Virtualized Environments Encryption Attacks Easier in virtualized environments Attackers leverage side-channel attacks, replay attacks, and key-sniffing during live-migration Success results in unauthorized decryption
Classify Classify Classify... Data according to risk of a breach of CIAA Guests according to the data they handle Hosts according to the guests that run on them Networks according to the hosts they connect Storage according to the data in houses
Harden Virtual Infrastructure VMWare Security Hardening Whitepaper Center for Internet Security ESX Server Benchmark Tripwire Configcheck
Harden Virtual Infrastructure • Remove unnecessary virtual hardware from guests • Disable copy/paste, mouse-takeover, file-sharing • Send logs to a non-virtual remote host • Reject MAC changes and forged transmissions • Do not create a “Default Port Group” • Use signed certs for Virtual Infrastructure clients
Segregate Insecure Networks Management Vmotion Storage
Watch VMSafe Out-of-band enforcement + host-awareness Has performance/capacity implications Provides... Process/Memory inspection Network traffic Inspection Storage inspection
Insecure Storage and VMotion If attacker accesses a backend network, game over Management network has improved VMotion and storage not on product roadmaps
Open Questions Enforcing boundaries within virtual infrastructure Resiliency against compromised hosts Security sensors and monitoring Changing organizational responsibilities and reduced checks and balances
Wrapping Up Not all gloomy, virtualization provides security opportunities as well ESX has had escape vulnerabilities announced, just not weaponized into exploits Insecure backend protocols make meaningful boundaries within a virtualization environment difficult or impossible
References Taxonomy http://www.softpanorama.org/VM/index.shtml Attacks http://searchsecurity.bitpipe.com/detail/RES/1213273947_134.html www.eecs.umich.edu/techreports/cse/2007/CSE-TR-539-07.pdf http://taviso.decsystem.org/virtsec.pdf Hardening http://www.vmware.com/security/resources/configcheck.html http://www.cisecurity.org/bench_vm.html iase.disa.mil/stigs/draft-stigs/Virtual-Computing-STIG-V1R01.doc More Info http://download3.vmware.com/vmworld/2005/sln138.pdf