Presentation is loading. Please wait.

Presentation is loading. Please wait.

VMware Security Architecture and Best Practices Rob Randell, CISSP Senior Security Specialist SE.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "VMware Security Architecture and Best Practices Rob Randell, CISSP Senior Security Specialist SE."— Presentation transcript:

1 VMware Security Architecture and Best Practices Rob Randell, CISSP Senior Security Specialist SE

2 Agenda  Virtualization Specific Security Issues Security Concepts in Virtualization Architecture Operational Security Issues with Virtualization  VMware Security Architecture Isolation and Containment Secure Management  Security Best Practices Primary Issues that Affect Virtualization Security Secure Design Secure Deployment Secure Operations

3 Security Concepts in Architecture  Extended computing stack New privileged layers (Hypervisor) exist underneath the operating system  Guest isolation One guest VM cannot access or even address the “hardware resources” of another guest VM or the host/hypervisor  Host visibility Difficult to see from the guest whether someone is monitoring from host or host even exists  Virtualized interfaces Physical connectivity between guests is recreated, e.g. IP network, file shares, may be more or less like true physical counterparts  Management interfaces The protection of mgmt interfaces (Console OS, VirtualCenter, etc…) very important  Greater co-location of data and assets on one box Potential single point of failure for not just availability, but also integrity/confidentiality Host access gives you “keys to the kingdom”

4 Operational Security Issues  Most security issues arise not from the virtualization infrastructure itself but from operational issues Adapting existing security processes and solutions to work in the virtualized environment Most security solutions don’t care whether a machine is physical or virtual The datacenter and its workloads just became a much more dynamic and flexible place The risk of misconfiguration requires use of best practices specific to virtualization

5 VMware Security Architecture

6 Hardware VM VMM ESX Server Service Console VMX Device Drivers I/O Stack SDK / VirtualCenter Agent Device Drivers VMkernel Hardware Interface Third- Party Agents Storage StackNetwork Stack Distributed Virtual Machine File System Virtual NIC and Switch Resource Management CPU Scheduling Memory Scheduling Storage Bandwidth Network Bandwidth VM VMware ESX Server Architecture  VMkernel designed for Hypervisor-based virtualization  VMkernel dedicated to run VMs only  No public interface to VMkernel  Device drivers qualified in-house as an integral part of the system

7 VM Isolation Design Privileged instructions within a VM are “de- privileged” and run within an isolated virtual memory space VMs have no direct access to hardware, only have visibility to virtual devices VMs can only communicate with each other through Virtual Switches Resource reservations and limits guarantees performance isolation OS and applications within a VM run as is with no modification (hence no recertification required) VMM Production Use Proof Points Passed security audit and put into production by the largest Financial Institutions Passed Defense and Security Agencies scrutiny and audit (NetTop and HAP) Large number of customers run mission critical and transaction processing applications CC EAL 2 certification (for ESX 2.5) CC EAL 4+ certification (for VI 3.0) expected in Q1 2008

8 Memory Management Memory Partitioning for VMs Each VM sees its own zero-based physical address space. ESX abstracts physical memory by adding a layer of memory address translation. Memory isolation is imposed by segmentation and paging in x86 (hardware enforced). Physical memory is zeroed out when allocated to a VM. No inter-VM memory leaks Transparent Page sharing – Copy on Write

9 Virtual Network Design Principles Port Groups Port groups are user named objects which contain configuration information to provide consistent network access for virtual NICs: vSwich Name VLAN ID(s) and tagging/filtering policy Layer 2 Security Options NOT VLAN Groups Virtual ports ignore any requests from the virtual NIC which would violate the L2 security policy Virtualization protects against specific types of network attacks Double-Encapsulation Attacks Spanning Tree Attacks Random Frame Attacks MAC Flooding Attacks 802.1g and ISL Tagging Attacks Multicast Brute-Force Attacks Virtual Switch Isolation vSwitches do not learn from the network. Independent forwarding tables for each vSwitch vSwitches makes private copy frame data used to make forwarding or filtering decisions No trust in user-accessible data No Spanning Tree support

10 Virtual Storage Isolation  VMs have no knowledge or understanding of SANs  Each VM is able to see only the virtual disks that are presented to it on its virtual SCSI adapters.  The VMware VMFS file system coordinates hosts in the cluster  File Locks are stored on the disk as part of the volume metadata Storage A.vmdk

11 Secure Management VirtualCenter: primary management tool Encrypted communication Integration with global security framework, e.g. Authentication via Active Directory Detailed auditing Extensive roles system for fine-grained separation-of-duties Operational Best Practices for maximum security, e.g. Dedicated management network Lock-down of Administrator access

12 Unmatched security and reliability: Compact 32MB footprint OS independence means minimal interfaces and a small attack profile Embedded in hardware --- reduces risk of tampering Unstructured Service Console management replaced by controlled API-based management ESX Server 3i: The next step in Virtualization Security

13 Security Best Practices

14 Primary issues that affect Virtualization Security 1.Control of administrative access 2.Risk of improper configuration 3.Lack of Virtual Network Visibility 4.Management of ever-growing environment

15 Primary issues that affect Virtualization Security  Control of administrative access Issue: Administrative interfaces become avenues of attack Mitigation: Follow Best Practices for Secure Design Secure Deployment Secure Operations Issue: Great amount of power in single administration console Mitigation Follow Best Practices for Secure Operations

16 Primary issues that affect Virtualization Security  Risk of improper configuration Issue: VMs placed on incorrect virtual network can break security Mitigation: Follow Best Practices for Secure Design Secure Deployment Secure Operations

17 Primary issues that affect Virtualization Security  Lack of Virtual Network Visibility Issue: Inter-VM traffic within one host not visible to Network- based IDS/IPS Mitigation: Forward all traffic to outside system for inspection using a special Promiscuous-mode forwarding VM Utilize 3 rd party NIPS/NIDS tools which run in VMs and sit directly on Virtual Switch

18 Primary issues that affect Virtualization Security  Management of ever-growing environment Issue: Security of offline VMs can go out of date Mitigation: Follow Best Practices for Secure Deployment Utilize 3 rd party tools for network-based IDS/IPS (Future) utilize tools for patching of offline VMs Issue: Difficult to keep track of virtual machine provenance and configuration Mitigation: Follow Best Practices for Secure Deployment Utilize 3 rd party tools for VM lifecycle management

19 Best Practices: Secure Design  Separate and Isolate Management Networks 1. Service Console 2. Vmkernel: Vmotion and NFS & iSCSI datastores  Plan for VM mobility: 3 options 1. Partition trust zones 2. Combine trust zones using virtual network segmentation and virtual network management best practices 3. Combine trust zones using portable VM protection with 3 rd -party tools (Blue Lane, etc)

20 Best Practices: Secure Deployment  Harden VMware Infrastructure 3 according to guidelines 1. VMware-provided 2. 3 rd -party: STIG (draft), CIS (draft), Xtravirt Security Risk Assessment template, etc.  Always secure virtual machines like you would physical servers 1. Anti-virus 2. Patching 3. Host-based intrusion detection/prevention  Use Templates and Cloning to enforce conformity of virtual machines

21 Best Practices: Secure Operations  Strictly control administrative access 1. Favor controlled management interfaces (VI Client, Web Access) over unstructured interfaces (Service Console) 2. Avoid VI Console access except when absolutely necessary; favor OS-based access to VM (RDP, ssh, etc). 3. Use roles-based access control to limit administrative capabilities and enforce separation of duties, and never use anonymous accounts (e.g. “Administrator”) 4. Allow powerful access only to small, privileged group; implement break-glass policy for top level administrative account

22 Best Practices: Secure Networking  Restrict access to privileged networks 1. Closely restrict administrative access on any host with privileged network 2. For less privileged users, only allow template-based provisioning on those hosts  Guard against misconfiguration 1. Clearly label sensitive virtual networks 2. Generate audit reports that flag suspicious configurations 3. Routinely inspect event and task logs

23 Best Practices References Detailed Prescriptive Guidance Security Design of the VMware Infrastructure 3 Architecture (http://www.vmware.com/resources/techresources/727)http://www.vmware.com/resources/techresources/727 VMware Infrastructure 3 Security Hardening (http://www.vmware.com/vmtn/resources/726)http://www.vmware.com/vmtn/resources/726 Managing VMware VirtualCenter Roles and Permissions (http://www.vmware.com/resources/techresources/826)http://www.vmware.com/resources/techresources/826 STIG (Secure Technology Implementation Guide) draft (http://iase.disa.mil/stigs/draft-stigs/index.html)http://iase.disa.mil/stigs/draft-stigs/index.html CIS (Center for Internet Security) Benchmark (http://www.cisecurity.org/bench_vm.html)http://www.cisecurity.org/bench_vm.html Xtravirt Virtualization Security Risk Assessment (http://www.xtravirt.com/index.php?option=com_remository&Itemid=75& func=fileinfo&id=15)http://www.xtravirt.com/index.php?option=com_remository&Itemid=75& func=fileinfo&id=15

24 Questions? Rob Randell, CISSP Senior Systems Engineer - Security Specialist

Download ppt "VMware Security Architecture and Best Practices Rob Randell, CISSP Senior Security Specialist SE."

Similar presentations

Topics Networking Concepts Storage Concepts Presentation by Anand Mewalal Vmware VI3 Concepts On networking and Storage.

Topics Networking Concepts Storage Concepts Presentation by Anand Mewalal Vmware VI3 Concepts On networking and Storage.
Capacity Planning in a Virtual Environment

Capacity Planning in a Virtual Environment
Virtual Machine Technology Dr. Gregor von Laszewski Dr. Lizhe Wang.

Virtual Machine Technology Dr. Gregor von Laszewski Dr. Lizhe Wang.
The System Center Family Microsoft. Mobile Device Manager 2008.

The System Center Family Microsoft. Mobile Device Manager 2008.
Architecting and Building a Secure and Compliant Virtual Infrastructure and Private Cloud Rob Randell, CISSP, CCSK Principal Systems Engineer – Security.

Architecting and Building a Secure and Compliant Virtual Infrastructure and Private Cloud Rob Randell, CISSP, CCSK Principal Systems Engineer – Security.
5-Network Defenses Dr. John P. Abraham Professor UTPA.

5-Network Defenses Dr. John P. Abraham Professor UTPA.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
Xen , Linux Vserver , Planet Lab

Xen , Linux Vserver , Planet Lab
Introduction to Virtualization

Introduction to Virtualization
Virtual techdays INDIA │ 9-11 February 2011 Cross Hypervisor Management Using SCVMM 2008 R2 Vikas Madan │ Partner Consultant II, Microsoft Corporation.

Virtual techdays INDIA │ 9-11 February 2011 Cross Hypervisor Management Using SCVMM 2008 R2 Vikas Madan │ Partner Consultant II, Microsoft Corporation.
BETA!BETA! Building a secure private cloud on Microsoft technologies Private cloud security concerns Security & compliance in a Microsoft private cloud.

BETA!BETA! Building a secure private cloud on Microsoft technologies Private cloud security concerns Security & compliance in a Microsoft private cloud.
Lesson 9: Creating and Configuring Virtual Networks

Lesson 9: Creating and Configuring Virtual Networks
Virtual Machine approach to Security Gautam Prasad and Sudeep Pradhan 10/05/2010 CS 239 UCLA.

Virtual Machine approach to Security Gautam Prasad and Sudeep Pradhan 10/05/2010 CS 239 UCLA.
Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.

Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.
Agenda Who needs an Architect? Cloud and Security Key Security Differences in Private Cloud Cloud Security Challenges Secondary to Essential Characteristics.

Agenda Who needs an Architect? Cloud and Security Key Security Differences in Private Cloud Cloud Security Challenges Secondary to Essential Characteristics.
Virtualization for Cloud Computing

Virtualization for Cloud Computing
Secure Network Design: Designing a Secure Local Area Network IT352 | Network Security |Najwa AlGhamdi1 Case Study

Secure Network Design: Designing a Secure Local Area Network IT352 | Network Security |Najwa AlGhamdi1 Case Study
Virtualization Infrastructure Administration Cluster Jakub Yaghob.

Virtualization Infrastructure Administration Cluster Jakub Yaghob.
Virtual Machine Security Summer 2013 Presented by: Rostislav Pogrebinsky.

Virtual Machine Security Summer 2013 Presented by: Rostislav Pogrebinsky.
Microsoft Virtual Academy Module 4 Creating and Configuring Virtual Machine Networks.

Microsoft Virtual Academy Module 4 Creating and Configuring Virtual Machine Networks.

Similar presentations

Ads by Google