Presentation is loading. Please wait.

Presentation is loading. Please wait.

Real Security for Server Virtualization Rajiv Motwani 2 nd October 2010.

Published byCathleen Cummings Modified over 8 years ago

Similar presentations

Presentation on theme: "Real Security for Server Virtualization Rajiv Motwani 2 nd October 2010."— Presentation transcript:

1 Real Security for Server Virtualization Rajiv Motwani 2 nd October 2010

2 Introduction to server virtualization Best practices Patch Management VM Server Sprawl Third party products Agenda

3 Concept of virtualization has existed in various forms in computing since the early 1960s In virtualization, physical resources are abstracted and shared by multiple operating systems What is Server Virtualization?

4 What is a Hypervisor? A hypervisor provides an abstraction layer that allows a physical server to run one or more virtual servers, effectively decoupling the operating system and its applications from the underlying hardware.

5 IT flexibility/agility Predictable scaling to dynamically respond to business needs Key part of disaster recovery strategy Improve application availability Server or data center consolidation Higher utilization leads to greater consolidation Promotes greater centralization and security "Green Computing" Consume less power, cooling, and real estate Support DevTest environments Works for both IT shops and development houses Why Virtualize?

6 Benefits of Virtualization Consolidation Continuity Availability Automation For Desktops & Server Apps Cut server requirements by 10X and reduce IT spending by 50-70% Protect IT assets and service against disasters & outages Improve service levels and eliminate planned downtime Automate routine management tasks and deliver better IT services to users

7 7 Virtualization Components Virtual Storage Solutions Virtual Storage Manager Complexity hidden from OS Storage managed by a Storage Manager Resources can be added/removed at will Storage Architecture independent Hardware Xen TM Hypervisor Hardware Xen TM Hypervisor Hardware Xen TM Hypervisor Virtual Storage

8 8 Virtualization Components (2) Virtual LANs Segments Network into logical units Allows isolation Increased security Reduced network broadcast traffic

9 9 Virtualization Components (3) Application Virtualization (Execution on Server) Centralizes Application Management Application Executes on Server Application Displayed on the client Great for bandwidth constrained locations

10 Secure VM’s as you would secure physical machines Regularly updated Anti-virus, IPS, Firewall components are a must Regular patching Reduce attack surface Stop unnecessary services Disable unused hardware Intra-VM communication only as required. VLAN’s Separate physical adapters Standardize Use templates Best Practices Template

11 Limit the resources of each VM Prevent DoS attacks Restrict access to the console Access to the service console & management interface Communication between service console and management interface Root privileges Who has access? Good password policy VM Logging Log detail level (for console and each VM) DoS – limit size Best Practices (2)

12 Use updated versions of all virtualization software Hypervisor vulnerability in Microsoft Hyper V (blue pill) Several checks in place Separate address space for hypervisor No shared memory between guest VM’s Isolation of virtual network adapters Restrict third party code in hypervisor (Depends on vendor) Best Practices (3)

13 Host as well as Guest VM’s Have AV as well as IPS protection Management Interface Backup and Recovery process Encrypt all traffic between VM’s and Host VM Image files on disk Remember to secure

14 Difficult but necessary Patches for OS + all applications installed on the VM’s Ideally server environments should have few applications Take advantage of virtual patching Signatures deployed on VM’s Traffic scanned at hypervisor or by a virtual appliance Patches Phased manner Thoroughly tested Patch Management

15 Snapshots NAC Application virtualization helps Tools available from all vendors to patch OS + some third party applications Online and Offline VM’s Third party tools also available for both modes Patch Management (2)

16 More at risk Ensure they have Anti-virus, IPS, Firewall Next-gen security products have ability to scan these VM’s offline for Malware Vulnerabilities and exploits Once they come online, ensure they are patched first before they can do any other operation (NAC) Offline VM’s

17 “A large amount of virtual machines on your network without proper IT management or control” - Steven Warren - blogs.techrepublic.com Create servers at the click of a button Who can create in the production environment? Should be an IT process Admins create copies of production environment to test and stage applications. New tools are available to do this automatically. Virtual Server Sprawl

18 Some mitigations Policy that if a VM is unused for X days, it can be removed Annotate VM’s with an end date while creating them Scan network for new VM Server traffic Who can create VM’s? Use third party products Virtual Server Sprawl

19 Catbird Embotics Shavlik HyTrust Vizioncore DynamicOps.... Third Party Products

20 Thank You. Questions

Download ppt "Real Security for Server Virtualization Rajiv Motwani 2 nd October 2010."

Similar presentations

Ljubomir Ivaniš CPU d.o.o.

Ljubomir Ivaniš CPU d.o.o.
Virtualisation From the Bottom Up From storage to application.

Virtualisation From the Bottom Up From storage to application.
The System Center Family Microsoft. Mobile Device Manager 2008.

The System Center Family Microsoft. Mobile Device Manager 2008.
Profit from the cloud TM Parallels Dynamic Infrastructure AndOpenStack.

Profit from the cloud TM Parallels Dynamic Infrastructure AndOpenStack.
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
Cybersecurity Training in a Virtual Environment By Chinedum Irrechukwu.

Cybersecurity Training in a Virtual Environment By Chinedum Irrechukwu.
Computer Security: Principles and Practice

Computer Security: Principles and Practice
1 Storage Today Victor Hatridge – CIO Nashville Electric Service (615) 747-3735.

1 Storage Today Victor Hatridge – CIO Nashville Electric Service (615)
Virtual Machine Security Design of Secure Operating Systems Summer 2012 Presented By: Musaad Alzahrani.

Virtual Machine Security Design of Secure Operating Systems Summer 2012 Presented By: Musaad Alzahrani.
-How To leverage Virtual Desktop for Manageability & Security -Desktop Computing “as a service” Andreas Tsangaris CTO, PERFORMANCE

-How To leverage Virtual Desktop for Manageability & Security -Desktop Computing “as a service” Andreas Tsangaris CTO, PERFORMANCE
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
Patching MIT SUS Services IS&T Network Infrastructure Services Team.

Patching MIT SUS Services IS&T Network Infrastructure Services Team.
Virtual Machine Security Summer 2013 Presented by: Rostislav Pogrebinsky.

Virtual Machine Security Summer 2013 Presented by: Rostislav Pogrebinsky.
© 2010 VMware Inc. All rights reserved VMware ESX and ESXi Module 3.

© 2010 VMware Inc. All rights reserved VMware ESX and ESXi Module 3.
5205 – IT Service Delivery and Support

5205 – IT Service Delivery and Support
Patch Management Module 13. Module 2-421 You Are Here VMware vSphere 4.1: Install, Configure, Manage – Revision A Operations vSphere Environment Introduction.

Patch Management Module 13. Module You Are Here VMware vSphere 4.1: Install, Configure, Manage – Revision A Operations vSphere Environment Introduction.
VMware vSphere 4 Introduction. Agenda VMware vSphere Virtualization Technology vMotion Storage vMotion Snapshot High Availability DRS Resource Pools Monitoring.

VMware vSphere 4 Introduction. Agenda VMware vSphere Virtualization Technology vMotion Storage vMotion Snapshot High Availability DRS Resource Pools Monitoring.
Presented by : Ran Koretzki. Basic Introduction What are VM’s ? What is migration ? What is Live migration ?

Presented by : Ran Koretzki. Basic Introduction What are VM’s ? What is migration ? What is Live migration ?
Module 8: Designing Active Directory Disaster Recovery in Windows Server 2008.

Module 8: Designing Active Directory Disaster Recovery in Windows Server 2008.
©2012 Check Point Software Technologies Ltd. | [Confidential] For Check Point users and approved third parties Building Your Security Strategy with 3D.

©2012 Check Point Software Technologies Ltd. | [Confidential] For Check Point users and approved third parties Building Your Security Strategy with 3D.

Similar presentations

Ads by Google