Presentation on theme: "Virtual Machines = Real Security Ernest Staats MS Information Assurance, CISSP, MCSE, CNA, CWNA, CCNA, Security+, I-Net+, Network+,"— Presentation transcript:
Virtual Machines = Real Security Ernest Staats firstname.lastname@example.org MS Information Assurance, CISSP, MCSE, CNA, CWNA, CCNA, Security+, I-Net+, Network+, Server+, A+ Resources available @ http://www.es-es.net
Outline Virtual Machines What is VM software Three types of VM Advantages of Virtual Machines Disadvantages of VM Technology Well known supported VM software Using VM technology for securing your network Tools to help you use VM software better Top VM Software tools Notice Suggested Resources
What is VM Software? Running multiple independent virtual operating systems on a single physical computer. It is a way of maximizing physical resources to maximize the investment in hardware. It is now feasible to turn a very inexpensive 1U dual-socket dual-core commodity server into eight or even 16 virtual servers that run 16 virtual operating systems. An abstraction layer that separates the physical hardware from the operating system Makes DR and testing DR truly an option without impacting daily life for most users Turns a physical machine in to a file that can be moved from one system to another.
Three Types of VM Hardware Virtualization: –Most known technology VMWare Parallels Microsoft –Basically virtualizes hardware resources so all VMs think they have exclusive access to the hardware resources PARA- Virtualization: –Can also support multiple OS's, Linux and some Windows versions with the right CPU chips Xen has more efficient processing and lower overhead which translates into better performance.
Three Types of VM Cont. OS Virtualization: –Is a different approach Suns Solaris Containers SWsofts Virtuozzo Open Source OpenVZ. –It uses a single OS and can not support multiple types of OS's on the same server. Although you can have multiple OS's as long as they are the same as the host machine. –When you patch the host OS you also patch all the VMs at the same time.
Advantages of Virtual Machines Quicker live backup and deployment Faster recovery from bad patches or updates Faster recovery after an attack Better use of Hardware resources Can Reduce support cost.. Automatic Provisioning during system failure (Cassatt and others) Power savings Test your server configuration backup before they are needed Lab environment to test upgrades, new versions, new configurations Fix issues without worrying about crashing a production server Rapid Deployment Great for Security auditing and penetration testing Environment Test ISO images before you waste CD/DVD to make sure they work UBCD4WIN, BackTrack Monitoring your network
Disadvantages of VM Technology: Several Management Tools still lack ability to fully understand virtual machines Rapid Deployment Latency of Virtual Disk –VM ware 13% IEEE 2003 study –MS Server 28% CapitalHead.com –(OS VM technology will not have these issues as bad and SANs or I-SCSI can also reduce or eliminate this bottle neck) Dealing with sever sprawl Managing, Patching, and Securing, so many systems can become challenging Dealing with Backups of VM and their data sets Monitoring VM Specific Security issues (Blue Pill)
Well Known & Supported VM Software: Server Virtual Machines: –VM Ware Server – runs on top of windows or Linux -- Free –GSX server runs on top of Windows or Linux replaced by VM Server –ESX server starting at 1000 & UP installed on Bare metal boxes No OS –Microsoft - Virtual Server - Free Xen –Xen - Open Source Options- Free for Linux distributions only –Xen Enterprise As low as 488 a year and UP annual and perpetual subscriptions SWsoft Virtuozzo- Windows & Linux starting at $1200 –OpenVZ – Free but Linux only
Well Known & Supported VM Software Cont: PC Based options include: –VM Ware workstation –Microsoft Virtual PC –Parallels Workstation for Windows and Linux –Parallels Desktop for Macintosh
Using VM Technology to Secure the Network DR with VM: –Take server reload time from hours/days to minutes or at most couple of hours –Auto provision servers when one fails a new one can automatically be started up, have the VM loaded, and production resumes in minutes when hardware fails. Software testing and deployment of new applications: –Quickly setup a test lab environment –Train users without disrupting production systems –Load code on systems that mimic true production environment to user interoperability. –Test patches without interruption of production systems Penetration Testing –VM workstation - Penetration testing, system auditing, and file recovery with UBCD4Win and Remote exploit
Network Auditing & Pen Test: Using VM to load security tools Using VM to load hacking tools that might disrupt your system Browse hacking/security sites without compromising a network PC –Truly anonymous surfing test security software on a sacrificial VM file Use a VM machine that runs as a server in the background to constantly audit your system.
Managing Network Resources Management and Policy Control Software: –SWsofts Ability to manage several servers from one interface and to have one host system which when patched means all other systems on that host OS is also patched –Automatically bringing more severs online when loads reach a set threshold –Lessen the exposure factor if your organization only has a few key servers by being able to bring a VM of them up if they should fail your network is not taken offline for prolonged periods of time –Cassatt –Virtual Iron Load balancing and Auto provisioning DR –Xen Enterprise has some tools –VMware also has some tools –MS Windows Server 2003 Automated Deployment
Helpful VM Tools: P2V Physical to Virtual –PlateSpin –VMware –Leostream HelperApps –Xen Enterpise –MS Virtual Server Migration Toolkit - MS Virtual Server P2V Migration Toolkit (free-- great way to backup servers) Ultimate-P2V Article on how to cheaply move from P2V –http://www.rtfm-ed.co.uk/?page_id=174http://www.rtfm-ed.co.uk/?page_id=174 V2P Virtual to Physical great for deploying a standard image across different hardware –PlateSpin –VMware Plate Spin Recon to determine current server utilization and automatic load balancing or provisioning
Helpful VM Tools Cont: Management and control software: –Cassatt –Virtual Iron Load balancing and Auto provisioning DR –Policy Based VM software Backup software –Never Fail http://www.neverfailgroup.comhttp://www.neverfailgroup.com –ESX Ranger http://www.visioncore.comhttp://www.visioncore.com –Install backup agent on VM ware –Use MS windows backup inside of VM environment –Use VM wares pearl scripts to backup VM images live Parallels Compressor Server: –Speed up VM Machines by compressing them http://www.parallels.com/en/products/compressor/server/
MS Virtual Server Tools Virtual Server 2005 Migration Toolkit –http://www.microsoft.com/windowsserversystem/virtualserver/e valuation/vsmt.mspxhttp://www.microsoft.com/windowsserversystem/virtualserver/e valuation/vsmt.mspx Windows Server 2003 Automated Deployment Services –http://www.microsoft.com/windowsserver2003/technologie s/management/ads/default.mspxhttp://www.microsoft.com/windowsserver2003/technologie s/management/ads/default.mspx Microsoft Virtual Server 2005 Management Pack –http://www.microsoft.com/downloads/details.aspx?familyid=BF 21F798-9B10-40DC-BCDD-4A8358CCE94D&displaylang=enhttp://www.microsoft.com/downloads/details.aspx?familyid=BF 21F798-9B10-40DC-BCDD-4A8358CCE94D&displaylang=en Virtual PC vs. Virtual Server: Comparison of Features and Uses –http://www.microsoft.com/downloads/details.aspx?FamilyID=8 ed0a6cb-0f24-408e-af8f-51edf508d361&DisplayLang=enhttp://www.microsoft.com/downloads/details.aspx?FamilyID=8 ed0a6cb-0f24-408e-af8f-51edf508d361&DisplayLang=en
Avoid All Your Eggs in One Basket" Common Server Types: –HTTP –FTP –DNS –DHCP –RADIUS –LDAP –File Services using Fiber Channel or iSCSI storage –Active Directory services Have spare bare metal ready to go or better yet do load balancing to increase response time and have a failover backup in place
Citrix, ORACLE, Business Objects, IBM, bea, SAP IBM, BMC Software, Altiris, HP, CA, Symantec, OPSWARE Inc. Redhat, SUSE, Microsoft, Sun, Novell Intel, AMD Cisco Systems, Check Point QLogic, Emulex, intel, broadcam EMC 2, IBM, HP, Net APP Comprehensive Technology Partner Ecosystem Applications Management Operating System CPU I/O Subsystem Networking Storage
Disclaimer This presentation only covered the more common VM options there are many more options including Virtual appliances which would be a totally different presentation. VMware, for example, in June introduced VMware Infrastructure 3, which heightens the focus on management and high availability to enable customers to group virtual resources into a pool that can be allocated according to application demands
Suggested Resources: Step by Step Power Points for deploying VM –Put together by one of my Helpdesk Crew At GCA he is a Junior at GCA –Step-by-Step Creating a VM Server Virtual server http://www.es-es.net/http://www.es-es.net/ –Step-by-Step Creating a Microsoft Virtual Server http://www.es-es.net/http://www.es-es.net/ –Step-by-Step Creating a Open Source Xen Virtual Server http://www.es- es.net/http://www.es- es.net/ Overview Video for Xen Enterprise http://www.xensource.com/download/#http://www.xensource.com/download/# The two best General articles I have read about installing VM technology –Installing Virtual Server 2005 -- Microsoft Virtual Server from the ground up http://searchservervirtualization.techtarget.com/tip/0,289483,sid94_gci1219809,00. html?bucket=ETA&topic=303910http://searchservervirtualization.techtarget.com/tip/0,289483,sid94_gci1219809,00. html?bucket=ETA&topic=303910 –How VMware Server works -- Getting started with VMware on Windows http://searchservervirtualization.techtarget.com/tip/0,289483,sid94_gci1226945,00. htmlhttp://searchservervirtualization.techtarget.com/tip/0,289483,sid94_gci1226945,00. html Cassatt Whitepaper Iron Geek. Com great step by Step videos for security/Hacking Demos he demonstrates how to leverage VM technology for penetration testing and network auditing.
More Reading Links SWSOFT Virtuozzo Top Ten Considerations –For Choosing a Server Virtualization Technology http://searchservervirtualization.bitpipe.com/detail/RES/1126614813_718. html?asrc=SS_BSS_HOME Virtuozzo-Wikipedia.org –http://en.wikipedia.org/wiki/Virtuozzo Virtuozzo commands virtual server stage –http://www.infoworld.com/article/06/04/21/77439_17TCvirtu_1.html Virtuozzo White Papers –http://www.swsoft.com/en/products/virtuozzo/lib/request/wp/ –http://www.swsoft.com/r/pdfs/Datasheets/vz_enterprise.pdf The Hidden Costs of Virtualization –http://searchwinit.techtarget.com/columnItem/0,294698,sid1_gci1219 939,00.html –http://searchservervirtualization.techtarget.com/columnItem/0,294698, sid94_gci1217705,00.html Ultimate-P2V Article on how to cheaply move from P2V –http://www.rtfm-ed.co.uk/?page_id=174http://www.rtfm-ed.co.uk/?page_id=174