Real Security for Server Virtualization Rajiv Motwani 2 nd October 2010.

Slides:

Advertisements

Similar presentations

Ljubomir Ivaniš CPU d.o.o.

Advertisements

Virtualisation From the Bottom Up From storage to application.

The System Center Family Microsoft. Mobile Device Manager 2008.

Profit from the cloud TM Parallels Dynamic Infrastructure AndOpenStack.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

Cybersecurity Training in a Virtual Environment By Chinedum Irrechukwu.

Computer Security: Principles and Practice

1 Storage Today Victor Hatridge – CIO Nashville Electric Service (615)

Virtual Machine Security Design of Secure Operating Systems Summer 2012 Presented By: Musaad Alzahrani.

-How To leverage Virtual Desktop for Manageability & Security -Desktop Computing “as a service” Andreas Tsangaris CTO, PERFORMANCE

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Patching MIT SUS Services IS&T Network Infrastructure Services Team.

Virtual Machine Security Summer 2013 Presented by: Rostislav Pogrebinsky.

© 2010 VMware Inc. All rights reserved VMware ESX and ESXi Module 3.

5205 – IT Service Delivery and Support

Patch Management Module 13. Module You Are Here VMware vSphere 4.1: Install, Configure, Manage – Revision A Operations vSphere Environment Introduction.

VMware vSphere 4 Introduction. Agenda VMware vSphere Virtualization Technology vMotion Storage vMotion Snapshot High Availability DRS Resource Pools Monitoring.

Presented by : Ran Koretzki. Basic Introduction What are VM’s ? What is migration ? What is Live migration ?

Module 8: Designing Active Directory Disaster Recovery in Windows Server 2008.

©2012 Check Point Software Technologies Ltd. | [Confidential] For Check Point users and approved third parties Building Your Security Strategy with 3D.

Data Center Network Redesign using SDN

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.

Virtualization Lab 3 – Virtualization Fall 2012 CSCI 6303 Principles of I.T.

© 2010 VMware Inc. All rights reserved Patch Management Module 13.

SAIGONTECH COPPERATIVE EDUCATION NETWORKING Spring 2010 Seminar #1 VIRTUALIZATION EVERYWHERE.

SAIGONTECH COPPERATIVE EDUCATION NETWORKING Spring 2009 Seminar #1 VIRTUALIZATION EVERYWHERE.

Virtualization. Virtualization  In computing, virtualization is a broad term that refers to the abstraction of computer resources  It is "a technique.

Copyright © 2011 EMC Corporation. All Rights Reserved. MODULE – 6 VIRTUALIZED DATA CENTER – DESKTOP AND APPLICATION 1.

Chapter 6 of the Executive Guide manual Technology.

What is Driving the Virtual Desktop? VMware View 4: Built for Desktops VMware View 4: Deployment References…Q&A Agenda.

Virtual Machine Security Systems Presented by Long Song 08/01/2013 Xin Zhao, Kevin Borders, Atul Prakash.

A Brief Intro to Virtualiztion. What is Virtualization? An abstraction Usually performed via software Many different types –Hardware –Software –Data –Network.

INTRODUCTION TO VIRTUALIZATION KRISTEN WILLIAMS MOSES IKE.

Unit 6b System Security Procedures and Standards Component 8 Installation and Maintenance of Health IT Systems This material was developed by Duke University,

Chapter 12 Operating System Security Strategies The 2010 Australian Signals Directorate (ASD) lists the “Top 35 Mitigation Strategies” Over 85% of.

Neil Sanderson 24 October, Early days for virtualisation Virtualization Adoption x86 servers used for virtualization Virtualization adoption.

Presented by: Reem Alshahrani. Outlines What is Virtualization Virtual environment components Advantages Security Challenges in virtualized environments.

Module 14: Securing Windows Server Overview Introduction to Securing Servers Implementing Core Server Security Hardening Servers Microsoft Baseline.

Case for Server Virtualization. Content Why virtualize? Business value of virtualization Virtualization technologies & Hyper-V overview Management and.

Satisfy Your Technical Curiosity Specialists Enterprise Desktop -

Topic 5a Operating System Fundamentals. What is an operating system? a computer is comprised of various types of software device drivers (storage, I/O,

Hyper-V Security TipsHyper-V Security Tips Fix the Gaps you Never Knew About Symon Thomas.

Security Vulnerabilities in A Virtual Environment

Blue Lane Technologies Best of Breed IPS April 29, 2008 Interop 2008.

Information Security In the Corporate World. About Me Graduated from Utica College with a degree in Economic Crime Investigation (ECI) in Spring 2005.

Cloud Computing Lecture 5-6 Muhammad Ahmad Jan.

“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.

Virtualization Vitalis Konopelec Technology Solution Professional Microsoft Slovakia s.r.o.

Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,

VMware Mirage Desktop Deployment and Case Studies.

Securing a Host Computer BY STEPHEN GOSNER. Definition of a Host  Host  In networking, a host is any device that has an IP address.  Hosts include.

© ExplorNet’s Centers for Quality Teaching and Learning 1 Explain the purpose of Microsoft virtualization. Objective Course Weight 2%

Chapter 12 Operating System Security. Possible for a system to be compromised during the installation process before it can install the latest patches.

Unit 2 VIRTUALISATION. Unit 2 - Syllabus Basics of Virtualization Types of Virtualization Implementation Levels of Virtualization Virtualization Structures.

A Measured Approach to Virtualization Don Mendonsa Lawrence Livermore National Laboratory NLIT 2008 by LLNL-PRES

© 2010 VMware Inc. All rights reserved Why Virtualize? Beng-Hong Lim, VMware, Inc.

Chapter 6: Securing the Cloud

Working at a Small-to-Medium Business or ISP – Chapter 8

A Brief Intro to Virtualiztion

A Brief Intro to Virtualiztion

1. 2 VIRTUAL MACHINES By: Satya Prasanna Mallick Reg.No

Determined Human Adversaries: Mitigations

Chapter 2. Malware Analysis in VMs

Virtualization Layer Virtual Hardware Virtual Networking

HC Hyper-V Module GUI Portal VPS Templates Web Console

Determined Human Adversaries: Mitigations

Presentation transcript:

Real Security for Server Virtualization Rajiv Motwani 2 nd October 2010

Introduction to server virtualization Best practices Patch Management VM Server Sprawl Third party products Agenda

Concept of virtualization has existed in various forms in computing since the early 1960s In virtualization, physical resources are abstracted and shared by multiple operating systems What is Server Virtualization?

What is a Hypervisor? A hypervisor provides an abstraction layer that allows a physical server to run one or more virtual servers, effectively decoupling the operating system and its applications from the underlying hardware.

IT flexibility/agility Predictable scaling to dynamically respond to business needs Key part of disaster recovery strategy Improve application availability Server or data center consolidation Higher utilization leads to greater consolidation Promotes greater centralization and security "Green Computing" Consume less power, cooling, and real estate Support DevTest environments Works for both IT shops and development houses Why Virtualize?

Benefits of Virtualization Consolidation Continuity Availability Automation For Desktops & Server Apps Cut server requirements by 10X and reduce IT spending by 50-70% Protect IT assets and service against disasters & outages Improve service levels and eliminate planned downtime Automate routine management tasks and deliver better IT services to users

7 Virtualization Components Virtual Storage Solutions Virtual Storage Manager Complexity hidden from OS Storage managed by a Storage Manager Resources can be added/removed at will Storage Architecture independent Hardware Xen TM Hypervisor Hardware Xen TM Hypervisor Hardware Xen TM Hypervisor Virtual Storage

8 Virtualization Components (2) Virtual LANs Segments Network into logical units Allows isolation Increased security Reduced network broadcast traffic

9 Virtualization Components (3) Application Virtualization (Execution on Server) Centralizes Application Management Application Executes on Server Application Displayed on the client Great for bandwidth constrained locations

Secure VM’s as you would secure physical machines Regularly updated Anti-virus, IPS, Firewall components are a must Regular patching Reduce attack surface Stop unnecessary services Disable unused hardware Intra-VM communication only as required. VLAN’s Separate physical adapters Standardize Use templates Best Practices Template

Limit the resources of each VM Prevent DoS attacks Restrict access to the console Access to the service console & management interface Communication between service console and management interface Root privileges Who has access? Good password policy VM Logging Log detail level (for console and each VM) DoS – limit size Best Practices (2)

Use updated versions of all virtualization software Hypervisor vulnerability in Microsoft Hyper V (blue pill) Several checks in place Separate address space for hypervisor No shared memory between guest VM’s Isolation of virtual network adapters Restrict third party code in hypervisor (Depends on vendor) Best Practices (3)

Host as well as Guest VM’s Have AV as well as IPS protection Management Interface Backup and Recovery process Encrypt all traffic between VM’s and Host VM Image files on disk Remember to secure

Difficult but necessary Patches for OS + all applications installed on the VM’s Ideally server environments should have few applications Take advantage of virtual patching Signatures deployed on VM’s Traffic scanned at hypervisor or by a virtual appliance Patches Phased manner Thoroughly tested Patch Management

Snapshots NAC Application virtualization helps Tools available from all vendors to patch OS + some third party applications Online and Offline VM’s Third party tools also available for both modes Patch Management (2)

More at risk Ensure they have Anti-virus, IPS, Firewall Next-gen security products have ability to scan these VM’s offline for Malware Vulnerabilities and exploits Once they come online, ensure they are patched first before they can do any other operation (NAC) Offline VM’s

“A large amount of virtual machines on your network without proper IT management or control” - Steven Warren - blogs.techrepublic.com Create servers at the click of a button Who can create in the production environment? Should be an IT process Admins create copies of production environment to test and stage applications. New tools are available to do this automatically. Virtual Server Sprawl

Some mitigations Policy that if a VM is unused for X days, it can be removed Annotate VM’s with an end date while creating them Scan network for new VM Server traffic Who can create VM’s? Use third party products Virtual Server Sprawl

Catbird Embotics Shavlik HyTrust Vizioncore DynamicOps.... Third Party Products

Thank You. Questions