{"id":266,"date":"2009-06-25T15:04:20","date_gmt":"2009-06-25T20:04:20","guid":{"rendered":"http:\/\/www.webadminblog.com\/?p=266"},"modified":"2009-06-25T15:04:20","modified_gmt":"2009-06-25T20:04:20","slug":"virtualization-security-best-practices-from-a-customers-and-vendors-perspective","status":"publish","type":"post","link":"https:\/\/www.webadminblog.com\/index.php\/2009\/06\/25\/virtualization-security-best-practices-from-a-customers-and-vendors-perspective\/","title":{"rendered":"Virtualization Security Best Practices from a Customer&#8217;s and Vendor&#8217;s Perspective"},"content":{"rendered":"<p>The next session during the ISSA half-day seminar on Virtualization and Cloud Computing Security was on security best practices from a customer and vendor perspective.\u00a0 It featured Brian Engle, CIO of Temple Inland, and Rob Randell, CISSP and Senior Security Specialist at VMware, Inc.\u00a0 My notes from the presentation are below:<\/p>\n<p><span style=\"text-decoration: underline;\"><strong>Temple Inland Implementation &#8211; Stage 1<\/strong><\/span><\/p>\n<p>Overcome Hurdles<\/p>\n<ul>\n<li>Management skeptical of Windows virtualization<\/li>\n<\/ul>\n<p>Don&#8217;t Fear the Virtual World<\/p>\n<ul>\n<li>First year:\n<ul>\n<li>Built out development only environment<\/li>\n<li>Trained staff<\/li>\n<li>Developed support processes<\/li>\n<li>Showed hard dollar savings<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p><span style=\"text-decoration: underline;\"><strong>Temple Inland &#8211; Stage 2<\/strong><\/span><\/p>\n<ul>\n<li>Build QA environment<\/li>\n<li>Improve processes<\/li>\n<li>Develop rapid provisioning<\/li>\n<li>Demonstrate advanced functions\n<ul>\n<li>Vmotion<\/li>\n<li>P2V Conversions<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p><span style=\"text-decoration: underline;\"><strong>Temple Inland &#8211; Stage 3<\/strong><\/span><\/p>\n<p>First production environment<\/p>\n<p>Temple-Inland Implementation<\/p>\n<ul>\n<li>Prior to VMWare. Typical remote facility\n<ul>\n<li>Physical domain controller<\/li>\n<li>Physical application\/file server<\/li>\n<li>Physical tape drive<\/li>\n<\/ul>\n<\/li>\n<li>New architecture\n<ul>\n<li>Single VMWare server<\/li>\n<li>No tape drive<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<ul>\n<li>Desktops\n<ul>\n<li>Virtualize desktops through VMWare<\/li>\n<li>No application issues like Citrix Metaframe<\/li>\n<li>Quick deployment and repair<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p><span style=\"text-decoration: underline;\"><strong>How Virtualization Affects Datacenter Security<\/strong><\/span><\/p>\n<ul>\n<li>Abstraction and Consolidation\n<ul>\n<li>+Capital and Operational Cost Savings<\/li>\n<li>-New infrastructure layer to be secured<\/li>\n<li>-Greater impact of attack or misconfiguration<\/li>\n<\/ul>\n<\/li>\n<li>Collapse of Switches and servers into one device\n<ul>\n<li>+Flexibility<\/li>\n<li>+Cost-savings<\/li>\n<li>-Lack of virtual network visibility<\/li>\n<li>-No separation-by-default of administration<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>Temple-Inland split the teams so that there was a virtual network administration team within the server administration team.<\/p>\n<p><span style=\"text-decoration: underline;\"><strong>How Virtualization Affects Datacenter Security<\/strong><\/span><\/p>\n<ul>\n<li>Faster deployment of servers\n<ul>\n<li>+ IT responsiveness<\/li>\n<li>-Lack of adequate planning<\/li>\n<li>-Incomplete knowledge of current state of infrastructure<\/li>\n<\/ul>\n<\/li>\n<li>VM Mobility\n<ul>\n<li>+Improved Service Levels<\/li>\n<li>-Identity divorced from physical location<\/li>\n<\/ul>\n<\/li>\n<li>VM Encapsulation\n<ul>\n<li>+Ease of business continuity<\/li>\n<li>+Consistency of deployment<\/li>\n<li>+Hardware Independence<\/li>\n<li>-Outdated offline systems<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>Build anti-virus, client firewalls, etc into the offline images so that servers are up-to-date right when they are installed.<\/p>\n<p>If something happens to a system, you can&#8217;t just pull the plug anymore.\u00a0 You have to have policies and processes in place.<\/p>\n<p>With virtualization you can have a true &#8220;gold image&#8221; instead of having different images for all of the different types of hardware.<\/p>\n<p><span style=\"text-decoration: underline;\"><strong>Security Advantages of Virtualization<\/strong><\/span><\/p>\n<ul>\n<li>Allows automation of many manual error prone processes<\/li>\n<li>Cleaner and easier disaster recovery\/business continuity<\/li>\n<li>Better forensics capabilities<\/li>\n<li>Faster recovery after an attack<\/li>\n<li>Patching is safer and more effective<\/li>\n<li>Better control over desktop resources<\/li>\n<li>More cost effective security devices<\/li>\n<li>App virtualization allows de-privileging of end users<\/li>\n<li>Better lifecycle controls<\/li>\n<li>Future: Security through VM Introspection<\/li>\n<\/ul>\n<p>Gartner: &#8220;Like their physical counterparts, most security vulnerabilities will be introduced through misconfiguration&#8221;<\/p>\n<p><span style=\"text-decoration: underline;\"><strong>What Not to Worry About<\/strong><\/span><\/p>\n<ul>\n<li>Hypervisor Attacks\n<ul>\n<li>ALL theoretical, highly complex attacks<\/li>\n<li>Widely recognized by security community as being only of academic interest<\/li>\n<\/ul>\n<\/li>\n<li>Irrelevant Architectures\n<ul>\n<li>Apply only to hosted architecture (ie. Workstation) not bare-metal (ie. ESX)<\/li>\n<li>Hosted architecture generally suitable only when you can trust the guest VM<\/li>\n<\/ul>\n<\/li>\n<li>Contrived Scenarios\n<ul>\n<li>Involved exploits where best practices around hardening, lockdown, desgin, for virtualization etc not followed or<\/li>\n<li>Poor general IT infrastructure security is assumed<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p><span style=\"text-decoration: underline;\"><strong>Are there any Hypervisor Attack Vectors?<\/strong><\/span><\/p>\n<p>There are currently no known hypervisor attack vectors to date that have lead to &#8220;VM Escape&#8221;<\/p>\n<ul>\n<li>Architecture Vulnerability\n<ul>\n<li>Designed specifically with isolation in mind<\/li>\n<\/ul>\n<\/li>\n<li>Software Vulnerability &#8211; Possible like with any code written by humans\n<ul>\n<li>Mitigating Circumstances:\n<ul>\n<li>Small Code Footprint of Hypervisor (~21MB) is easier to audit<\/li>\n<li>If a software vulnerability is found, exploit difficulty will be very high\n<ul>\n<li>Purpose build for virtualization only<\/li>\n<li>Non-interactive environment<\/li>\n<li>Less code for hackers to leverage<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<li>Ultimately depends on VMWare security response and patching<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p><span style=\"text-decoration: underline;\"><strong>Concern: Virtualizing the DMZ\/Mixing Trust Zones<\/strong><\/span><\/p>\n<p>Three Primary Configurations<\/p>\n<ul>\n<li>Physical separation of trust zones<\/li>\n<li>Virtual separation of trust zones with physical security devices<\/li>\n<li>Fully collapsing all servers and security devices into a VI3 infrastructure<\/li>\n<\/ul>\n<p>Also applies to PCI requirement<\/p>\n<p><span style=\"text-decoration: underline;\"><strong>Physical Separation of Trust Zones<\/strong><\/span><\/p>\n<p>Advantages<\/p>\n<ul>\n<li>Simpler, less complex configuration<\/li>\n<li>Less change to physical environment<\/li>\n<li>Little change to separation of duties<\/li>\n<li>Less change in staff knowledge requirements<\/li>\n<li>Smaller chance of misconfiguration<\/li>\n<\/ul>\n<p>Disadvantages<\/p>\n<ul>\n<li>Lower consolidation and utilization of resources<\/li>\n<li>Higher cost<\/li>\n<\/ul>\n<p><span style=\"text-decoration: underline;\"><strong>Virtual Separation of Trust Zones with Physical Security Devices<\/strong><\/span><\/p>\n<p>Advantages<\/p>\n<ul>\n<li>Better utilization of resources<\/li>\n<li>Take full advantage of virtualization benefits<\/li>\n<li>Lower cost<\/li>\n<\/ul>\n<p>Disadvantages (can be mitigated)<\/p>\n<ul>\n<li>More complexity<\/li>\n<li>Greater chance of misconfiguration<\/li>\n<\/ul>\n<p>Getting more toward &#8220;the cloud&#8221; where web zone, app zone, and DB zone are all virtualized on the same system, but still using physical firewalls.<\/p>\n<p><span style=\"text-decoration: underline;\"><strong>Fully Collapsed Trust Zones Including Security Devices<\/strong><\/span><\/p>\n<p>Advantages<\/p>\n<ul>\n<li>Full utilization of resources, replacing physical security devices with virtual<\/li>\n<li>Lowest-cost option<\/li>\n<li>Management of entire DMZ and network from a single management workstation<\/li>\n<\/ul>\n<p>Disadvantages<\/p>\n<ul>\n<li>Greatest complexity, which in turn creates highest chance of misconfiguration<\/li>\n<li>Requirement for explicit configuration to define separation of duties to help mitigate risk of misconfiguration; also requires regualar audits of configurations<\/li>\n<li>Potential loss of certain functionality, such as VMotion (being mitigated by vendors and VMsafe)<\/li>\n<\/ul>\n<p><span style=\"text-decoration: underline;\"><strong>How do we secure our Virtual Infrastructure?<\/strong><\/span><\/p>\n<p>Use the principles of Information Security<\/p>\n<ul>\n<li>Hardening and lockdown<\/li>\n<li>Defense in depth<\/li>\n<li>Authorization, authentication, and accounting<\/li>\n<li>Separation of duties and least privileges<\/li>\n<li>Administrative controls<\/li>\n<\/ul>\n<p>Protect your management interfaces (VCenter)!\u00a0 They are the keys to the kingdom.<\/p>\n<p><span style=\"text-decoration: underline;\"><strong>Fundamental Design Principles<\/strong><\/span><\/p>\n<ul>\n<li>Isolate all management networks<\/li>\n<li>Disable all unneeded services<\/li>\n<li>Tightly regualte all administrative access<\/li>\n<\/ul>\n<p><span style=\"text-decoration: underline;\"><strong>Summary<\/strong><\/span><\/p>\n<ul>\n<li>Define requirements and ensure vendor\/product can deliver\n<ul>\n<li>Consider culture, capability, maturity, architecture and security needs<\/li>\n<\/ul>\n<\/li>\n<li>Implement under controlled conditions using a defined methodology\n<ul>\n<li>Use the opportunity to improve control deficiencies in existing physical server areas if possible<\/li>\n<li>Implement processes for review and validation of controls to prevent the introduction of weaknesses<\/li>\n<\/ul>\n<\/li>\n<li>Round corners where your control environment allows\n<ul>\n<li>Sustain sound practices that maintain required controls<\/li>\n<li>Leverage the technology to achieve efficiency and improve scale<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>The next session during the ISSA half-day seminar on Virtualization and Cloud Computing Security was on security best practices from a customer and vendor perspective.\u00a0 It featured Brian Engle, CIO of Temple Inland, and Rob Randell, CISSP and Senior Security Specialist at VMware, Inc.\u00a0 My notes from the presentation are below: Temple Inland Implementation &#8211; [&hellip;]<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[35,272],"tags":[162,285,289,280,286,288,281,163,283,282,622,292,287,290,210,623,284,291],"class_list":["post-266","post","type-post","status-publish","format-standard","hentry","category-virtualization","category-virtualization-security","tag-best","tag-brian","tag-collapsed","tag-customer","tag-engle","tag-inland","tag-perspective","tag-practices","tag-randell","tag-rob","tag-security","tag-separation","tag-temple","tag-trust","tag-vendor","tag-virtualization","tag-vmware","tag-zone"],"aioseo_notices":[],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/pfI0c-4i","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/posts\/266","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/comments?post=266"}],"version-history":[{"count":1,"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/posts\/266\/revisions"}],"predecessor-version":[{"id":267,"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/posts\/266\/revisions\/267"}],"wp:attachment":[{"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/media?parent=266"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/categories?post=266"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/tags?post=266"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}