Contenu connexe
Similaire à Security Challenges in the Virtualized World IBM Virtual Server Protection for VMware (20)
Plus de Digicomp Academy AG (20)
Security Challenges in the Virtualized World IBM Virtual Server Protection for VMware
- 1. 1
1
0
.
0
3
. IBM Virtual Server Protection
2
0
1
1
Security Challenges in the Virtualized World
IBM Virtual Server Protection for VMware
Peter Rossi, IBM Senior Security Specialist
© 2009 IBM Corporation
- 2. Agenda
■ IBM Security Framework
■ Security Challenges in the Virtualized World
–Vulnerability examples
■ IBM Virtual Server Protection for VMware
2 10.03.2011 © 2011 IBM Corporation
- 4. IBM delivers a new approach to Security Management
IBM's approach is to strategically
IBM's approach is to strategically
manage risk end-to end across all
manage risk end-to end across all
risk areas within an organization.
risk areas within an organization.
4 10.03.2011 © 2011 IBM Corporation
- 5. IBM Security Framework
Give the right users access to the right
resources at the right time
Protect sensitive business data
Keep applications available and protected
from malicious or fraudulent use.
Optimize service availability by mitigating
risks
Provide actionable intelligence & improve
physical infrastructure security
5 10.03.2011 © 2011 IBM Corporation
- 6. IBM Tivoli Security Focus Areas
Trusting Managing Securing Protecting
Identities Access Services Data
IBM
Payroll HCR
U6
IBM
Online banking
E
Customers, partners, RC
FO
EN L IC Y
employees (known) PO
IBM is #1 in this space Loan
applications
Retail sales
Criminals, competitors,
hackers (unknown) Inventory
IBM is #1 in this space
Manage those you know.
Protect against those you don’t. COMPLIANCE IBM is #1 in this space
Prove that you’re in control.
6 10.03.2011 © 2011 IBM Corporation
- 9. Security Challenges with Virtualization: What is the Impact to
Overall Security Posture?
9 10.03.2011 © 2011 IBM Corporation
- 10. Security Challenges with Virtualization: New Risks
Traditional Threats
Traditional threats can attack
New threats to VM VMs just like real systems
environments
Virtual server sprawl
——————————
Dynamic state
——————————
Dynamic relocation
Management
Vulnerabilities
——————————
Secure storage of VMs
and the management
data Resource sharing
—————————— ——————————
Requires new Single point of failure
skill sets ——————————
—————————— Loss of visibility
Insider threat
Stealth rootkits
in hardware
MORE COMPONENTS = MORE EXPOSURE
10 10.03.2011 © 2011 IBM Corporation
- 11. The Importance of Virtualization System Security
■ Businesses are increasingly relying on virtualization technology
■ In Q4 2009, 18.2% of servers shipped were virtualized1
– 20% increase over 15.2% shipped in Q4 2008
■ Growing interest in cloud computing will fuel further demand
■ Vulnerability disclosures have grown as interest has grown
1Source: IDC
11 10.03.2011 © 2011 IBM Corporation
- 12. The Risk Imposed by Virtualization System Vulnerabilities
■ Disclosed vulnerabilities pose a significant security risk
■ 40% of all reported vulnerabilities have high severity
– Tend to be easy to exploit, provide full control over attacked system
■ Exploits have been publically disclosed for 14% of vulnerabilities
12 10.03.2011 © 2011 IBM Corporation
- 13. Vendor Disclosures Include Some Surprising Results
■ Low percentages for Oracle, IBM, and Microsoft
VMware: 80.9% RedHat: 6.9% Citrix: 5.8%
Oracle: 1.8% IBM: 1.1% Microsoft: 0.9%
13 10.03.2011 © 2011 IBM Corporation
- 14. Virtualization System Vulnerability Classes
■ Vulnerabilities can be classified by what they affect
Virtualiza o
n
Server
Guest VM Users
5
System Administrators
Virtualization System
Admin Guest Guest
VM VM VM
Hypervisor
1 Hardware
2 3 4 6
Management Console Management Server
14 10.03.2011 © 2011 IBM Corporation
- 15. Virtualization System Vulnerability Classes
■ 1. Management console vulnerabilities
–Affect the management console host
–Can provide platform or information allowing attack of management
server
–Can occur in custom consoles or web applications
■ 2. Management server vulnerabilities
–Potential to compromise virtualization system configuration
–Can provide platform from which to attack administrative VM
■ 3. Administrative VM vulnerabilities
–Compromises system configuration
–In some systems (like Xen), equivalent to a hypervisor vulnerability in
that all guest VMs may be compromised
–Can provide platform from which to attack hypervisor and guest VMs
15 10.03.2011 © 2011 IBM Corporation
- 16. Virtualization System Vulnerability Classes
■ 4. Hypervisor vulnerabilities
–Compromise all guest VMs
–Cannot be exploited from guest VMs
■ 5. Guest VM vulnerabilities
–Affect a single VM
–Can provide platform from which to attack administrative VM,
hypervisor, and other guest VMs
■ 6. Hypervisor escape vulnerabilities
–A type of hypervisor vulnerability
–Classified separately because of their importance
–Allow a guest VM user to “escape” from own VM to attack other VMs or
hypervisor
–Violate assumption of isolation of guest VMs
16 10.03.2011 © 2011 IBM Corporation
- 17. Virtualization System Vulnerability Examples
■ Management console
–CVE-2009-2277: A cross-site scripting vulnerability in a VMware web
console allows remote attackers to steal cookie-based authentication
credentials
■ Management server
–CVE-2008-4281: VMware VirtualCenter management server can allow
a local attacker to use directory traversal sequences to gain elevated
privileges
■ Administrative VM
–CVE-2008-2097: A buffer overflow in a VMWare management service
running in the administrative VM could allow remote authenticated
users to gain root privileges
17 10.03.2011 © 2011 IBM Corporation
- 18. Virtualization System Vulnerability Examples
■ Guest VM
–CVE-2009-2267: A bug in the handling of page fault exceptions in
VMware ESX Server could allow a guest VM user to gain kernel mode
execution privileges in the guest VM
■ Hypervisor
–CVE-2010-2070: By modifying the processor status register, a local
attacker can cause the Xen kernel to crash
■ Hypervisor escape
–CVE-2009-1244: An error in the virtual machine display function on
VMware ESX Server allows an attacker in a guest VM to execute
arbitrary code in the hypervisor
18 10.03.2011 © 2011 IBM Corporation
- 19. Production Virtualization System Vulnerabilities By Class
Hypervisor (1.3%)
Indeterminate
(6.3%)
Mgmt Server
(6.3%) Hypervisor
Guest VM (15.0%) escape (37.5%)
Mgmt console
(16.3%) Admin VM (17.5%)
19 10.03.2011 © 2011 IBM Corporation
- 20. Gartner’s Perspective on Secure Virtualization
“IBM has the first commercial
implementation of a rootkit
detection/prevention offering that
works from outside of the virtual
machine it is protecting...”
-Neil MacDonald, Gartner Neil MacDonald, Gartner
20 10.03.2011 © 2011 IBM Corporation
- 22. Virtualization Security Solutions
Existing solutions Threat protection Integrated virtual
certified for protection of delivered in a virtual form- environment-aware threat
virtual workloads factor protection
■ Firewall § Firewall § Firewall
■ Intrusion Prevention § Intrusion Prevention § Intrusion Prevention
■ System auditing § Virtual network segment § Virtual host protection and
■ File integrity monitoring protection/policy network policy enforcement
■ Anti-malware enforcement § Network access control
■ Security configuration Mgmt § Virtual infrastructure monitoring
22 10.03.2011 © 2011 IBM Corporation
- 23. Integrated Security
■ Non-intrusive
o No reconfiguration of the virtual network
SiteProtector
o No presence in the guest OS Management
■ Less management overhead
o One Security Virtual Machine (SVM) per
physical server Management SVM VM VM
o 1:many protection-to-VM ratio Policy
Applications Response Applications Applications
■ Automated Engines
o Privileged presence gives SVM holistic view of OS Hardened OS OS
the virtual network OS
o Protection automatically applied as VM comes Kernel Kernel Kernel Kernel
online
VMsafe
■ Lower overhead
o Eliminates redundant processing tasks
Hypervisor
■ Protection for any guest OS Hardware
23 10.03.2011 IBM Confidential © 2011 IBM Corporation
- 24. IBM Confien al
d
IBM Virtual Server Protection for VMware
Integrated threat protection for VMware vSphere 4
Helps customers to be more secure, compliant and cost-effective by delivering integrated and
optimized security for virtual data centers.
SiteProtector
Management
Benefits
■ Vulnerability-centric, protocol-aware analysis and
protection
■ Abstraction from underlying network configuration
■ Automated protection for new VMs
■ Network-level workload segmentation
■ Privileged-level protection of OS kernel structures
24 10.03.2011 © 2011 IBM Corporation
- 25. Our Protocol Analysis Module is the engine behind our products
Intrusion prevention just
got smarter with extensible
protection backed by the
power of X-Force
Client-Side Application Web Application Threat Detection &
Virtual Patch Data Security Application Control
Protection Protection Prevention
What It Does: What It Does: What It Does: What It Does: What It Does: What It Does:
Shields vulnerabilities Protects end users Protects web applications Detects and prevents Monitors and identifies Manages control of
from exploitation against attacks targeting against sophisticated entire classes of threats unencrypted personally unauthorized applications
independent of a applications used application-level attacks as opposed to a specific identifiable information and risks within defined
software patch, and everyday such as such as SQL Injection, exploit or vulnerability. (PII) and other segments of the network,
enables a responsible Microsoft Office, Adobe XSS (Cross-site confidential information such as ActiveX
patch management PDF, Multimedia files and scripting), PHP file- Why Important: for data awareness. Also fingerprinting, Peer To
process that can be Web browsers. includes, CSRF (Cross- Eliminates need of provides capability to Peer, Instant Messaging,
adhered to without fear of site request forgery). constant signature explore data flow through and tunneling.
a breach Why Important: updates. Protection the network to help
At the end of 2009, Why Important: includes the proprietary determine if any potential Why Important:
Why Important: vulnerabilities, which Expands security Shellcode Heuristics risks exist. Enforces network
At the end of affect personal capabilities to meet both (SCH) technology, which application and service
2009, 52% of all computers, represent the compliance requirements has an unbeatable track Why Important: access based on
vulnerabilities disclosed second-largest category and threat evolution. record of protecting Flexible and scalable corporate policy and
during the year had no of vulnerability against zero day customized data search governance.
vendor-supplied patches disclosures and vulnerabilities. criteria; serves as a
available to remedy the represent about a fifth of complement to data
vulnerability. all vulnerability security strategy.
disclosures.
25 10.03.2011 © 2011 IBM Corporation
- 26. IBM Confien al
d
Automated Discovery/vNAC
Features SiteProtector
■ Virtual network access Management
control (VNAC)
■ Automated discovery SVM is notified The SVM reports to
■ Virtual Infrastructure as soon as a VM SiteProtector that a new
comes online
auditing integration VM is online and initiates
a discovery scan.
Benefits
■ Rogue VM protection
■ Virtual Infrastructure
monitoring
■ Virtual network
awareness
■ Quarantine or limit
network access until VM
security posture has been
validated
SVM limits network
communications
(quarantine group)
until the VM is placed
in a non-quarantine
group
26 10.03.2011 © 2011 IBM Corporation
- 27. Security Footprint Reduction
CPU-intensive
“Lighter” agent used
processing removed
where guest OS
from the guest OS and
context is required
■ Security isolated in Security consolidated in SVM
Virtual Machine
■ Less presence in guest OS
equals:
o improved stability
o more CPU/memory available
for workloads
o decreased attack surface
■ Customer-defined thresholds
for security resource usage
■ Over time, guest OS presence
will be reduce to the absolute
minimum
27 10.03.2011 © 2011 IBM Corporation
- 28. Mobility (VMotion)
SiteProtector
Management
■ Maintain security posture Abstraction from underlying
irrespective of the physical server physical servers provides
on which the VM resides dynamic security adapted for
mobility
28 10.03.2011 © 2011 IBM Corporation
- 29. Introspection-Based Rootkit Detection
■ Threat – Malware that embeds itself in the operating system to avoid detection
■ Functionality
– Rootkit detection engine that uses memory introspection to identify modifications to key
guest OS kernel data structures (SSDT & IDT) by malware
29 10.03.2011 © 2011 IBM Corporation
- 30. Virtual Infrastructure Auditing
■ Threat – Virtual machine state change or migration that mixes trust zones
■ Functionality
– Hooks into VMware management auditing to report events interesting from a security
perspective
30 10.03.2011 © 2011 IBM Corporation
- 31. VMsafe Network Packet Inspection API
Security
Virtual
Machine
SlowPath
Agent
■ vNetwork Data Path Agent DVFilter
Library
(FastPath Agent) VM VM
– Installs as a kernel module
and directly intercepts
VMM VMM VMM
packets in the virtual
network packet stream
■ vNetwork Control Path Agent FastPath
Agent
(SlowPath Agent) FastPath
– Resides in a security virtual Agent introspection
appliance and can be used VMkernel
for further thorough
processing vswitch01
VMkernel Hardware Interface
VMX parameters for SVM: ESX Server
ethernet2.networkName = "ibm-
vmwarenetwork-appliance" Physical
Hardware
VMX parameters for VM:
ethernet0.filter0.name = "ibm-iss-vmkmod"
VM network traffic
ethernet0.filter0.onFailure = "failOpen" VMsafe introspection
31 10.03.2011 © 2011 IBM Corporation
- 32. VMsafe CPU & Memory API
Security
Virtual
■ Can inspect memory Machine
locations and CPU registers
VMsafe
■ Hypervisor Extension Library
VM VM
implemented as VMX/VMM V V
M M
modules s s
VMM a VMM a VMM
■ VMsafe API Library on SVM f f
e e
■ Capabilities
– Detect current application
state in the protected VMs
CPU
– Sense system VMkernel introspection
configuration state from the
control registers
VMX parameters for SVM: VMkernel Hardware Interface
ESX Server
ethernet1.networkName = "ibm-
vmwareintrospect-appliance"
Physical
VMX parameters for VM: Hardware
vmsafe.enable = "true"
vmsafe.agentAddress = "169.254.55.2" VM Memory/CPU calls VMsafe Vmsafe VMX/VMM extension
vmsafe.agentPort = "49999"
vmsafe.failOpen = "TRUE" VMsafe introspection
32 10.03.2011 © 2011 IBM Corporation
- 33. IBM Virtual Server Protection for VMware helps to meet compliance
best practices
1. Configuration and change management processes should
be extended to encompass the virtual infrastructure
– Automatic discovery and protection as a VM comes online
– Dashboard visibility into the virtual host OS and the virtual network
to identify vulnerabilities.
– IBM Virtual Patch® technology protects vulnerabilities on virtual servers
regardless of patch strategy
2. Maintain separate administrative access control although
server, network and security infrastructure is now consolidated
– Virtual network access control
• Quarantines or limits network access from a virtual server
until VM security posture has been confirmed
– Virtual Infrastructure auditing
3. Provide virtual machine and virtual network security segmentation
– Network-level workload isolation
4. Maintain virtual audit logging
– Virtual Infrastructure monitoring and reporting
*Source: RSA Security Brief: Security Compliance in a Virtual World http://www.rsa.com/solutions/technology/secure/wp/10393_VIRT_BRF_0809.pdf
33 10.03.2011 © 2011 IBM Corporation
- 34. IBM Virtual Server Security for VMware helps customers to be more
secure, compliant and cost-effective
Integrated threat protection for the VMware vSphere 4 platform
Helps meet regulatory
compliance mandates by
Protects and tracks
providing security and
access of critical data
reporting functionality
housed on virtual machines
customized for the virtual
infrastructure How we help
your business
Increases virtual
Created for and
server uptime and
integrated with the
availability with virtual
virtual platform
rootkit detection
Increases ROI with dynamic VM
security and discovery
34 10.03.2011 © 2011 IBM Corporation
- 35. For more information on IBM Virtualization Security Solutions
White paper Virtualizations Security Solutions Web page
(click the graphic) (click the graphic)
http://www-935.ibm.com/services/us/iss/html/virtualization-security-solutions.html
ftp://ftp.software.ibm.com/common/ssi/sa/wh/n/sew03016usen/SEW03016USEN.PDF
Links work in slide show mode.
35 10.03.2011 © 2011 IBM Corporation
- 36. Question?
Thank you!
36 10.03.2011 © 2011 IBM Corporation
- 37. Trademarks and notes
■ IBM Corporation 2010
■ IBM, the IBM logo, ibm.com, AIX, IBM Internet Security Systems, Proventia, Real Secure, SiteProtector,
X-Force and Virtual Patch are trademarks or registered trademarks of International Business Machines Corporation in the United States, other countries, or both. If
these and other IBM trademarked terms are marked on their first occurrence in this information with the appropriate symbol (® or ™), these symbols indicate US
registered or common law trademarks owned by IBM at the time this information was published. Such trademarks may also be registered or common law
trademarks in other countries. A current list of IBM trademarks is available on the Web at “Copyright and trademark information” at
www.ibm.com/legal/copytrade.shtml
■ VMware, the VMware "boxes" logo and design, Virtual SMP and VMotion are registered trademarks or trademarks (the "Marks") of VMware, Inc. in the United
States and/or other jurisdictions.
■ References in this publication to IBM products or services do not imply that IBM intends to make them available in all countries in which IBM operates.
■ The customer is responsible for ensuring compliance with legal requirements. It is the customer’s sole responsibility to obtain advice of competent legal counsel as
to the identification and interpretation of any relevant laws and regulatory requirements that may affect the customer’s business and any actions the reader may
have to take to comply with such laws. IBM does not provide legal advice or represent or warrant that its services or products will ensure that the customer is in
compliance with any law or regulation.
37 10.03.2011 © 2011 IBM Corporation
- 38. 38 10.03.2011 © 2011 IBM Corporation