security challenges in the virtualized world ibm virtual server protection for vmware
Post on 19-Oct-2014
1.133 views
DESCRIPTION
TRANSCRIPT
10.03.2011
1
© 2009 IBM Corporation
Security Challenges in the Virtualized WorldIBM Virtual Server Protection for VMware
Peter Rossi, IBM Senior Security Specialist
IBM Virtual Server Protection
© 2011 IBM Corporation2 10.03.2011
Agenda
■ IBM Security Framework
■ Security Challenges in the Virtualized World–Vulnerability examples
■ IBM Virtual Server Protection for VMware
© 2011 IBM Corporation3 10.03.2011
IBM Security Framework
© 2011 IBM Corporation4 10.03.2011
IBM delivers a new approach to Security Management
IBM's approach is to strategically manage risk end-to end across all risk areas within an organization.
IBM's approach is to strategically manage risk end-to end across all risk areas within an organization.
© 2011 IBM Corporation5 10.03.2011
IBM Security Framework
Protect sensitive business data
Give the right users access to the right resources at the right time
Keep applications available and protected from malicious or fraudulent use.
Optimize service availability by mitigating risks
Provide actionable intelligence & improve physical infrastructure security
© 2011 IBM Corporation6 10.03.2011
Prove that you’re in control.COMPLIANCE IBM is #1 in this space
IBM Tivoli Security Focus AreasTrusting Identities
Customers, partners, employees (known)
Managing Access
Securing Services
Protecting Data
IBM
H C R U6
IBM
Payroll
Online banking
Loan applications
Retail sales
Inventory
IBM is #1 in this space
Manage those you know.
ENFORCE
POLICY
Criminals, competitors, hackers (unknown)IBM is #1 in this space
Protect against those you don’t.
© 2011 IBM Corporation7 10.03.2011
Security Challenges in the Virtualized World
© 2011 IBM Corporation8 10.03.2011
Server and Network Convergence
© 2011 IBM Corporation9 10.03.2011
Security Challenges with Virtualization: What is the Impact to Overall Security Posture?
© 2011 IBM Corporation10 10.03.2011
Resource sharing——————————Single point of failure——————————Loss of visibility
MORE COMPONENTS = MORE EXPOSURE
Traditional Threats
Virtual server sprawl——————————Dynamic state——————————Dynamic relocation
Stealth rootkitsin hardware
Management Vulnerabilities——————————Secure storage of VMsand the management data——————————Requires new skill sets——————————Insider threat
New threats to VM environments
Traditional threats can attack VMs just like real systems
Security Challenges with Virtualization: New Risks
© 2011 IBM Corporation11 10.03.2011
The Importance of Virtualization System Security
■ Businesses are increasingly relying on virtualization technology
■ In Q4 2009, 18.2% of servers shipped were virtualized1
– 20% increase over 15.2% shipped in Q4 2008
■ Growing interest in cloud computing will fuel further demand
■ Vulnerability disclosures have grown as interest has grown
1Source: IDC
© 2011 IBM Corporation12 10.03.2011
The Risk Imposed by Virtualization System Vulnerabilities■ Disclosed vulnerabilities pose a significant security risk
■ 40% of all reported vulnerabilities have high severity– Tend to be easy to exploit, provide full control over attacked system
■ Exploits have been publically disclosed for 14% of vulnerabilities
© 2011 IBM Corporation13 10.03.2011
Vendor Disclosures Include Some Surprising Results
■ Low percentages for Oracle, IBM, and Microsoft
VMware: 80.9% RedHat: 6.9% Citrix: 5.8%
Oracle: 1.8% IBM: 1.1% Microsoft: 0.9%
© 2011 IBM Corporation14 10.03.2011
Virtualization System Vulnerability Classes■ Vulnerabilities can be classified by what they affect
System Administrators
Management Console Management Server
Virtualiza on Server
Hypervisor
GuestVM
GuestVM
Hardware
Virtualization System
1
2 4 6
AdminVM
3
5Guest VM Users
© 2011 IBM Corporation15 10.03.2011
Virtualization System Vulnerability Classes
■ 1. Management console vulnerabilities–Affect the management console host–Can provide platform or information allowing attack of management
server–Can occur in custom consoles or web applications
■ 2. Management server vulnerabilities–Potential to compromise virtualization system configuration–Can provide platform from which to attack administrative VM
■ 3. Administrative VM vulnerabilities–Compromises system configuration–In some systems (like Xen), equivalent to a hypervisor vulnerability in
that all guest VMs may be compromised–Can provide platform from which to attack hypervisor and guest VMs
© 2011 IBM Corporation16 10.03.2011
Virtualization System Vulnerability Classes
■ 4. Hypervisor vulnerabilities–Compromise all guest VMs–Cannot be exploited from guest VMs
■ 5. Guest VM vulnerabilities–Affect a single VM–Can provide platform from which to attack administrative VM,
hypervisor, and other guest VMs
■ 6. Hypervisor escape vulnerabilities–A type of hypervisor vulnerability–Classified separately because of their importance–Allow a guest VM user to “escape” from own VM to attack other VMs or
hypervisor–Violate assumption of isolation of guest VMs
© 2011 IBM Corporation17 10.03.2011
Virtualization System Vulnerability Examples
■ Management console–CVE-2009-2277: A cross-site scripting vulnerability in a VMware web
console allows remote attackers to steal cookie-based authentication credentials
■ Management server–CVE-2008-4281: VMware VirtualCenter management server can allow
a local attacker to use directory traversal sequences to gain elevated privileges
■ Administrative VM–CVE-2008-2097: A buffer overflow in a VMWare management service
running in the administrative VM could allow remote authenticated users to gain root privileges
© 2011 IBM Corporation18 10.03.2011
Virtualization System Vulnerability Examples
■ Guest VM–CVE-2009-2267: A bug in the handling of page fault exceptions in
VMware ESX Server could allow a guest VM user to gain kernel mode execution privileges in the guest VM
■ Hypervisor–CVE-2010-2070: By modifying the processor status register, a local
attacker can cause the Xen kernel to crash
■ Hypervisor escape–CVE-2009-1244: An error in the virtual machine display function on
VMware ESX Server allows an attacker in a guest VM to execute arbitrary code in the hypervisor
© 2011 IBM Corporation19 10.03.2011
Production Virtualization System Vulnerabilities By Class
Hypervisor escape (37.5%)
Admin VM (17.5%)Mgmt console
(16.3%)
Guest VM (15.0%)
Mgmt Server (6.3%)
Indeterminate (6.3%)
Hypervisor (1.3%)
© 2011 IBM Corporation20 10.03.2011
Gartner’s Perspective on Secure Virtualization
“IBM has the first commercial implementation of a rootkitdetection/prevention offering that works from outside of the virtual machine it is protecting...”
-Neil MacDonald, Gartner Neil MacDonald, Gartner
© 2011 IBM Corporation21 10.03.2011
IBM Virtual Server Protection for VMware
© 2011 IBM Corporation22 10.03.2011
Virtualization Security Solutions
■ Firewall■ Intrusion Prevention■ System auditing■ File integrity monitoring■ Anti-malware■ Security configuration Mgmt
Existing solutions certified for protection of
virtual workloads
Threat protection delivered in a virtual form-
factor
Integrated virtual environment-aware threat
protection
§ Firewall§ Intrusion Prevention§ Virtual network segment
protection/policy enforcement
§ Firewall§ Intrusion Prevention§ Virtual host protection and
network policy enforcement§ Network access control§ Virtual infrastructure monitoring
© 2011 IBM Corporation23 10.03.2011
Integrated Security
■ Non-intrusiveo No reconfiguration of the virtual networko No presence in the guest OS
■ Less management overheado One Security Virtual Machine (SVM) per
physical servero 1:many protection-to-VM ratio
■ Automated o Privileged presence gives SVM holistic view of
the virtual networko Protection automatically applied as VM comes
online
■ Lower overheado Eliminates redundant processing tasks
■ Protection for any guest OS
SiteProtectorManagement
Hypervisor
Hardware
SVM VM
OS
Applications
Kernel
VM
OS
Applications
Kernel
Management
OS
Applications
Kernel
Hardened OSKernel
Policy
Response
Engines
VMsafe
IBM Confidential
© 2011 IBM Corporation24 10.03.2011
IBM Virtual Server Protection for VMwareIntegrated threat protection for VMware vSphere 4
Benefits■ Vulnerability-centric, protocol-aware analysis and
protection■ Abstraction from underlying network configuration■ Automated protection for new VMs■ Network-level workload segmentation■ Privileged-level protection of OS kernel structures
IBM Confiden al
Helps customers to be more secure, compliant and cost-effective by delivering integrated and optimized security for virtual data centers.
SiteProtectorManagement
© 2011 IBM Corporation25 10.03.2011
Intrusion prevention just got smarter with extensible
protection backed by the power of X-Force
What It Does:Shields vulnerabilities from exploitation independent of a software patch, and enables a responsible patch management process that can be adhered to without fear of a breach
Why Important:At the end of 2009, 52% of all vulnerabilities disclosed during the year had no vendor-supplied patches available to remedy the vulnerability.
What It Does:Detects and prevents entire classes of threats as opposed to a specific exploit or vulnerability.
Why Important:Eliminates need of constant signature updates. Protection includes the proprietary Shellcode Heuristics (SCH) technology, which has an unbeatable track record of protecting against zero day vulnerabilities.
What It Does:Monitors and identifies unencrypted personally identifiable information (PII) and other confidential information for data awareness. Also provides capability to explore data flow through the network to help determine if any potential risks exist.
Why Important:Flexible and scalable customized data search criteria; serves as a complement to data security strategy.
What It Does:Protects web applications against sophisticated application-level attacks such as SQL Injection, XSS (Cross-site scripting), PHP file-includes, CSRF (Cross-site request forgery).
Why Important:Expands security capabilities to meet both compliance requirements and threat evolution.
What It Does:Manages control of unauthorized applications and risks within defined segments of the network, such as ActiveX fingerprinting, Peer To Peer, Instant Messaging, and tunneling.
Why Important:Enforces network application and service access based on corporate policy and governance.
What It Does:Protects end users against attacks targeting applications used everyday such as Microsoft Office, Adobe PDF, Multimedia files and Web browsers.
Why Important:At the end of 2009, vulnerabilities, which affect personal computers, represent the second-largest category of vulnerability disclosures and represent about a fifth of all vulnerability disclosures.
Our Protocol Analysis Module is the engine behind our products
Virtual Patch Client-Side Application Protection
Web Application Protection
Threat Detection & Prevention Data Security Application Control
© 2011 IBM Corporation26 10.03.2011
Automated Discovery/vNAC
Features■ Virtual network access
control (VNAC)■ Automated discovery■ Virtual Infrastructure
auditing integration
Benefits■ Rogue VM protection■ Virtual Infrastructure
monitoring■ Virtual network
awareness■ Quarantine or limit
network access until VM security posture has been validated
SVM is notified as soon as a VM
comes online
SVM is notified as soon as a VM
comes online
SVM limits network communications (quarantine group) until the VM is placed in a non-quarantine group
SVM limits network communications (quarantine group) until the VM is placed in a non-quarantine group
The SVM reports to SiteProtector that a new VM is online and initiates a discovery scan.
The SVM reports to SiteProtector that a new VM is online and initiates a discovery scan.
IBM Confiden al
SiteProtectorManagement
© 2011 IBM Corporation27 10.03.2011
Security Footprint Reduction
■ Security isolated in Security Virtual Machine
■ Less presence in guest OS equals:
o improved stabilityo more CPU/memory available
for workloadso decreased attack surface
■ Customer-defined thresholds for security resource usage
■ Over time, guest OS presence will be reduce to the absolute minimum
CPU-intensive processing removed
from the guest OS and consolidated in SVM
“Lighter” agent used where guest OS
context is required
© 2011 IBM Corporation28 10.03.2011
Mobility (VMotion)
■ Maintain security postureirrespective of the physical server on which the VM resides
Abstraction from underlying physical servers provides dynamic security adapted for mobility
SiteProtectorManagement
© 2011 IBM Corporation29 10.03.2011
Introspection-Based Rootkit Detection
■ Threat – Malware that embeds itself in the operating system to avoid detection■ Functionality
– Rootkit detection engine that uses memory introspection to identify modifications to key guest OS kernel data structures (SSDT & IDT) by malware
© 2011 IBM Corporation30 10.03.2011
Virtual Infrastructure Auditing
■ Threat – Virtual machine state change or migration that mixes trust zones■ Functionality
– Hooks into VMware management auditing to report events interesting from a security perspective
© 2011 IBM Corporation31 10.03.2011
VMsafe Network Packet Inspection API
VMX parameters for SVM:
ethernet2.networkName = "ibm-vmwarenetwork-appliance"
VMX parameters for VM:
ethernet0.filter0.name = "ibm-iss-vmkmod"ethernet0.filter0.onFailure = "failOpen"
Physical Hardware
ESX Server
VM
VMM
VMkernel
VMkernel Hardware Interface
VM
VMM VMM
introspection
Security Virtual
Machine
VM network traffic
VMsafe introspection
SlowPath Agent
vswitch01
FastPathAgent
FastPathAgent
DVFilterLibrary
■ vNetwork Data Path Agent(FastPath Agent)
– Installs as a kernel module and directly intercepts packets in the virtual network packet stream
■ vNetwork Control Path Agent(SlowPath Agent)
– Resides in a security virtual appliance and can be used for further thorough processing
© 2011 IBM Corporation32 10.03.2011
VMsafe CPU & Memory API
VMX parameters for SVM:
ethernet1.networkName = "ibm-vmwareintrospect-appliance"
VMX parameters for VM:
vmsafe.enable = "true"vmsafe.agentAddress = "169.254.55.2"vmsafe.agentPort = "49999"vmsafe.failOpen = "TRUE"
■ Can inspect memory locations and CPU registers
■ Hypervisor Extension implemented as VMX/VMM modules
■ VMsafe API Library on SVM
■ Capabilities– Detect current application
state in the protected VMsCPU
– Sense system configuration state from the control registers
Physical Hardware
ESX Server
VM
VMM
VMkernel
VMkernel Hardware Interface
VM
VMM VMM
introspection
VMsafe
VMsafe
Security Virtual
Machine
VM Memory/CPU calls
VMsafe introspection
VMsafe Library
VMsafe Vmsafe VMX/VMM extension
© 2011 IBM Corporation33 10.03.2011
IBM Virtual Server Protection for VMware helps to meet compliance best practices
1. Configuration and change management processes should be extended to encompass the virtual infrastructure
– Automatic discovery and protection as a VM comes online
– Dashboard visibility into the virtual host OS and the virtual network to identify vulnerabilities.
– IBM Virtual Patch® technology protects vulnerabilities on virtual servers regardless of patch strategy
*Source: RSA Security Brief: Security Compliance in a Virtual World http://www.rsa.com/solutions/technology/secure/wp/10393_VIRT_BRF_0809.pdf
2. Maintain separate administrative access control although server, network and security infrastructure is now consolidated
– Virtual network access control• Quarantines or limits network access from a virtual server
until VM security posture has been confirmed
– Virtual Infrastructure auditing
3. Provide virtual machine and virtual network security segmentation– Network-level workload isolation
4. Maintain virtual audit logging– Virtual Infrastructure monitoring and reporting
© 2011 IBM Corporation34 10.03.2011
IBM Virtual Server Security for VMware helps customers to be more secure, compliant and cost-effective
Protects and tracks access of critical data housed on virtual machines
How we help your business
Created for and integrated with the virtual platform
Increases virtual server uptime and availability with virtual rootkit detection
Helps meet regulatory compliance mandates by providing security and reporting functionality customized for the virtual infrastructure
Increases ROI with dynamic VM security and discovery
Integrated threat protection for the VMware vSphere 4 platform
© 2011 IBM Corporation35 10.03.2011
For more information on IBM Virtualization Security Solutions
White paper(click the graphic)
Virtualizations Security Solutions Web page(click the graphic)
Links work in slide show mode.
http://www-935.ibm.com/services/us/iss/html/virtualization-security-solutions.html
ftp://ftp.software.ibm.com/common/ssi/sa/wh/n/sew03016usen/SEW03016USEN.PDF
© 2011 IBM Corporation36 10.03.2011
Question?
Thank you!
© 2011 IBM Corporation37 10.03.2011
Trademarks and notes
■ IBM Corporation 2010
■ IBM, the IBM logo, ibm.com, AIX, IBM Internet Security Systems, Proventia, Real Secure, SiteProtector, X-Force and Virtual Patch are trademarks or registered trademarks of International Business Machines Corporation in the United States, other countries, or both. If these and other IBM trademarked terms are marked on their first occurrence in this information with the appropriate symbol (® or ™), these symbols indicate US registered or common law trademarks owned by IBM at the time this information was published. Such trademarks may also be registered or common law trademarks in other countries. A current list of IBM trademarks is available on the Web at “Copyright and trademark information” at www.ibm.com/legal/copytrade.shtml
■ VMware, the VMware "boxes" logo and design, Virtual SMP and VMotion are registered trademarks or trademarks (the "Marks") of VMware, Inc. in the United States and/or other jurisdictions.
■ References in this publication to IBM products or services do not imply that IBM intends to make them available in all countries in which IBM operates.
■ The customer is responsible for ensuring compliance with legal requirements. It is the customer’s sole responsibility to obtain advice of competent legal counsel as to the identification and interpretation of any relevant laws and regulatory requirements that may affect the customer’s business and any actions the reader may have to take to comply with such laws. IBM does not provide legal advice or represent or warrant that its services or products will ensure that the customer is in compliance with any law or regulation.
© 2011 IBM Corporation38 10.03.2011