Security Virtualization. Part 1
Translation of the article "Virtualization Security" by Terry Komperda.
Security Virtualization. Part 2
1. OVERVIEW
')
In a short time, virtualization has had a tremendous impact on IT and network technologies; it has already contributed to tremendous cost savings and return on investment for data centers, enterprises and the Cloud. What seems less significant and lags far behind reality is an understanding of security and virtualization environments. Some people believe that virtualization is more secure than traditional environments, because they have heard about isolation between virtual machines (VMs) and because they have not heard of any successful attacks on hypervisors before. Others believe that new virtual environments need security just like traditional physical environments, so they use the same multi-year approach to security. The most important factor is that the new environment is more complex. Virtual approaches added to existing networks create a new network that requires a different approach to security. In addition to the usual measures should be applied and special security measures for virtualization. In this document, we will look at the differences, problems, difficulties, risks caused by the use of virtualization, and also provide practical recommendations and practical tips to make sure that after applying virtualization, the network remains as secure.
2. INTRODUCTION
Virtualization is evolving and plans to stay here for a long time. Although its concept has been known for more than fifty years, this technology will continue to grow and improve in areas that exist everywhere and plan to develop themselves further. Moreover, half of all servers today are running on Virtual Machines. IDC predicts that 70% of all workloads will work on VM by 2014. What really needs to keep up with technological progress due to large-scale use is to ensure the security of virtualization components and virtual environments. Let's look at some of the security benefits that come from using virtualization.
3. ADVANTAGES IN THE SAFETY SPHERE WHEN USING VIRTUALIZATION
The following are some security benefits after using virtualization:
4. PROBLEMS AND RISKS IN THE FIELD OF SAFETY WHEN USING VIRTUALIZATION
Now that we are familiar with the benefits of virtualization, we can look at some of the problems and risks.
4.1 File Sharing Between Hosts and Guests
4.2 Snapshots
4.3 Network Storage
4.4. Hypervisor
4.5 Virtual Machines
4.6 Separation of Duties and Administrator Access Rights
4.8 VLANs
4.9 Sections
It is believed that when several virtual machines are running on the same host, they are isolated from each other and one VM cannot be used to attack another. Technically, VMs can be divided, but partitions on VMs share memory, processor, and bandwidth resources. If a particular partition consumes too much of one of the above resources, for example, because of a virus, a DoS error may appear on other partitions.
4.10 Other Issues
Despite the many problems described above, virtualization is not necessarily considered insecure - it all depends on the deployment and the security measures applied. Weak security policies, as well as lack of training, can be a far more weighty cause of problems and vulnerabilities, which in turn will lead to a greater risk. Now that we know about security issues when using virtualization, it's time to look at the typical attacks.
5.TYPICAL ATTACKS
Below are some of the types of attacks typical of virtualization:
5.1 Refusal of Service (DoS)
A successful DoS attack can cause the hypervisor to shut down. This may lead to the possibility of adding a loophole for accessing the VM, bypassing the hypervisor.
5.2 Uncontrolled Movement between VMs
If a security hole is formed in the hypervisor and it is found, the user logged into the VM can jump to another VM and get access to the information stored on it.
5.3 Capturing Host Traffic
Vulnerabilities on the hypervisor allow you to monitor system calls, paging files and monitor memory and disk activity.
6. APPLICATION OF TRADITIONAL APPROACHES TO THE SAFETY OF PHYSICAL ENVIRONMENTS TO VIRTUALIZATION
Many of the problems and attacks that can be encountered during virtualization can be solved by using existing employees, processes and technologies. But what cannot be protected with the help of existing solutions is virtual matrices consisting of hypervisors, control systems and virtual switches. The following are some traditional approaches to virtualization and the associated disadvantages:
6.1 Firewalls
Some IT groups send traffic between VMs to standard firewalls, which will inspect the traffic and send it back to the virtual machines. Traditional firewalls were created before virtualization and were installed in data centers and enterprises, and, therefore, they were not created taking into account the virtual infrastructure and associated management systems. This can lead to manual installation and administration, which can then lead to errors. Standard firewalls also do not provide adequate security when moving a VM.
6.2 Network Based Intrusion Detection / Intrusion Prevention Systems
These devices do not work when there are several virtual machines on the host. This is mainly due to the fact that IDS / IPS systems cannot control traffic between virtual machines. Also, they can not access any information when transferring applications.
6.3 Limiting the number of VMs per host / Assignment to physical NICs
This approach not only limits the number of virtual machines on a host, but also assigns a physical network adapter to each virtual machine. While this may be a safe approach and has good security intentions, this approach does not allow a company to get all the benefits and return on investment from a virtualization technology.
6.4 VLANs
VLANs are widely used: whether it is in non-virtualized environments or environments with a good degree of virtualization. The problem here is that the number of VLANs is increasing, it is becoming increasingly difficult to manage the complexities associated with access to checklists, as well as to manage issues of compatibility of network security policy between non-virtual and virtual aspects of the environment.
6.5 Agent Antivirus Approaches
This entails downloading a complete copy of the antivirus software on each VM. Such an approach can provide good protection, but it will cause huge costs for all copies of antivirus software for all virtual machines in the environment. This full-featured software can also adversely affect the memory, storage and activity of the processor, because it increases the use of equipment, and therefore leads to a decrease in performance.
Despite the above disadvantages of using a traditional security model, 60% of respondents indicated that they use traditional solutions to ensure the security and protection of virtual environments. Virtual environments are dynamic and changing rapidly. It will be difficult for traditional approaches to cope with everything alone, to move and change properly. Another approach is to preserve the good aspects of the current approach to security, and at the same time look at the following tips and tricks for virtualization.
Security Virtualization. Part 2
1. OVERVIEW
')
In a short time, virtualization has had a tremendous impact on IT and network technologies; it has already contributed to tremendous cost savings and return on investment for data centers, enterprises and the Cloud. What seems less significant and lags far behind reality is an understanding of security and virtualization environments. Some people believe that virtualization is more secure than traditional environments, because they have heard about isolation between virtual machines (VMs) and because they have not heard of any successful attacks on hypervisors before. Others believe that new virtual environments need security just like traditional physical environments, so they use the same multi-year approach to security. The most important factor is that the new environment is more complex. Virtual approaches added to existing networks create a new network that requires a different approach to security. In addition to the usual measures should be applied and special security measures for virtualization. In this document, we will look at the differences, problems, difficulties, risks caused by the use of virtualization, and also provide practical recommendations and practical tips to make sure that after applying virtualization, the network remains as secure.
2. INTRODUCTION
Virtualization is evolving and plans to stay here for a long time. Although its concept has been known for more than fifty years, this technology will continue to grow and improve in areas that exist everywhere and plan to develop themselves further. Moreover, half of all servers today are running on Virtual Machines. IDC predicts that 70% of all workloads will work on VM by 2014. What really needs to keep up with technological progress due to large-scale use is to ensure the security of virtualization components and virtual environments. Let's look at some of the security benefits that come from using virtualization.
3. ADVANTAGES IN THE SAFETY SPHERE WHEN USING VIRTUALIZATION
The following are some security benefits after using virtualization:
- Centralized data storage in a virtualized environment prevents the loss of important data if the device is lost, stolen or hacked.
- When VMs and applications are securely isolated, only one application on the same OS will be affected by the attack.
- When properly configured, the virtual environment provides the flexibility that allows you to share the system without having to give access to critical information on the systems.
- If the VM is infected, it can be rolled back to the “protected” state that existed before the attack.
- The reduction in hardware that comes from virtualization improves physical security because there are fewer devices and, ultimately, fewer data centers.
- You can create desktop virtualization for better environmental control. The administrator can create and manage a “golden image” (template for VM), which can be sent to users' computers. This technology provides better OS management to ensure its compliance with organizational requirements, as well as security policy.
- Server virtualization can lead to a better handling of incidents, since the server can be returned to its previous state in order to analyze what happened before and during the attack.
- Control of access to system and network management, as well as the separation of tasks, can be improved by assigning different people: someone will control the VM within the network, while others will only deal with the VM in the DMZ. You can also assign administrators who will be responsible for the Windows server, and other administrators for the Linux server.
- The hypervisor software itself is not very functional and not complicated enough - it provides a small area for a potential attack on the hypervisor itself. The smaller the scope for a potential attack and the smaller the functionality, the smaller the potential vulnerabilities.
- Virtual switches (vswitches) do not perform the dynamic connection necessary to conduct inter-station attacks. They also omit double-styled packages, so attacks of this type are ineffective. Virtual switches also do not allow packets to leave their broadcast domain, thereby nullifying brute-force attacks that rely on overloading switches to allow packets to be transferred to other VLAN domains.
- Please note that I pointed to the pluses using the phrase "if configured or installed properly." Virtualization is a very complex process that needs to be properly protected in order to guarantee the above benefits.
4. PROBLEMS AND RISKS IN THE FIELD OF SAFETY WHEN USING VIRTUALIZATION
Now that we are familiar with the benefits of virtualization, we can look at some of the problems and risks.
4.1 File Sharing Between Hosts and Guests
- In the case of file sharing, a hacked guest can access the file system node and change the directories that are used to exchange information.
- When the shared clipboard and drag and drop are used by both the guest and the host, or when the API is used for programming, significant errors in these areas can jeopardize the entire infrastructure.
4.2 Snapshots
- If you return the original snapshot settings, any configuration changes will be lost. If you have changed the security policy, now you may have access to certain functions. Audit logs can also be lost, which eliminates the recording of changes you may have made on the server. Such unsuccessful results can make compliance difficult.
- Images and snapshots contain sensitive data, such as personal data and passwords, in the same form as this data is stored on a physical hard disk. Any unnecessary or additional images can really cause problems. All images that have been saved with malware can be reloaded in the future and cause chaos.
4.3 Network Storage
- Fiber Channel and iSCSI are clear text protocols and can be vulnerable to man-in-the-middle attacks (* type of Internet attacks in which an attacker intercepts a communication channel, getting full access to the information being transmitted *). Sniffing tools can be used to read or write storage system data, and this can be used to reassemble for a cracker’s convenience in the future.
- There is usually a trade-off between the performance of a fiber channel and its security. You can use encryption on the host bus adapters used in the fiber channel implementation, but in many cases this is not used due to negative performance.
4.4. Hypervisor
- If the hypervisor is compromised, then all VMs connected to it will also be at risk, and the default configuration of the hypervisor is not always the most reliable.
- The hypervisor manages everything and provides a single point of failure in a virtual environment. Any violation can endanger the entire virtual environment.
- Bare-iron hypervisors usually have built-in access control, and host virtualization (the hypervisor is placed on the server's physical OS) is not. Host virtualization exposes the system to greater threats due to the presence of the OS.
- The administrator can do anything on the hypervisor (he has “keys to all the doors”). Actions on the hypervisor are usually password protected, but the password can easily be transferred to another administrator. So you will never know which of the administrators performed a specific action.
- Hypervisors allow VMs to communicate with each other, and this interaction does not even go to the physical network. It acts as a private network for virtual machines. Such traffic is not always possible to see, since it is executed by the hypervisor, and you cannot protect something that you don’t know about!
4.5 Virtual Machines
- Virtual machines are quite small in size and simply copied to a remote computer or portable storage device. Loss of data on a VM will be equivalent to penetrating a data center, bypassing physical security, and the theft of a physical server.
- User-defined virtual machines do not always comply with the organization’s security policy and may not have any security software installed. Trial versions of products and games are currently offered for free use by players on a VM - they are installed, and such VMs can become part of a corporate network with possible vulnerabilities.
- Newly created VMs usually have open ports and many available protocols.
- Each time a VM is created, another OS is added that needs to be protected, patched, updated and maintained. Additional OS with problems may increase the overall risk.
- Inactive VMs or VMs that are no longer in use can still contain important data — such as credentials and configuration information.
- Any clipboard functionality that allows data to be shared between the VM and the host can become an entry point for malware, which will then be transferred to virtual machines.
- Non-isolated virtual machines can have full access to host resources. Any hacking VM can lead to hacking of all resources.
- Virtual machines can be created by users without notifying the organization’s IT department. If these virtual machines are not noticed, then they will not be protected.
- VM infecting can lead to data warehouse infection, and other virtual machines can use the same storage.
- Virtual machines can grow very quickly and this can cause tensions in security systems. If they are not automated effectively, the burden of the administrator on installing updates, patches, etc. will increase.
- Infected virtual machines may appear, infect other VMs, and then disappear before they are noticed.
4.6 Separation of Duties and Administrator Access Rights
- In normal physical networks, server administrators are involved in server management, while network administrators manage networks. Security personnel usually work with both groups of administrators. In virtual environments, server and network management can occur on a single management console, and this sets new tasks for efficient segregation of duties.
- By default, many virtualization systems give full access to all actions of the virtual infrastructure. These defaults do not always change, and hacking administrator access can provide complete control over the virtual infrastructure.
- 4.7 Time Synchronization
- The clock of the virtual machine may shift, and when it is combined with a shift in the readings of the normal clock, tasks may be performed too sooner or later, which can lead to confusion in the logs and loss of data accuracy. Incorrect time tracking will not provide enough data for any future investigations.
4.8 VLANs
- Using VLANs requires routing VM traffic, for example, from the host to the firewall. This can lead to delays and complex network design, which further cause performance problems.
- Communication inside the VM is not secure and is not examined on the VLAN. Also, if there are several VMs on the same VLAN, the spread of malware from one virtual machine to another cannot be stopped.
4.9 Sections
It is believed that when several virtual machines are running on the same host, they are isolated from each other and one VM cannot be used to attack another. Technically, VMs can be divided, but partitions on VMs share memory, processor, and bandwidth resources. If a particular partition consumes too much of one of the above resources, for example, because of a virus, a DoS error may appear on other partitions.
4.10 Other Issues
- Sometimes, security is kept in the mind of security personnel, or in checklists. If such an approach is common in an organization, it will be difficult to maintain virtualization security due to the speed at which VMs are created, moves, and so on.
- Virtualization is heavily software-based, and this provides more potential software vulnerabilities that could be exploited by attackers.
- Virtual disks are usually stored on the host as unprotected files and it is very easy to access them - no need to hack anything.
- Workloads with different levels of trust can be placed on the same server or vswitch, and the security of these workloads will be as high as the security of the least protected load. If there is sensitive information on the server, it may be unsafe.
Despite the many problems described above, virtualization is not necessarily considered insecure - it all depends on the deployment and the security measures applied. Weak security policies, as well as lack of training, can be a far more weighty cause of problems and vulnerabilities, which in turn will lead to a greater risk. Now that we know about security issues when using virtualization, it's time to look at the typical attacks.
5.TYPICAL ATTACKS
Below are some of the types of attacks typical of virtualization:
5.1 Refusal of Service (DoS)
A successful DoS attack can cause the hypervisor to shut down. This may lead to the possibility of adding a loophole for accessing the VM, bypassing the hypervisor.
5.2 Uncontrolled Movement between VMs
If a security hole is formed in the hypervisor and it is found, the user logged into the VM can jump to another VM and get access to the information stored on it.
5.3 Capturing Host Traffic
Vulnerabilities on the hypervisor allow you to monitor system calls, paging files and monitor memory and disk activity.
6. APPLICATION OF TRADITIONAL APPROACHES TO THE SAFETY OF PHYSICAL ENVIRONMENTS TO VIRTUALIZATION
Many of the problems and attacks that can be encountered during virtualization can be solved by using existing employees, processes and technologies. But what cannot be protected with the help of existing solutions is virtual matrices consisting of hypervisors, control systems and virtual switches. The following are some traditional approaches to virtualization and the associated disadvantages:
6.1 Firewalls
Some IT groups send traffic between VMs to standard firewalls, which will inspect the traffic and send it back to the virtual machines. Traditional firewalls were created before virtualization and were installed in data centers and enterprises, and, therefore, they were not created taking into account the virtual infrastructure and associated management systems. This can lead to manual installation and administration, which can then lead to errors. Standard firewalls also do not provide adequate security when moving a VM.
6.2 Network Based Intrusion Detection / Intrusion Prevention Systems
These devices do not work when there are several virtual machines on the host. This is mainly due to the fact that IDS / IPS systems cannot control traffic between virtual machines. Also, they can not access any information when transferring applications.
6.3 Limiting the number of VMs per host / Assignment to physical NICs
This approach not only limits the number of virtual machines on a host, but also assigns a physical network adapter to each virtual machine. While this may be a safe approach and has good security intentions, this approach does not allow a company to get all the benefits and return on investment from a virtualization technology.
6.4 VLANs
VLANs are widely used: whether it is in non-virtualized environments or environments with a good degree of virtualization. The problem here is that the number of VLANs is increasing, it is becoming increasingly difficult to manage the complexities associated with access to checklists, as well as to manage issues of compatibility of network security policy between non-virtual and virtual aspects of the environment.
6.5 Agent Antivirus Approaches
This entails downloading a complete copy of the antivirus software on each VM. Such an approach can provide good protection, but it will cause huge costs for all copies of antivirus software for all virtual machines in the environment. This full-featured software can also adversely affect the memory, storage and activity of the processor, because it increases the use of equipment, and therefore leads to a decrease in performance.
Despite the above disadvantages of using a traditional security model, 60% of respondents indicated that they use traditional solutions to ensure the security and protection of virtual environments. Virtual environments are dynamic and changing rapidly. It will be difficult for traditional approaches to cope with everything alone, to move and change properly. Another approach is to preserve the good aspects of the current approach to security, and at the same time look at the following tips and tricks for virtualization.
Source: https://habr.com/ru/post/243845/
All Articles