November 21, 2014 at 11:26Virtualization Security. Part 1
- Transfer
Translation of the article "Virtualization Security" by Terry Komperda.
Virtualization Security. Part 2
1. SUMMARY
In a short time, virtualization had a huge impact on IT and networking, it has already contributed to huge cost savings and return on investment for data centers, enterprises and the Cloud. What seems less significant and lags far behind reality is an understanding of virtualization and virtualized environments from a security point of view. Some people find that virtualization is more secure than traditional environments because they heard about isolation between virtual machines (VMs) and because they had not heard of any successful attacks on hypervisors before. Others believe that new virtual environments need security just like traditional physical environments, so they take the same long-term approach to security. The most important factor is that the new environment is more complex. Virtual approaches added to existing networks, create a new network that requires a different approach to security. In addition to the usual measures, special security measures for virtualization should be applied. In this document, we will consider the differences, problems, difficulties, risks caused by the use of virtualization, as well as provide practical recommendations and practical tips to make sure that after using virtualization the network will remain as secure.
2. INTRODUCTION
Virtualization is developing and plans to stay here for a long time. Although its concept has been known for more than fifty years, this technology will continue to grow and improve in areas that exist everywhere and plan to develop themselves further. Moreover, half of all servers today run on Virtual Machines. IDC predicts that 70% of all workloads will work on VMs by 2014. What really needs to keep up with technological progress due to its widespread application is the security of virtualization components and virtual environments. Let's look at some of the security benefits that come with virtualization.
3. ADVANTAGES IN THE SECURITY SPHERE AT THE APPLICATION OF VIRTUALIZATION
The following are some of the security benefits after using virtualization:
4. SECURITY CHALLENGES AND RISKS IN USING VIRTUALIZATION
Now that we have seen the advantages of virtualization, we can pay attention to some of the problems and risks.
4.1 File Sharing between Hosts and Guests
4.2 Snapshots
4.3 Network Storage
4.4. Hypervisor
4.5 Virtual Machines
4.6 Separation of Administrator Responsibilities and Access Rights
4.8 VLANs
4.9 Sections
It is believed that when several virtual machines are running on the same host, they are isolated from each other and one VM cannot be used to attack another. Technically, VMs can be partitioned, but partitions on VMs share memory, processor, and bandwidth resources. If a particular section consumes too much of one of the above resources, for example, due to a virus, a DoS error may appear on other sections.
4.10 Other Questions
Despite the many problems described above, virtualization should not be considered inherently insecure - it all depends on the deployment and the applied security measures. Weak security policies, as well as a lack of training, can become a much more compelling cause of problems and vulnerabilities, which in turn will lead to greater risk. Now that we know about security issues when using virtualization, it's time to take a look at typical attacks.
5. TYPICAL ATTACKS
The following are some types of attacks typical of virtualization:
5.1 Denial of Service (DoS)
A successful DoS attack can cause the hypervisor to shut down. This can lead to the possibility of adding a loophole for accessing the VM bypassing the hypervisor.
5.2 Uncontrolled movement between VMs
If a security hole is created in the hypervisor and it is found, the user logged on to the VM can jump onto another VM and gain access to the information stored on it.
5.3 Intercepting host traffic
Vulnerabilities on the hypervisor allow you to monitor system calls, paging files, and monitor memory and disk activity.
6. APPLICATION OF TRADITIONAL APPROACHES TO THE SAFETY OF PHYSICAL MEDIA TO VIRTUALIZATION
Many of the problems and attacks that can be encountered in virtualization can be solved by using existing employees, processes, and technologies. But what cannot be protected with the help of existing solutions is virtual matrices consisting of hypervisors, control systems and virtual switches. The following are some traditional approaches to virtualization and their associated weaknesses:
6.1 Firewalls
Some IT groups send traffic between VMs to standard firewalls, which will check the traffic and send it back to the virtual machines. Traditional firewalls were created before virtualization and installed in data centers and enterprises, and therefore they were not created taking into account the virtual infrastructure and associated management systems. This can lead to manual installation and administration, which can then lead to errors. Standard firewalls also do not provide adequate security when moving VMs.
6.2 Network-based Intrusion Detection / Intrusion Prevention Systems
These devices do not work when there are several virtual machines on the host. This is mainly due to the fact that IDS / IPS systems cannot control traffic between virtual machines. Also, they cannot access any information when transferring applications.
6.3 Limiting the number of VMs per host / Assignment to physical NICs
This approach not only limits the number of virtual machines on the host, but also assigns a physical network adapter for each virtual machine. Although this can be a safe approach and has good security intentions, such an approach does not allow the company to get all the benefits and return on investment from virtualization technology.
6.4 VLANs
VLANs are widely used: whether it is a matter of non-virtualized environments or environments with a good degree of virtualization. The problem here is that the number of VLANs is growing, it is becoming increasingly difficult to manage the complexities associated with access to checklists, as well as manage the compatibility of network security policies between non-virtual and virtual aspects of the environment.
6.5 Agent antivirus approaches
This entails downloading a full copy of antivirus software on each VM. This approach can provide good protection, but it will cause huge costs for all copies of antivirus software for all virtual machines in the environment. This full-featured software can also negatively affect the memory, storage and activity of the processor, as it increases the use of equipment, therefore, leads to a decrease in performance.
Despite the above disadvantages of using the traditional security model, 60% of respondents indicated that they use traditional solutions to ensure security and protect virtual environments. Virtual environments are dynamic and changing fast. It will be difficult for traditional approaches to cope, move and change alone on their own. Another approach is to preserve the good aspects of the current security approach, while at the same time looking at the following tips and tricks for virtualization.
Virtualization Security. Part 2
1. SUMMARY
In a short time, virtualization had a huge impact on IT and networking, it has already contributed to huge cost savings and return on investment for data centers, enterprises and the Cloud. What seems less significant and lags far behind reality is an understanding of virtualization and virtualized environments from a security point of view. Some people find that virtualization is more secure than traditional environments because they heard about isolation between virtual machines (VMs) and because they had not heard of any successful attacks on hypervisors before. Others believe that new virtual environments need security just like traditional physical environments, so they take the same long-term approach to security. The most important factor is that the new environment is more complex. Virtual approaches added to existing networks, create a new network that requires a different approach to security. In addition to the usual measures, special security measures for virtualization should be applied. In this document, we will consider the differences, problems, difficulties, risks caused by the use of virtualization, as well as provide practical recommendations and practical tips to make sure that after using virtualization the network will remain as secure.
2. INTRODUCTION
Virtualization is developing and plans to stay here for a long time. Although its concept has been known for more than fifty years, this technology will continue to grow and improve in areas that exist everywhere and plan to develop themselves further. Moreover, half of all servers today run on Virtual Machines. IDC predicts that 70% of all workloads will work on VMs by 2014. What really needs to keep up with technological progress due to its widespread application is the security of virtualization components and virtual environments. Let's look at some of the security benefits that come with virtualization.
3. ADVANTAGES IN THE SECURITY SPHERE AT THE APPLICATION OF VIRTUALIZATION
The following are some of the security benefits after using virtualization:
- A centralized data warehouse in a virtualized environment prevents the loss of sensitive data if a device is lost, stolen, or hacked.
- When VMs and applications are reliably isolated, only one application on the same OS will be affected by the attack.
- When correctly configured, the virtual environment provides flexibility that allows you to have general access to the system without having to give access to critical information on the systems.
- If the VM is infected, it can be rolled back to the “protected” state that existed before the attack.
- The reduction in hardware that comes with virtualization improves physical security because fewer devices are present and, ultimately, fewer data centers.
- You can create desktop virtualization for better environmental control. The administrator can create and manage a “golden image” (template for VM), which can be sent to users' computers. This technology provides better OS management to ensure compliance with organizational requirements as well as security policies.
- Server virtualization can lead to better incident handling, as servers can be reverted to their previous state in order to analyze what happened before and during the attack.
- Access control to system and network management, as well as task separation, can be improved if different people are assigned: someone will control the VMs inside the network, while others will only deal with VMs in the DMZ. You can also designate administrators who will be responsible for the Windows server, and other administrators for the Linux server.
- The hypervisor software itself is not very functional and not complex enough - it provides a small area for a potential attack on the hypervisor itself. The smaller the area for potential attack and the less functionality, the less potential vulnerabilities.
- Virtual switches (vswitches) do not perform the dynamic connection required for inter-station attacks. They also omit double-wrapped packets, so this type of attack is ineffective. Virtual switches also prevent packets from leaving their broadcast domain, thereby negating brute force attacks that rely on switch overloads to allow packets to be transferred to other VLAN domains.
- Please note that I pointed out the pros using the phrase "if configured or installed properly." Virtualization is a very complex process that must be properly protected to guarantee the above benefits.
4. SECURITY CHALLENGES AND RISKS IN USING VIRTUALIZATION
Now that we have seen the advantages of virtualization, we can pay attention to some of the problems and risks.
4.1 File Sharing between Hosts and Guests
- In the case of file sharing, a hacked guest can access the file system node and change directories that are used to exchange information.
- When the clipboard and drag and drop are used by both the guest and the host, or when APIs are used for programming, significant errors in these areas can jeopardize the entire infrastructure.
4.2 Snapshots
- If you restore the original snapshot settings, any configuration changes will be lost. If you changed the security policy, now it is possible to have access to certain functions. Audit logs can also be lost, which will exclude the recording of changes that you may have made on the server. Such poor results can make compliance difficult.
- Images and snapshots contain confidential data, such as personal data and passwords, in the same form as this data is stored on a physical hard disk. Any unnecessary or additional images can really cause problems. All images that were saved with malware may be reloaded in the future and cause chaos.
4.3 Network Storage
- Fiber optic channel and iSCSI are clear text protocols and can be vulnerable to man-in-the-middle attacks (* type of Internet attacks in which an attacker intercepts a communication channel, gaining full access to the transmitted information *). Sniffing tools can be used to read or write storage system data and this can be used for rebuilding for the convenience of a cracker in the future.
- Typically, there is a trade-off between fiber channel performance and its security. You can use the encryption on the host bus adapters used in the implementation of the fiber channel, but in many cases this is not used due to negative performance.
4.4. Hypervisor
- If the hypervisor is at risk, then all VMs connected to it will also be at risk, and the default hypervisor configuration is not always the most reliable.
- The hypervisor manages everything and provides a single point of failure in a virtual environment. Any violation could jeopardize the entire virtual environment.
- The bare hardware of hypervisors usually has built-in access control, and host virtualization (the hypervisor is placed on the physical server OS) is not. Host virtualization puts the system at great risk due to the presence of an OS.
- The administrator can do anything on the hypervisor (he has “keys to all doors”). Actions on the hypervisor are usually password protected, but the password can be easily transferred to another administrator. So you will never know which of the administrators performed a specific action.
- Hypervisors allow VMs to communicate with each other, and this interaction does not even go to the physical network. It acts as a private network for virtual machines. Such traffic cannot always be seen, since it is performed by the hypervisor, and you cannot protect what you don’t know about the existence!
4.5 Virtual Machines
- Virtual machines are small enough and easy to copy to a remote computer or portable storage device. Losing data on a VM will be equivalent to entering a data center, bypassing physical security, and stealing a physical server.
- Virtual machines installed by users do not always comply with the organization’s security policy and may not have any security software installed. Trial versions of products and games are currently offered for free use by players on VMs - they are installed, and such VMs can become part of a corporate network with possible vulnerabilities.
- Newly created VMs usually have open ports and many available protocols.
- Each time you create a VM, another OS is added that needs to be protected, patched, updated and maintained. An additional OS with problems can increase the overall risk.
- Inactive VMs or VMs that are no longer in use can still contain important data - such as credentials and configuration information.
- Any clipboard functionality that allows sharing data between the VM and the host can become a penetration point for malware, which will then be transferred to virtual machines.
- Non-isolated virtual machines can have full access to host resources. Any hacking of a VM can lead to hacking of all resources.
- Virtual machines can be created by users without notifying the organization’s IT department. If these virtual machines are not noticed, then they will not be protected.
- VM infection can lead to infection of the data warehouse, and other virtual machines can use the same storage.
- Virtual machines can grow very fast, and this can cause security tensions. If they are not effectively automated, the burden of the administrator will increase in connection with the installation of updates, patches, etc.
- Infected virtual machines may appear, infect other VMs, and then disappear before they are noticed.
4.6 Separation of Administrator Responsibilities and Access Rights
- In normal physical networks, server administrators manage the servers, while network administrators manage the networks. Security personnel typically work with both groups of administrators. In virtual environments, server and network management can take place on a single management console and this poses new challenges for the efficient separation of duties.
- By default, many virtualization systems provide full access to all virtual infrastructure activities. These defaults do not always change, and hacking administrator access can provide complete control over the virtual infrastructure.
- 4.7 Time Synchronization
- The clock of the virtual machine can be shifted, and when this is combined with the bias of the usual clock, tasks can be performed too sooner or later, which can lead to confusion in the logs and loss of data accuracy. Incorrect time tracking will provide insufficient data for any future investigations.
4.8 VLANs
- Using VLANs requires routing VM traffic, for example, from the host to the firewall. This can lead to delays and complex network design, which will cause performance problems in the future.
- Communication within the VM is not secure and is not explored on the VLAN. Also, if several VMs are located on the same VLAN, the spread of malware from one virtual machine to another cannot be stopped.
4.9 Sections
It is believed that when several virtual machines are running on the same host, they are isolated from each other and one VM cannot be used to attack another. Technically, VMs can be partitioned, but partitions on VMs share memory, processor, and bandwidth resources. If a particular section consumes too much of one of the above resources, for example, due to a virus, a DoS error may appear on other sections.
4.10 Other Questions
- Sometimes, security is stored in the head of security personnel or in checklists. If this approach is common in the organization, it will be difficult to maintain the security of virtualization in connection with the speed of creating VMs, movements, etc.
- Virtualization is heavily software-based, and this provides more potential software vulnerabilities that could be exploited by cybercriminals.
- Virtual disks are usually stored on the host as insecure files and access to them is very simple - no need to crack anything.
- Workloads with different levels of trust can be placed on the same server or vswitch, and the security of these workloads will be as high as the security of the least secure workload. If sensitive information is on the server, this may be unsafe.
Despite the many problems described above, virtualization should not be considered inherently insecure - it all depends on the deployment and the applied security measures. Weak security policies, as well as a lack of training, can become a much more compelling cause of problems and vulnerabilities, which in turn will lead to greater risk. Now that we know about security issues when using virtualization, it's time to take a look at typical attacks.
5. TYPICAL ATTACKS
The following are some types of attacks typical of virtualization:
5.1 Denial of Service (DoS)
A successful DoS attack can cause the hypervisor to shut down. This can lead to the possibility of adding a loophole for accessing the VM bypassing the hypervisor.
5.2 Uncontrolled movement between VMs
If a security hole is created in the hypervisor and it is found, the user logged on to the VM can jump onto another VM and gain access to the information stored on it.
5.3 Intercepting host traffic
Vulnerabilities on the hypervisor allow you to monitor system calls, paging files, and monitor memory and disk activity.
6. APPLICATION OF TRADITIONAL APPROACHES TO THE SAFETY OF PHYSICAL MEDIA TO VIRTUALIZATION
Many of the problems and attacks that can be encountered in virtualization can be solved by using existing employees, processes, and technologies. But what cannot be protected with the help of existing solutions is virtual matrices consisting of hypervisors, control systems and virtual switches. The following are some traditional approaches to virtualization and their associated weaknesses:
6.1 Firewalls
Some IT groups send traffic between VMs to standard firewalls, which will check the traffic and send it back to the virtual machines. Traditional firewalls were created before virtualization and installed in data centers and enterprises, and therefore they were not created taking into account the virtual infrastructure and associated management systems. This can lead to manual installation and administration, which can then lead to errors. Standard firewalls also do not provide adequate security when moving VMs.
6.2 Network-based Intrusion Detection / Intrusion Prevention Systems
These devices do not work when there are several virtual machines on the host. This is mainly due to the fact that IDS / IPS systems cannot control traffic between virtual machines. Also, they cannot access any information when transferring applications.
6.3 Limiting the number of VMs per host / Assignment to physical NICs
This approach not only limits the number of virtual machines on the host, but also assigns a physical network adapter for each virtual machine. Although this can be a safe approach and has good security intentions, such an approach does not allow the company to get all the benefits and return on investment from virtualization technology.
6.4 VLANs
VLANs are widely used: whether it is a matter of non-virtualized environments or environments with a good degree of virtualization. The problem here is that the number of VLANs is growing, it is becoming increasingly difficult to manage the complexities associated with access to checklists, as well as manage the compatibility of network security policies between non-virtual and virtual aspects of the environment.
6.5 Agent antivirus approaches
This entails downloading a full copy of antivirus software on each VM. This approach can provide good protection, but it will cause huge costs for all copies of antivirus software for all virtual machines in the environment. This full-featured software can also negatively affect the memory, storage and activity of the processor, as it increases the use of equipment, therefore, leads to a decrease in performance.
Despite the above disadvantages of using the traditional security model, 60% of respondents indicated that they use traditional solutions to ensure security and protect virtual environments. Virtual environments are dynamic and changing fast. It will be difficult for traditional approaches to cope, move and change alone on their own. Another approach is to preserve the good aspects of the current security approach, while at the same time looking at the following tips and tricks for virtualization.