using virtualization to improve security - vmwaredownload3.vmware.com/vmworld/2005/sln240.pdf ·...
Post on 04-Jun-2018
221 Views
Preview:
TRANSCRIPT
Using Virtualization to Improve Security
Jay JudkowitzProduct Manager, ESX Server
VMware, Inc.
This presentation may contain VMware confidential information.
Copyright © 2005 VMware, Inc. All rights reserved.All other marks and names mentioned herein may be trademarks
of their respective companies.
AgendaIntroductionVirtualization IntroductionGame Changing TechniquesApplication ExamplesQ & A
VMware and SecurityKey personnel with rich security backgrounds in secure operating systems and applicationsPapers and books attributed in security to VMware employeesFundamental research projects with leading universities to further enhance the possibilities of securityInternal processes including third-party source code audits, internal vulnerability assessment of code and recognized certifications (including Common Criteria by Q4 2005)Affiliations with various standards bodies to ensure we guide and adhere to industry set security standards
AgendaIntroductionVirtualization IntroductionSecurity Properties of VirtualizationApplication ExamplesQ & A
Security ChallengesMust deal with larger and larger numbers of systemsKeep up with regulatory and departmental policiesEnforcing system uniformity across all servers and desktops
Before Virtualization:Single OS image per machineSoftware and hardware tightly coupled Running multiple applications on same machine often creates conflictUnderutilized resourcesInflexible and costly infrastructure
After Virtualization:Break dependencies between OS and hardwareVirtual machines are hardware-independent: they can be provisioned anywhereManage OS and application as single unit by encapsulating them into virtual machines
Virtualization Basics
AgendaIntroductionVirtualization IntroductionGame Changing TechniquesApplication ExamplesQ & A
deflect.Don’t defend,
IsolationAttack MitigationPolicy EnforcementDefense-in-depth(cheaper)Encapsulation
Game Changing
IsolationDon’t make your problems mine
Virtual machine can be started/stopped/crashed without affecting other virtual machines and host systemPatches, configurations, and differing versions of software can be maintained throughout the networkImmediate virus containment
Abstraction from physical hardwareControl access to hardware, including writeable devices (such as floppies, USB, etc…)
IsolationKeep data, network, or memory separate and secure.Maintain isolated security testing groundHoneypotsIsolation of:
MemoryNetwork – virtual switches
AppApp
Exch angeExch ange DNSDNSExch angeExch ange
AppApp
Attack MitigationQuicker quarantine of system or entire network
Turn off virtual switches/routersExecute state change across multiple virtual machines at the same time (potentially entire network)
Failure of single virtual machine does not affect physical host or other virtual machines
Robust DoS, DDoS protection possible
Virtual Switch
Recover quicker from attacksBuild new production system from saved clone (with merged changes)Use ongoing snapshots (rollbacks) to automate recovery
Create forensics copy for later reviewMove production system back into service as quickly as possibleCreate forensics copy for technical or legal review
Attack Mitigation, cont.
Policy EnforcementDevelop template virtual machine
Replicate policies and configurationsEnforce security configurations (including DRM)Application specific templates (virtual machines for databases, for business applications, for security components, etc…)
OS + Apps Policies
&
Defense-in-depthEach virtual machine can contain security protection (application firewall/endpoint security)Firewall virtual machines (virtual firewalls) can be placed between virtual machines and/or subnetsDifferent security components/vendors can be quickly deployed
Production
ApacheApache
RH 7.3RH 7.3
AppApp
NT4NT4
DBDB
NT4NT4
ApacheApache
RH 7.3RH 7.3 Exch angeExch ange
NT4NT4
DNSDNS
RH 7.3RH 7.3
Exch angeExch ange
NT4NT4
Internet
Intranet
Firewall
Defense-in-Depth (Cheaper)
AgendaIntroductionVirtualization IntroductionGame Changing TechniquesApplication ExamplesQ & A
Monitor “health” of systems:Virus detectedvirtual machine isolated and crashesVirtual switch isolates virtual machine to prevent further damage
AppApp DBDB
Physical Server 1
Exch angeExch ange DNSDNSExch angeExch ange
LAN
AppApp DBDB
Exch angeExch ange DNSDNSExch angeExch ange
OK
OK OK OK
OK
BAD
Physical Server 2
OK OK
OK OK
Attack Example
AgendaIntroductionVirtualization IntroductionGame Changing TechniquesApplication ExamplesQ & A
Questions?
Jay Judkowitzjay@vmware.com
top related