smau 2010 milano: seminario aipsi virtualizzazione sicura
TRANSCRIPT
Alessio L.R. [email protected]: mayhemsppFaceBook: alessio.pennasilico
Virtualization (in)security
Thursday, 21 October, 2010
Virtualization (in)security [email protected]
$ whois mayhem
Board of Directors:CLUSIT, Associazione Informatici Professionisti,
Associazione Italiana Professionisti Sicurezza Informatica, Italian Linux Society, OpenBSD Italian User Group,
Hacker’s Profiling Project
2
Security Evangelist @
Thursday, 21 October, 2010
Virtualization (in)security [email protected]
Classical threats
Escape from VM
diversi esempi nel tempo,
ne vedremo altri in futuro :)
3
Thursday, 21 October, 2010
Virtualization (in)security [email protected]
altre minacce
malware vm-aware
4
Thursday, 21 October, 2010
Virtualization (in)security [email protected]
Confidenzialità
posso clonare macchine accese e fare quello che voglio sui cloni?
5
Thursday, 21 October, 2010
Virtualization (in)security [email protected]
Management VLAN
Gli host/hypervisor si dicono diverse cose interessanti
Dove facciamo passare il traffico “di servizio”?
6
Thursday, 21 October, 2010
Virtualization (in)security [email protected]
Traffico di servizio
accesso all’interfaccia amministrativa
test reachability per HA
vMotion
iSCSI, NFS
7
Thursday, 21 October, 2010
Virtualization (in)security [email protected]
Soluzioni?
Dividere
Filtrare
Analizzare
8
Thursday, 21 October, 2010
Virtualization (in)security [email protected]
disruption
Cosa succede se rendo “irraggiungibili” gli IP monitorati per la gestione dell’HA?
11
Thursday, 21 October, 2010
Virtualization (in)security [email protected]
Unauthorized access
Brute force?
Exploit (undocumented services)?
Exploit application layer? (SOAP)
12
Thursday, 21 October, 2010
Virtualization (in)security [email protected]
netstat
tcp 0 0 0.0.0.0:5989 0.0.0.0:* LISTENtcp 0 0 0.0.0.0:902 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:903 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:427 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN
13
Thursday, 21 October, 2010
Virtualization (in)security [email protected]
Perchè
intercettare / rallentare il traffico iSCSI / NFS
storage in replica per HA/DR
14
Thursday, 21 October, 2010
Virtualization (in)security [email protected]
Migration
Manipolare le VM durante la migrazione?
http://www.eecs.umich.edu/techreports/cse/2007/CSE-TR-539-07.pdfJon Oberheide, Evan Cooke, Farnam Jahanian: Xensploit
15
Thursday, 21 October, 2010
Virtualization (in)security [email protected]
Migration
Posso spostare VM infette
di datacenter in datacenter...
16
Thursday, 21 October, 2010
Virtualization (in)security [email protected]
Dubbi...
traffico “trusted” tra datacenter per garantire la migration delle VM?
Traffico protetto?
Traffico Trusted / VPN come canale di accesso amministrativo?
17
Thursday, 21 October, 2010
Virtualization (in)security [email protected]
Dormant VM
outdated policy
outdated signatures (AV, IPS)
manipolabili? >;-)
18
Thursday, 21 October, 2010
Virtualization (in)security [email protected]
Traffico interVM
firewall virtuali?
feature dell’hypervisor?
prodotti di terze parti?
20
Thursday, 21 October, 2010
Virtualization (in)security [email protected]
Prodotti agent based
multipiattaforma?
(comprende backup, AV, IPS...)
21
Thursday, 21 October, 2010
Virtualization (in)security [email protected]
Budget?
81% delle intrusioni avvengono su reti che non
sodisfano i requirement delle più diffuse
norme/best practice / guidelines
Gartner
22
Thursday, 21 October, 2010
Virtualization (in)security [email protected]
Conclusioni
Usare la virtualizzazione?
Si, ma…
Dividere, Filtrare, Analizzare, Patchare
23
Thursday, 21 October, 2010
Alessio L.R. [email protected]: mayhemsppFaceBook: alessio.pennasilico
Domande?
These slides are written by Alessio L.R. Pennasilico aka mayhem. They are subjected to Creative Commons Attribution-ShareAlike 2.5 version; you can copy, modify or sell them. “Please” cite your source and use the same licence :)
Grazie per l’attenzione!
Thursday, 21 October, 2010