virtually protected: virtualization and - sans protected... · virtualization motivators for...
TRANSCRIPT
© 2010 Invensys. All Rights Reserved. The names, logos, and taglines identifying the products and services of Invensys are proprietary marks of Invensys or its subsidiaries. All third party trademarks and service marks are the proprietary marks of their respective owners.
© Invensys 00/00/00 Invensys proprietary & confidential Slide 2
Virtually Protected: Virtualization and ICS
SANS European Community SCADA & Process Control Summit 2012
Presented by Brian Endres, MCSE, MCP+I, PFA, VTSP
Principal Network Analyst - Invensys
Virtually Protected: Virtualization and ICS
Background
1. Virtualization Phases
2. Software Defined Hardware – CPU, Security, Data Center
3. Examples of various Pro’s and Cons
Slide 3
Virtually Protected: Virtualization and ICS
• Virtualization provides a software abstraction of the hardware. This allows us to use software in place of hardware and have the software emulate the hardware.
• Adding the virtual infrastructure increases the “surface area”.
• This means more area to attack or even fail, but it also means many more solutions for ICS deployments.
• More and more software is replacing hardware.
Slide 4
Two Virtualization Phases (what’s the 3rd?)
Host Virtualization
• Server Consolidation
• Portability and low MTTR.
• Reduced Cost
Enterprise Virtualization
• High Availability
• Load Balancing
• Fault Tolerance
• Disaster Recovery
• Data Center Automation
• Shared Storage
Virtualization motivators for IT
Cost reduction 1. •Consolidation of Machines
•Energy Reduction
•Life cycle extension
Management 2. •Upgrades of HW
•Central Management
•Fast Deployment
•Corporate standard libraries
Support 3. •Virtual Desktops
•Fast Deployment
•Backup Procedure more effective
Virtualization motivators for Operations Business Continuity 1.
•High Availability
•Disaster Recovery
•Fault Tolerance
•Clear backup policies
Operational Cost 2. •Footprint reduction
•Higher return on capital investment
•MTTR (Mean-Time-to-Repair) reduction
Support 3. •Thin Clients plant floor, no moving parts
• IT maintained
Common Barriers For Virtualization
Mitigations: Virtualization can work without a SAN
Performance – don’t over-commit resources
Source: VMWARE
Over-commitment of resources • Example: Server with 2 x 6 cores = 12 cores total.
• Add 5 VMs, 4 vCPU each (20 total cores). If each VM runs 100%
CPU, what happens?
Slide 9
Collapsing the Data Center
• The data center is collapsing and getting denser due to virtualization.
• The cloud era, which is the 3rd phase, is also changing corporate data
centers.
• This means that there is lots of data moving thru the virtual
infrastructure.
• However, ICS deployments are typically more static and physical.
Slide 10
Virtualization - The Software Defined Datacenter
• The future for IT
– The network and security layers are now becoming virtualized.
– Complex Multi-Network applications including security services can be
deployed in minutes including firewalls and security appliances.
– From Virtual Server -> to Virtual Application -> to Virtual Data Center
– But, it’s a hybrid world – we have both Physical and Virtual devices
Slide 11
Software Defined Datacenter – Defense in Depth in Depth
– Typical Defense in Depth
– SCADA and Process deployments can leverage virtual security per
application, then per production line, and then per plant.
Example: Virtual Application model (vApp)
• This provides security per application
• Application machines have specific firewalls, isolation, and
monitoring.
• Where the Castle has its perimeter wall, this is an interior wall
around just the application.
Slide 17
Virtualization Security Methodologies
• Hypervisor Introspection (Agentless security)
• Example: VMware vShield Endpoint:
http://www.vmware.com/files/pdf/products/vcns/VMware-
Integrated-Partner-Solutions-Networking-Security.pdf
Slide 22
Behavior based security trends
• Traditional security has focused on securing the perimeter
• Virtualization allows more internal activity to be analyzed
• The coming trend is for greater tools that monitor for good and bad
behavior within the virtual data center
Slide 23
Virtual Data Center Density Risks
• Increasing the computing density increases the risk of failures due to
more shared hardware components throughout the data center.
• Mitigate this concentration risk by using high-quality and resilient
hardware or using Disaster Recovery and/or Business Continuity
solutions.
• The more density in the workloads, the greater the resiliency and
redundancy of the physical hardware or system is required.
Slide 24
Concentration Risks – RAID5/SATA
• Dual parity is a minimum requirement with today’s larger SATA
drives, but we still see lots of RAID5 SATA deployments.
• SATA drives are commonly specified with an unrecoverable read error
rate (URE) of 10^14. Which means that once every 200 million
sectors (12TB), the disk will not be able to read a sector.
• You have a 62% chance of data loss due to an uncorrectable read
error on a 7 drive (2 TB each) RAID 5 with one failed disk, assuming
a 10^14 read error rate and ~23 billion sectors in 12 TB
Slide 25
Virtualization Extends Perimeter
• Virtualization creates a software boundary rather than physical
boundary.
• The data center edge can inadvertently expand beyond the secure
server room walls.
• This has advantages of reducing improving agility but also broadens
the attack surface area.
• Examples: Console access. Can someone watch you type?
Slide 26
Can physical firewalls or security appliances be
virtualized or do they need to stay physical?
• This was a common question a few years ago.
• Virtualized firewalls are one of the key components of a Software
Defined Datacenter.
• This means much more pervasive security appliances.
Slide 27
Segmented/Isolated Management layer?
• Is your Virtualization management layer sharing the same network as
your plant?
• Does your management layer have access to the internet?
Slide 28
VM Escape
• Virtual machine escape is an exploit in which the attacker runs code
on a VM that allows an operating system running within it to break
out and interact directly with the hypervisor or other co-resident
virtual machines
• Concern for public cloud vendors with multi-tenant deployments
• Mitigation: Avoid co-residency, CPU pinning
• On-premise private cloud deployments have more control
Slide 29
Closing
• If we can build security into smaller and more manageable units, we
can then manage security better as a whole.
• Yes, virtualization adds more complexity, but it also allows us to
simplify our security in the process, through software.
• It allows ICS systems to better define their application requirements
and have virtualization provide it.
Slide 30