Wednesday, November 12, 2008
Virtual Security and Compliance Webcast
Shout out to Tarry and everyone else who participated.
Monday, November 10, 2008
Risk mitigation for virtual infrastructures
Virtualization in the Data Center introduces the following: (skip down below)
EFFECT | RISK | |
1. | Flattens infrastructure and networks | Unauthorized network access or communication |
2. | Adds new operating system and infrastructure layers | Denial of service and data security breach due to software defects |
3. | Collapses roles and increases privilege of administrators | Escalation of privilege, abuse of privilege |
4. | Increases transience, mobility and frequency of change within the data center | Misconfiguration, server sprawl and data security breach |
- Virtual machine (VM) hosts, clusters and data centers reduce the logical and physical segmentation of systems and networks. This flattening exacerbates the risk of unauthorized access due to reduced visibility of events on the virtualized network.
- The Hypervisor is a new operating system, which along with hypervisor and virtual infrastructure management tools increases the defect, vulnerability and attack threat surface of the data center.
- Like the introduction of DBAs for SQL databases and Domain Administrators for Window’s systems, Virtual Administrators have privileges that allow them to bypass existing controls and effectively access underlying systems and data at the hardware layer.
- Servers are now files. Virtual machine mobility, snapshots, roll-backs and other features of virtualization have magnified the rate of change within the data center. This increase in operational velocity leads to increased risk of configuration error, capacity failures and for a security breach due to incorrect configuration or a lapse of controls.
Mitigation: implement increased monitoring and access controls for each virtualized access layer and network. Monitoring must correlate virtual infrastructure management, network traffic, security events and validation of intra-VM access control policies.
Mitigation: incorporate all new software and management layers into your vulnerability management system (VMS). The VMS must be mandatory and integrated with automated discovery and validation of virtualized infrastructures.
Mitigation: implement compensating controls to log and audit all Virtual Administrator activities. Introduce dual controls and separation of duties for critical functions. You must deploy tools to perform continuous validation of these secondary controls to detect and prevent abuse of privilege. This will also reduce the risk from virtual machine breakout and hyperjacking.
Mitigation: extend configuration and life-cycle management processes to track virtual machines. These processes must be effective regardless of the mobility and non-linear attributes of virtual machines. Configuration management tools must enforce mandatory controls and support correlation of virtual and physical infrastructure configuration attributes – extending from virtual machine internals to external network access layers. Monitor and audit direct access to virtual machines files at the operating system and storage access layers.