Wednesday, November 12, 2008

Virtual Security and Compliance Webcast

Recorded last week, go here to register and listen (sorry, the sound is ahead of the slides, I am trying to get that fixed).

Shout out to Tarry and everyone else who participated.

Monday, November 10, 2008

Risk mitigation for virtual infrastructures

Virtualization in the Data Center introduces the following: (skip down below)

1.Flattens infrastructure and networksUnauthorized network access or communication
2.Adds new operating system and infrastructure layersDenial of service and data security breach due to software defects


Collapses roles and increases privilege of administrators
Escalation of privilege, abuse of privilege
Increases transience, mobility and frequency of change within the data center
Misconfiguration, server sprawl and data security breach

  1. Virtual machine (VM) hosts, clusters and data centers reduce the logical and physical segmentation of systems and networks. This flattening exacerbates the risk of unauthorized access due to reduced visibility of events on the virtualized network.

  2. Mitigation: implement increased monitoring and access controls for each virtualized access layer and network. Monitoring must correlate virtual infrastructure management, network traffic, security events and validation of intra-VM access control policies.

  3. The Hypervisor is a new operating system, which along with hypervisor and virtual infrastructure management tools increases the defect, vulnerability and attack threat surface of the data center.

  4. Mitigation: incorporate all new software and management layers into your vulnerability management system (VMS). The VMS must be mandatory and integrated with automated discovery and validation of virtualized infrastructures.

  5. Like the introduction of DBAs for SQL databases and Domain Administrators for Window’s systems, Virtual Administrators have privileges that allow them to bypass existing controls and effectively access underlying systems and data at the hardware layer.

  6. Mitigation: implement compensating controls to log and audit all Virtual Administrator activities. Introduce dual controls and separation of duties for critical functions. You must deploy tools to perform continuous validation of these secondary controls to detect and prevent abuse of privilege. This will also reduce the risk from virtual machine breakout and hyperjacking.

  7. Servers are now files. Virtual machine mobility, snapshots, roll-backs and other features of virtualization have magnified the rate of change within the data center. This increase in operational velocity leads to increased risk of configuration error, capacity failures and for a security breach due to incorrect configuration or a lapse of controls.

  8. Mitigation: extend configuration and life-cycle management processes to track virtual machines. These processes must be effective regardless of the mobility and non-linear attributes of virtual machines. Configuration management tools must enforce mandatory controls and support correlation of virtual and physical infrastructure configuration attributes – extending from virtual machine internals to external network access layers. Monitor and audit direct access to virtual machines files at the operating system and storage access layers.