Tag Archive: Security


Jun 13 2012

Escaping the Cave – A VMware admins worst fear

The worst security fear of any virtual environment is having a VM be able to gain access at the host level which can allow it to compromise any VM running on that host. If a VM was to gain access to a host it would essentially have the keys to the kingdom and because it has penetrated into the virtualization layer have a direct back door into any other VM. This has often been referred to as “escaping the cave” as the analogy goes that VMs all live in caves and are not allowed to escape it by the hypervisor.

caveman1

Typically this concern is most prevalent with hosted hypervisors like VMware Workstation that run a full OS under the virtualization layer. Bare metal hypervisors like ESX/ESXi have been fairly immune to this as they have direct contact with the bare metal of a server without a layer in between.

A new vulnerability was recently published that allows this exact scenario, fortunately if you’re a VMware shop it doesn’t affect you. It does affect pretty much every other hypervisor though that does not support the specific function that this vulnerability exploits.

You can read more about it here and here and specifically about VMware here. If you want to know more about security with VMware here’s an article I also wrote on how to steal a VM in 3 easy steps that you might find interesting. VMware also has a very good security blog that you can read here and a great overall security page with lots of links here. And if you want to follow one of VMware’s security guru’s (Rob Randell) who is a friend of mine and a fellow Colorado resident you can follow him here.

VMware has traditionally done an awesome job keeping ESX/ESXi very secure which is just one of the many reasons that they are the leader in virtualization. Security is a very big concern with virtualization and any vulnerabilities can have very large impacts which is why VMware takes it very seriously.

Here’s also an excerpt from my first book that talks about the escaping the cave concept:

Dealing with Security Administrators
This is the group that tends to put up the most resistance to VMware because of the fear that if a VM is compromised it will allow access to the host server and the other VMs on that host. This is commonly known as “escaping the cave,” and is more an issue with hosted products such as VMware Workstation and Server and less an issue with ESX, which is a more secure platform.

By the Way

The term escaping the cave comes from the analogy that a VM is trapped inside a cave on the host server. Every time it tries to escape from the cave, it gets pushed back in, and no matter what it does, it cannot escape from the cave to get outside. To date, there has never been an instance of a VM escaping the cave on an ESX server.

ESX has a securely designed architecture, and the risk level of this happening is greatly reduced compared to hosted virtual products such as Server and Workstation. This doesn’t mean it can’t happen, but as long as you keep your host patched and properly secured, the chances of it happening are almost nonexistent. Historically, ESX has a good record when it comes to security and vulnerabilities, and in May 2008, ESX version 3.0.2 and VirtualCenter 2.0.21 received the Common Criteria certification at EAL4+ under the Communications Security Establishment Canada (CSEC) Common Criteria Evaluation and Certification Scheme (CCS). EAL4+ is the highest assurance level that is recognized globally by all signatories under the Common Criteria Recognition Agreement (CCRA).

Apr 07 2011

Five ways to maximize VMware hypervisor security

For better or worse, administrators usually accept the default VMware hypervisor security settings.

VSphere is fairly secure, but VMware security breaches can still occur. Careless mistakes and questionable administrative decisions can weaken infrastructure security — especially if IT pros are more concerned about management convenience than about hardening the hypervisor, hosts and virtual machines (VMs).

To help prevent snafus, here are five ways to maximize VMware hypervisor security.

Firewalls prevent VMware hypervisor security from getting burned
Physical firewalls protect servers and devices directly connected to physical networks, but they aren’t always effective at protecting VMs connected to virtual networks. So use virtual firewalls in conjunction with physical firewalls to ensure that network traffic is secure at every level and nothing slips through the cracks.

Sometimes, virtual machine network traffic doesn’t leave the host or travel over a physical network. Traffic between VMs on the same vSwitch and port group remains inside the host. It travels in the host’s memory, through the virtual network — rather than over the physical network. As such, it’s outside the physical firewall’s protection zone.

Read the full article at searchvmware.com…

Apr 06 2011

VAR concerns and considerations for handling vSphere security: FAQ

Keeping your customer’s physical environment secure is more straightforward than dealing with security in a virtual environment. There are a number of hidden risks and concerns that solution providers need to be prepared for before fielding customer questions about vSphere security.

Virtualization expert Eric Siebert breaks down what you need to know about securing your customer’s vSphere environment, including Payment Card Industry Data Security Standard (PCI DSS) concerns, anti-virus software and ESX firewalls. Siebert also explains which third-party virtualization security products and vendors can be useful to solution providers.

How does security in virtual environments differ from physical environments?

Most of the security-hardening techniques that solution providers would normally use in physical environments apply to virtual environments as well. These techniques are typically used at the guest operating system (OS) level, which is no different in virtual environments. There are, however, other security areas that you need to be concerned with inside virtual environments that don’t exist with traditional physical servers.

Solution providers need to recognize that the host opens up more attack vectors inside virtual environments, with the biggest being toward the ESX Service Console and the ESXi Management Console. These consoles run as privileged virtual machines (VMs) on the host and hold the keys to accessing any VM on the host. There are a variety of methods that can be used to access a host, including Secure Shell, vSphere Client, scripting application programming interfaces (APIs) and Web browser access. All of these access points need to be properly secured to protect the host and its VMs.

Read the full article at searchsystemschannel.com…

Mar 24 2011

Five VMware security breaches that should never happen

VMware security breaches should not be taken lightly, especially now that there’s a spotlight on regulatory compliance and the shift toward cloud computing.

Virtual hosts house many workloads, and if an unscrupulous individual gains unauthorized access to a host, that person can potentially compromise all of its virtual machines (VMs). That means virtualization administrators should pay special attention to preventable VMware security breaches. There are several potential weak points where VMware security breaches can occur.

Making VMware security less like Swiss cheese

Out-of-the-box, VMware vSphere is fairly secure, but you can make it more susceptible to security breaches if you’re not careful with its configuration and remote-access settings.

By default, VMware disables many features that would make administration easier, and enabling these features weakens security. In ESX, for example, administrators typically enable Web user interface. And in ESXi, many IT pros allow access to the remote console through Secure Shell (SSH) connections. These actions may make your job easier, but they open up attack vectors for unauthorized individuals.

An even bigger vulnerability is the host’s management console. It’s the door to your entire virtual infrastructure, so don’t pass out many keys. Lock up the management console tightly and use it only when absolutely needed — which typically isn’t often. Other areas of concern are VM data stores, management and storage network traffic, virtual networking, application programming interfaces, VM-host interconnects, vCenter Server roles and permissions and third-party add-ons.

The bottom line: Know your weak points and make them secure.

Read the full article at searchvmware.com…

Sep 22 2010

All your ESX Service Consoles belong to us…

In case you needed more encouragement to move to ESXi here’s a good reason. The recent Linux vulnerability that was announced that can give attackers root access to a system effects the ESX 4.x Service Console as well as it is based off Red Hat Linux with the 2.6.28 kernel. The vulnerability affects nearly all 64-bit Linux distros but is not present in 32-bit Linux distros. Because of that the ESX 3.x Service Console is not affected by this. Apparently VMware is aware of this and a patch is in the works so be on the lookout for it and patch your systems immediately. If an attacker were to gain root access to your ESX Service Console they could easily gain access to all your VM’s as well. ESXi systems are not affected at all as they do not run a full Linux operating system and instead run a small POSIX based environment that has a smaller attack surface.

Aug 09 2010

Assigning vSphere security access controls

Security is critical in a vSphere environment. Virtual machine (VM) architecture, access methods and management is much different from that for physical servers. Because VMs are encapsulated into a single file that resides on a shared data store, additional attack vectors need to be secured. Further, any change or operation in a virtual environment can have a ripple effect on other residing VMs because all share common infrastructure components. Consequently, having proper security access controls in place is paramount to protect hosts and their VMs.

Because they have multiple components, virtual environments are secured in layers. You can do much of the work to secure an environment through vCenter Server, which provides centralized authentication and authorization services at many different levels inside vSphere. VCenter Server features four main components:

  • Privileges. A privilege enables or denies users access to perform actions in vSphere.
  • Roles. A role is a set of privileges that can be assigned to a user or group.
  • Users and groups. Users and groups are used in permissions to assign roles from Active Directory (AD) or local Windows users/groups.
  • Permissions. A permission is assigned to an object in vSphere and is composed of users/groups and a role.

Read the full article at searchsystemschannel.com…

May 14 2009

Upcoming webinar on Virtualization Security and Compliance

I received an invite today to an upcoming webinar on Virtualization Security and Compliance that is being given by Reflex Systems. What peaked my interest in it was the speakers and topics, one of the speakers is Rob Randall from VMware who is their security guru and also happens to reside in my hometown of Denver. The other speaker is Mike Wronski, VP of Product Management for Reflex Systems. One of the topics is VMsafe which was been announced quite a while ago but very little actual information on it has been released. Here’s what will be discussed in the webinar:

  • Leverage VMware’s VMsafe technology in vSphere 4 to achieve greater security in your virtual environment.
  • Use segmentation through Trust Zones and classification to safeguard your virtual data center and manage virtual assets more efficiently.
  • Add a level of security policy enforcement in your virtual environment by using vTrust dynamic policy enforcement technology.
  • Go “beyond the virtual firewall” to apply best practices for specifying policies in a virtual infrastructure.

I’m guessing that Relfex will be showing off and talking about an upcoming product release that leverages the VMsafe API’s that are part of the upcoming vSphere release. Since very little information about VMsafe has been released I’ll be interested to see how the product utilizes VMsafe to better integrate into ESX. The webinar is Wednesday, May. 27th at 2:00pm EST, you can register for it here.

May 11 2009

Security Links

General

vSphere 4.1 Hardening Guide (VMware)
vSphere 4.0 Security Hardening Guide (VMware)
Network Segmentation in Virtualized Environments (VMware)
DMZ Virtualization Using VMware vSphere 4 and the Cisco Nexus 1000V Virtual Switch (VMware)
Anti-Virus Practices for VMware View (VMware)
VMware Fast Path Versus Slow Path Firewalls (chrisbrenton.org)
How to steal a virtual machine and its data in 3 easy steps (SearchVMware)
Five VMware security breaches that should never happen (SearchVMware)
Five ways to maximize VMware hypervisor security (SearchVMware)
VAR concerns and considerations for handling vSphere security: FAQ (SearchSystemsChannel)
VMware releases long-awaited VMsafe security API (SearchSecurity.com)
DMZ Virtualization Using VMware vSphere 4 and the Cisco Nexus 1000V Virtual Switch (VMware)
Safely implementing VMsafe-aware virtual appliances in your data center (SearchVMware)

Compliance

Payment Card Industry Data Security Standard (PCI DSS) Compliance and VMware (VMware)
Achieving Compliance in a Virtualized Environment (VMware)
Virtualization: Security and Compliance Considerations (Webinar) (ConfigureSoft)
How Can You Prove Your Virtualized Environment is PCI Compliant? (Webinar) (ConfigureSoft)
Best Practices for Achieving PCI Compliance in a Virtual Environment (Webinar) (ConfigureSoft)
How Virtualization Affects PCI DSS Part 1: Mapping PCI Requirements and Virtualization (McAfee)
How Virtualization Affects PCI DSS Part 2: A Review of the Top 5 Issues (McAfee)
Security Compliance in a Virtual World (RSA)
IT Audit for the Virtual Environment (SANS)
Meeting the Challenges of Virtualization Security (Trend Micro)

vShield

VShield: Breaking down the VMware security suite (SearchVMware)
Zeroing in on vShield Endpoint and Edge features (SearchVMware)
VShield Manager: Installing VMware’s virtual security appliance (SearchVMware)
Installing VMware vShield Zones for a virtual firewall (SearchVMware)
Top 10 VMware security tips for vShield users (SearchVMware)
vShield products packaging explained (with a focus on vCloud Director) (IT 2.0)
How To Wield the New vShield (Edge, App & Endpoint) (Rational Survivability)
VMware’s (New) vShield: The (Almost) Bottom Line (Rational Survivability)
VMware vShield Endpoint and Trend Micro Deep Security 7.5 understanding Part 1 (GeekSilver)
VMware vShield Endpoint and Trend Micro Deep Security 7.5 understanding Part 2 (GeekSilver)
VMware vShield Endpoint and Trend Micro Deep Security 7.5 understanding Part 3 (GeekSilver)
VMware vSphere vShield 1.0 design flaw with vCenter as VM? (GeekSilver)
VMware vShield Zones – Reviewers Guide (VMware)
vShield Zones 4.1 FAQ (VMware)
Meet the Engineer: VMware vShield Product Family (YouTube video) (VMware)
vShield Zones: What it is and how it works (Pt. 1) (vShield 1.0) (SearchVMware)
Installing and Configuring vShield Zones (Pt. 2) (vShield 1.0) (SearchVMware)
Quick tips for managing vShield Zones (Pt. 3) (vShield 1.0) (SearchVMware)
Introduction to vShield Zones (vShield 1.0) (VMware)
vShield Zones featured on VMTN Community Roundtable Podcast (Talkshoe)
VMware vShield Zones (Musings of Rodos)
Why use vShield Zones? (Virtualization Pro)

May 07 2009

Security Links

General

Security Design of the Vmware Infrastructure 3 Architecture
VMware Infrastructure 3 Security Hardening
VMware ESX Server – Providing LUN Security
Security in a Virtualized Environment (VMworld 2007)
Security Architecture Design and Hardening VI3 (VMworld 2007)
VMware’s Security Response Policy
ESX Security White Paper
VI3 Security Risk Assessment Template
Virtualization Security Playbook
Being escorted out of the cave
Security Implications of the Virtual Data Center
Virtualization and Enterprise Configuration Policy Compliance (VMworld 2007)
Using the Secure Technical Implementation Guide (STIG) with VI3 (VMworld 2007)
Proven Practice: 20 Questions from IT Security Professionals
Top 100 Virtualization Security Questions
CPNI Technical Note 1/2009 Security Considerations For Server Virtualization
Virtualization: Disruptive Technologies Video Interview: Part 1 Part 2 Part 3 Part 4
The Four Horsemen of the Virtualization Security Apocalypse
The Four Horsemen of the Virtualization Security Apocalypse (Slides)

ESX Host

CIS ESX Server 3.x Security Benchmark
How to secure your VMware ESX Server
Security Hardening and Monitoring of VMware Infrastructure 3 (VMworld 2007)
ESX Server Security Technical Implentation Guide
Anti-virus software on the VMware ESX Service Console?

Compliance

Surviving Regulatory Compliance in the Virtual Infrastructure (VMworld 2006)
PCI Knowledgebase
How Server Virtualization Impacts Data Security and PCI Compliance
PCI DSS Security Standard
How to Achieve Security and Satisfy Compliance (VMworld 2007)
Best Practices for Surviving Regulatory Compliance (VMworld 2007)
Achieving Compliance in a Virtualized Environment
Ten Steps to Continuous Compliance: Putting in Place an Enterprise-Wide Compliance Strategy
Reducing the Scope of Your PCI Audit: Innovative Network Segmentation Using Host Intrusion Defense
Staying PCI Compliant in Virtual and Physical Environments
Insights from an Auditor: Ensuring a Successful PCI Audit
VMware Compliance Center
How Virtualization affects PCI DSS – Part 1 Mapping PCI Requirements and Virtualization
How Virtualization affects PCI DSS – Part 2 A Review of the Top 5 Issues

DMZ

DMZ Virtualization with VMware Infrastructure
Proven Practice: Choosing a DMZ Strategy
Preventing VMware ESX or ESXi network security breaches in DMZs

Hacking

Subverting the Windows Kernel for Fun and Profit
On the Cutting Edge: Thwarting Virtual Machine Detection
Detecting the Presence of Virtual Machines Using the Local Data Table
Attacks on Virtual Machine Emulators
Analysis of the Intel Pentium’s Ability to Support a Secure Virtual Machine Monitor
Compatibility is Not Transparency: VMM Detection Myths and Realities
An Empirical Study into the Security Exposure to Hosts of Hostile Virtualized Environments
Hardware Virtualization Rootkits

Networking

Virtual Switch Security
802.1Q VLAN Security Report
Epiphany: For Network/InfoSec Folks, the Virtualization Security Awareness Problem All Starts With the vSwitch…
Oh Noes: We Can’t Monitor/Protect Against Intra-VM Traffic!
Keeping your Vmotion Traffic Secure
Minimizing promiscuous mode port group security breaches
Avoid high-risk data commingling with VMware virtual networks to prevent security vulnerabilities

Virtual Machine

CIS Virtual Machine Security Benchmark
Improving VM Security: Best Practices
Hardening the VMX File
Hardening the VMX File: Redux

Apr 22 2008

Top 10 things you must read about VMware Security

  1. VMware Infrastructure 3 Security Hardening - A white paper from VMware with tips on securing ESX servers, VirtualCenter and Virtual Machines.
  2. Security Design of the VMware Infrastructure 3 Architecture - A white paper from VMware describing the security architecture of VI3 including networking, storage, service console and the hypervisor.
  3. Security Hardening and Monitoring of VMware Infrastructure 3 - A VMworld 2007 lab manual that covers real-world examples of securing VI3.
  4. VMware ESX Server – Providing LUN Security - A white paper from VMware written in response to LUN security concerns that have been raised.
  5. CIS ESX Server 3.x Security Benchmark - Center for Internet Security (CIS) recommended guidelines for securing ESX servers.
  6. CIS Virtual Machine Security Benchmark - Center for Internet Security (CIS) recommended guidelines for securing Virtual Machines.
  7. Security Architecture Design and Hardening VI3 (VMworld 2007) - A VMworld 2007 presentation on the security design of VI3 and recommended hardening steps.
  8. VI3 Security Risk Assessment Template - A great document from Xtravirt to help assess and mitigate security risks with VI3.
  9. Security in a Virtualized Environment (VMworld 2007) - A VMworld 2007 presentation comparing physical to virtual security.
  10. Virtualization Security Playbook - A compilation of 8 good virtual security articles.