Tag Archive: Security

Jun 13 2012

Escaping the Cave – A VMware admins worst fear

The worst security fear of any virtual environment is having a VM be able to gain access at the host level which can allow it to compromise any VM running on that host. If a VM was to gain access to a host it would essentially have the keys to the kingdom and because it has penetrated into the virtualization layer have a direct back door into any other VM. This has often been referred to as “escaping the cave” as the analogy goes that VMs all live in caves and are not allowed to escape it by the hypervisor.

caveman1

Typically this concern is most prevalent with hosted hypervisors like VMware Workstation that run a full OS under the virtualization layer. Bare metal hypervisors like ESX/ESXi have been fairly immune to this as they have direct contact with the bare metal of a server without a layer in between.

A new vulnerability was recently published that allows this exact scenario, fortunately if you’re a VMware shop it doesn’t affect you. It does affect pretty much every other hypervisor though that does not support the specific function that this vulnerability exploits.

You can read more about it here and here and specifically about VMware here. If you want to know more about security with VMware here’s an article I also wrote on how to steal a VM in 3 easy steps that you might find interesting. VMware also has a very good security blog that you can read here and a great overall security page with lots of links here. And if you want to follow one of VMware’s security guru’s (Rob Randell) who is a friend of mine and a fellow Colorado resident you can follow him here.

VMware has traditionally done an awesome job keeping ESX/ESXi very secure which is just one of the many reasons that they are the leader in virtualization. Security is a very big concern with virtualization and any vulnerabilities can have very large impacts which is why VMware takes it very seriously.

Here’s also an excerpt from my first book that talks about the escaping the cave concept:

Dealing with Security Administrators
This is the group that tends to put up the most resistance to VMware because of the fear that if a VM is compromised it will allow access to the host server and the other VMs on that host. This is commonly known as “escaping the cave,” and is more an issue with hosted products such as VMware Workstation and Server and less an issue with ESX, which is a more secure platform.

By the Way

The term escaping the cave comes from the analogy that a VM is trapped inside a cave on the host server. Every time it tries to escape from the cave, it gets pushed back in, and no matter what it does, it cannot escape from the cave to get outside. To date, there has never been an instance of a VM escaping the cave on an ESX server.

ESX has a securely designed architecture, and the risk level of this happening is greatly reduced compared to hosted virtual products such as Server and Workstation. This doesn’t mean it can’t happen, but as long as you keep your host patched and properly secured, the chances of it happening are almost nonexistent. Historically, ESX has a good record when it comes to security and vulnerabilities, and in May 2008, ESX version 3.0.2 and VirtualCenter 2.0.21 received the Common Criteria certification at EAL4+ under the Communications Security Establishment Canada (CSEC) Common Criteria Evaluation and Certification Scheme (CCS). EAL4+ is the highest assurance level that is recognized globally by all signatories under the Common Criteria Recognition Agreement (CCRA).

Share This:

Apr 07 2011

Five ways to maximize VMware hypervisor security

For better or worse, administrators usually accept the default VMware hypervisor security settings.

VSphere is fairly secure, but VMware security breaches can still occur. Careless mistakes and questionable administrative decisions can weaken infrastructure security — especially if IT pros are more concerned about management convenience than about hardening the hypervisor, hosts and virtual machines (VMs).

To help prevent snafus, here are five ways to maximize VMware hypervisor security.

Firewalls prevent VMware hypervisor security from getting burned
Physical firewalls protect servers and devices directly connected to physical networks, but they aren’t always effective at protecting VMs connected to virtual networks. So use virtual firewalls in conjunction with physical firewalls to ensure that network traffic is secure at every level and nothing slips through the cracks.

Sometimes, virtual machine network traffic doesn’t leave the host or travel over a physical network. Traffic between VMs on the same vSwitch and port group remains inside the host. It travels in the host’s memory, through the virtual network — rather than over the physical network. As such, it’s outside the physical firewall’s protection zone.

Read the full article at searchvmware.com…

Share This:

Apr 06 2011

VAR concerns and considerations for handling vSphere security: FAQ

Keeping your customer’s physical environment secure is more straightforward than dealing with security in a virtual environment. There are a number of hidden risks and concerns that solution providers need to be prepared for before fielding customer questions about vSphere security.

Virtualization expert Eric Siebert breaks down what you need to know about securing your customer’s vSphere environment, including Payment Card Industry Data Security Standard (PCI DSS) concerns, anti-virus software and ESX firewalls. Siebert also explains which third-party virtualization security products and vendors can be useful to solution providers.

How does security in virtual environments differ from physical environments?

Most of the security-hardening techniques that solution providers would normally use in physical environments apply to virtual environments as well. These techniques are typically used at the guest operating system (OS) level, which is no different in virtual environments. There are, however, other security areas that you need to be concerned with inside virtual environments that don’t exist with traditional physical servers.

Solution providers need to recognize that the host opens up more attack vectors inside virtual environments, with the biggest being toward the ESX Service Console and the ESXi Management Console. These consoles run as privileged virtual machines (VMs) on the host and hold the keys to accessing any VM on the host. There are a variety of methods that can be used to access a host, including Secure Shell, vSphere Client, scripting application programming interfaces (APIs) and Web browser access. All of these access points need to be properly secured to protect the host and its VMs.

Read the full article at searchsystemschannel.com…

Share This:

Mar 24 2011

Five VMware security breaches that should never happen

VMware security breaches should not be taken lightly, especially now that there’s a spotlight on regulatory compliance and the shift toward cloud computing.

Virtual hosts house many workloads, and if an unscrupulous individual gains unauthorized access to a host, that person can potentially compromise all of its virtual machines (VMs). That means virtualization administrators should pay special attention to preventable VMware security breaches. There are several potential weak points where VMware security breaches can occur.

Making VMware security less like Swiss cheese

Out-of-the-box, VMware vSphere is fairly secure, but you can make it more susceptible to security breaches if you’re not careful with its configuration and remote-access settings.

By default, VMware disables many features that would make administration easier, and enabling these features weakens security. In ESX, for example, administrators typically enable Web user interface. And in ESXi, many IT pros allow access to the remote console through Secure Shell (SSH) connections. These actions may make your job easier, but they open up attack vectors for unauthorized individuals.

An even bigger vulnerability is the host’s management console. It’s the door to your entire virtual infrastructure, so don’t pass out many keys. Lock up the management console tightly and use it only when absolutely needed — which typically isn’t often. Other areas of concern are VM data stores, management and storage network traffic, virtual networking, application programming interfaces, VM-host interconnects, vCenter Server roles and permissions and third-party add-ons.

The bottom line: Know your weak points and make them secure.

Read the full article at searchvmware.com…

Share This:

Sep 22 2010

All your ESX Service Consoles belong to us…

In case you needed more encouragement to move to ESXi here’s a good reason. The recent Linux vulnerability that was announced that can give attackers root access to a system effects the ESX 4.x Service Console as well as it is based off Red Hat Linux with the 2.6.28 kernel. The vulnerability affects nearly all 64-bit Linux distros but is not present in 32-bit Linux distros. Because of that the ESX 3.x Service Console is not affected by this. Apparently VMware is aware of this and a patch is in the works so be on the lookout for it and patch your systems immediately. If an attacker were to gain root access to your ESX Service Console they could easily gain access to all your VM’s as well. ESXi systems are not affected at all as they do not run a full Linux operating system and instead run a small POSIX based environment that has a smaller attack surface.

Share This:

Aug 09 2010

Assigning vSphere security access controls

Security is critical in a vSphere environment. Virtual machine (VM) architecture, access methods and management is much different from that for physical servers. Because VMs are encapsulated into a single file that resides on a shared data store, additional attack vectors need to be secured. Further, any change or operation in a virtual environment can have a ripple effect on other residing VMs because all share common infrastructure components. Consequently, having proper security access controls in place is paramount to protect hosts and their VMs.

Because they have multiple components, virtual environments are secured in layers. You can do much of the work to secure an environment through vCenter Server, which provides centralized authentication and authorization services at many different levels inside vSphere. VCenter Server features four main components:

  • Privileges. A privilege enables or denies users access to perform actions in vSphere.
  • Roles. A role is a set of privileges that can be assigned to a user or group.
  • Users and groups. Users and groups are used in permissions to assign roles from Active Directory (AD) or local Windows users/groups.
  • Permissions. A permission is assigned to an object in vSphere and is composed of users/groups and a role.

Read the full article at searchsystemschannel.com…

Share This:

May 14 2009

Upcoming webinar on Virtualization Security and Compliance

I received an invite today to an upcoming webinar on Virtualization Security and Compliance that is being given by Reflex Systems. What peaked my interest in it was the speakers and topics, one of the speakers is Rob Randall from VMware who is their security guru and also happens to reside in my hometown of Denver. The other speaker is Mike Wronski, VP of Product Management for Reflex Systems. One of the topics is VMsafe which was been announced quite a while ago but very little actual information on it has been released. Here’s what will be discussed in the webinar:

  • Leverage VMware’s VMsafe technology in vSphere 4 to achieve greater security in your virtual environment.
  • Use segmentation through Trust Zones and classification to safeguard your virtual data center and manage virtual assets more efficiently.
  • Add a level of security policy enforcement in your virtual environment by using vTrust dynamic policy enforcement technology.
  • Go “beyond the virtual firewall” to apply best practices for specifying policies in a virtual infrastructure.

I’m guessing that Relfex will be showing off and talking about an upcoming product release that leverages the VMsafe API’s that are part of the upcoming vSphere release. Since very little information about VMsafe has been released I’ll be interested to see how the product utilizes VMsafe to better integrate into ESX. The webinar is Wednesday, May. 27th at 2:00pm EST, you can register for it here.

Share This:

May 11 2009

Security Links

General

An Overview of VMware’s Security Programs and Practices (VMware Tech Paper)
Security Recommendations for Hypervisor Deployment (NIST)
vSphere 4.1 Hardening Guide (VMware)
vSphere 4.0 Security Hardening Guide (VMware)
Network Segmentation in Virtualized Environments (VMware)
DMZ Virtualization Using VMware vSphere 4 and the Cisco Nexus 1000V Virtual Switch (VMware)
Anti-Virus Practices for VMware View (VMware)
VMware Fast Path Versus Slow Path Firewalls (chrisbrenton.org)
How to steal a virtual machine and its data in 3 easy steps (SearchVMware)
Five VMware security breaches that should never happen (SearchVMware)
Five ways to maximize VMware hypervisor security (SearchVMware)
VAR concerns and considerations for handling vSphere security: FAQ (SearchSystemsChannel)
VMware releases long-awaited VMsafe security API (SearchSecurity.com)
DMZ Virtualization Using VMware vSphere 4 and the Cisco Nexus 1000V Virtual Switch (VMware)
Safely implementing VMsafe-aware virtual appliances in your data center (SearchVMware)

Compliance

Payment Card Industry Data Security Standard (PCI DSS) Compliance and VMware (VMware)
Achieving Compliance in a Virtualized Environment (VMware)
Virtualization: Security and Compliance Considerations (Webinar) (ConfigureSoft)
How Can You Prove Your Virtualized Environment is PCI Compliant? (Webinar) (ConfigureSoft)
Best Practices for Achieving PCI Compliance in a Virtual Environment (Webinar) (ConfigureSoft)
How Virtualization Affects PCI DSS Part 1: Mapping PCI Requirements and Virtualization (McAfee)
How Virtualization Affects PCI DSS Part 2: A Review of the Top 5 Issues (McAfee)
Security Compliance in a Virtual World (RSA)
IT Audit for the Virtual Environment (SANS)
Meeting the Challenges of Virtualization Security (Trend Micro)

vShield

VShield: Breaking down the VMware security suite (SearchVMware)
Zeroing in on vShield Endpoint and Edge features (SearchVMware)
VShield Manager: Installing VMware’s virtual security appliance (SearchVMware)
Installing VMware vShield Zones for a virtual firewall (SearchVMware)
Top 10 VMware security tips for vShield users (SearchVMware)
vShield products packaging explained (with a focus on vCloud Director) (IT 2.0)
How To Wield the New vShield (Edge, App & Endpoint) (Rational Survivability)
VMware’s (New) vShield: The (Almost) Bottom Line (Rational Survivability)
VMware vShield Endpoint and Trend Micro Deep Security 7.5 understanding Part 1 (GeekSilver)
VMware vShield Endpoint and Trend Micro Deep Security 7.5 understanding Part 2 (GeekSilver)
VMware vShield Endpoint and Trend Micro Deep Security 7.5 understanding Part 3 (GeekSilver)
VMware vSphere vShield 1.0 design flaw with vCenter as VM? (GeekSilver)
VMware vShield Zones – Reviewers Guide (VMware)
vShield Zones 4.1 FAQ (VMware)
Meet the Engineer: VMware vShield Product Family (YouTube video) (VMware)
vShield Zones: What it is and how it works (Pt. 1) (vShield 1.0) (SearchVMware)
Installing and Configuring vShield Zones (Pt. 2) (vShield 1.0) (SearchVMware)
Quick tips for managing vShield Zones (Pt. 3) (vShield 1.0) (SearchVMware)
Introduction to vShield Zones (vShield 1.0) (VMware)
vShield Zones featured on VMTN Community Roundtable Podcast (Talkshoe)
VMware vShield Zones (Musings of Rodos)
Why use vShield Zones? (Virtualization Pro)

Share This:

Older posts «