Chapter 1: What Is a Security Threat?

Excerpt from 'VMware vSphere and Virtual Infrastructure Security: Securing the Virtual Environment'

Cover image 

Excerpt from VMware vSphere and Virtual Infrastructure Security: Securing the Virtual Environment.

By Edward L. Haletky

Published by Prentice Hall

ISBN-10: 0-13-715800-9

ISBN-13: 978-0-13-715800-3

Newsletters: Sign-Up & Save! Receive Special Offers, Free Chapters, Articles Reference Guide Updates, and plug into the pulse of what's happening in your corner of the industry by subscribing to InformIT newsletters! FREE coupon after sign-up!

Try Safari Books Online NOW! Access the largest fully searchable e-reference library for programmers and IT professionals!

Before we can begin our discourse on virtualization security, we need to first understand a few common terms and ideas. Specifically, we need to know how the virtual infrastructure fits into the entire picture of the data center, the virtual ecosystem, or as we will use within this book, virtual environment. We will define the boundaries of the virtual environment and how it changes the data center from a 10,000 foot view. In addition to this basic definition, we need to specifically define threat, vulnerability, and failure in terms of virtualization security. These key terms will be used throughout this book, and many definitions exist for each one. We will create specific definitions and follow up with some common examples that professional penetration testers use. It is also important to understand how the virtual environment can possibly be attacked, as well as the source for the threats. There are many Web sites and books mentioned within Appendix D for further reading on penetration testing.

The following chapters will present the threats in such a way that you can manage the risk within your virtual environments. Wherever possible, the risks will be followed by possible ways to mitigate them. Unfortunately this book cannot address all possible risks, so we are covering only those areas previously mentioned in the preface with as much information as possible so that the reader can extrapolate future threats as well as determine places to monitor on the Web to uncover new vulnerabilities and learn how to protect against them.

Because this and the following chapters will be presenting security issues, it may seem at times that I and my contributing authors are just a little bit paranoid. Okay, perhaps quite a bit paranoid; however, a healthy dose of paranoia will aid you in risk analysis and consideration of all the possibly outcomes of breaches to your virtual environment. If you dislike the term paranoid, I would substitute security conscious, because that is the main thrust of this and other chapters: to raise your awareness of all the myriad threats. The following chapters provide concrete suggestions that those looking for security solutions can implement and contribute to their virtualization success.

Although this chapter deals with the entire virtual environment per Figure P.1 from the preface, starting with Chapter 3, “Understanding VMware Virtual Infrastructure Security,” each chapter addresses a subset of the entire environment.

The 10,000 Foot View without Virtualization

We can describe the security model for existing systems by using the following list of elements or aspects of security. Each element is generally performed by different groups of people, each using different methods, protocols, and documentation to enact or assure their separate aspects of security. Corporations may have one document to handle security, but different organizations end up implementing different bits of it with exceptions specific to their group, organization, and business unit. This all starts with a written security policy that covers every aspect of security from physical to virtualization security. The security policy not only defines security roles but also how to respond to specific physical and virtual threats. Sometimes these documents have teeth (as in someone’s job is on the line) and other times they do not. But, in general, they all cover or should cover the following physical threats:

  • Information classification, definitions, and document-marking strategies

  • Disposal of confidential and other documents

  • Physical threats to the building or campus, such as bomb and biochemical threats

  • Response to fires and medical emergencies

  • Monitoring of entrance ways, parking garages, and so on

  • Monitoring of entrance to and from secured areas

  • Response to cyber attacks and generally a statement on the protections to use

In addition to the preceding list, the security policy covers many more security threats and concerns, as well as the preventative steps to protect the entity (organizations, businesses, and enterprises) from any known issues. Although the security policy is important, implementation is imperative. Key is the implementation of the security policy and the documentation of these steps. When we look at just the data center, the following steps are usually taken:

  1. Secure the Data Center.

    Securing the datacenter entails the use of physical controls and monitoring tools to monitor access (card keys, video camera), power provisioning and control, cooling, and change control protocols.

  2. Secure the Network.

    Securing the network implies a secure network architecture that includes at least the use of firewalls, routers, gateways, intrusion detection and prevention systems, and perhaps compliance auditing and monitoring systems.

  3. Secure the Servers.

    Securing a server entails securing the server operating system with improved authentication, logging, and hardening. This step also includes most vulnerability prevention tools, such as antivirus, spyware/malware detectors, spam filters, some firewalls, and worm protection mechanisms. This step could include the placement of the server within the data center, perhaps behind further physical aspects of security such as doors, keyboard monitoring, card key access, removal of unused software, and the like.

  4. Secure the Application.

    Securing the application entails application integration into authentication tools, application hardening, compartmentalizing, and other secure coding tools as well as regular patching and updates to the application.

  5. Secure the User.

    Securing the user entails knowing more about the user for authentication, tracking, and monitoring. This is not only a password (what the user knows), but perhaps a retinal or fingerprint scan (what the user is), and other tools such as common access cards (CAC) and RSA Keys (what the user has). User training to spot social engineering and other security concepts is also important.

If we are lucky, security of data centers, networks, servers, applications, and users are part of a single organization and everything is integrated fully and not disjointed. However, this model changes when virtualization is introduced. Virtualization adds complexity, changes points of control, and introduces new security problems and threats.

The 10,000 Foot View with Virtualization

The security model for virtualization systems can be described using the following list of definitions; these differ from the steps in the previous section in that generally only the virtualization administrator is involved after the physical aspects of security are covered. The virtualization administrator is most likely not a security administrator and should work with the security administrators to properly secure the system. Each of the following steps adds to the previously described steps within “The 10,000 Foot View without Virtualization” section.

  1. Secure the Data Center.

    Securing the data center additionally entails ensuring that the physical console has some means to monitor the virtualization server for system crashes via either a dedicated monitor or some form of remote means. This is the only means by which to access crash data. Note that when a virtualization host crashes, all the virtual machines running within the virtualization host crash.

  2. Secure the Virtualization Server.

    Securing the virtualization server entails server hardening, setting up monitoring and auditing, and proper authentication protections. In effect, the virtualization server should be considered a data center within a data center. Protect the virtualization server as well as you would your data center.

  3. Secure the Virtual Network.

    Securing the virtual network entails creating a secure virtual network architecture that works hand in hand with the physical network security. Included in this is the possibility of intrusion detection and prevention systems, virtual machine vulnerability management tools, or even virtual network compliancy auditing tools. The virtual network includes all networking for virtual machines (including the use of virtual firewalls and other protections mechanisms), virtualization server administration, virtual machine migration, and access to storage devices.

  4. Secure the Physical Network.

    Securing the physical network entails a secure architecture per normal means described previously. The interfaces to the virtual network should be further secured, including storage interfaces by using firewalls and network segregation.

  5. Secure the Virtual Machine.

    Securing the virtual machine is important to ensure that the virtualization layer is not exposed to attack. This is in addition to the normal steps taken under “Secure the Servers” in the previous list within the section “The 10,000 Foot View without Virtualization.”

  6. Secure the Application.

    Securing the application entails ensuring that the application does not expose the virtualization layer to performance and other issues. For example, running full disk antivirus scans simultaneously on all virtual machines would create a performance problem.

  7. Secure the User.

    Securing the user additionally entails restricting access to virtualization servers and direct console access to virtual machines while maintaining all authentication protocols.

The 10,000 foot view of virtualization introduces new elements and aspects of security, as stated previously. These are generally handled by the new role called the Virtualization Administrator and are separate from the total security picture. Most corporate security documents and protocols are just now starting to consider virtualization servers, as they deal with the increase in virtual machines. But looking at security only from a virtual machine perspective is a bit narrow.

A comprehensive security architecture is required that will include all the aspects of virtualization, as well as the traditional physical roles. Security architects, administrators, and managers now have to deal with the virtualization server. What is needed is education of the security architect, designer, and manager so that a comprehensive view of security exists whether virtualization is used or not. The old methods are not completely applicable, and new ones must be developed. Those new security concerns and protection methodologies are what this book delves into.

Applying Virtualization Security

The two 10,000 foot views look at the data center from two distinct views: the old school and the new school. Figure 1.1 shows the clear demarcation between the two schools. After your network passes into the realm of the virtual infrastructure represented by the thick polygon, you need to combine security approaches to secure the entire environment.

Figure 1.1 

Where the Virtual Infrastructure touches the physical world

The content of the outer, thick-lined demarcation in Figure 1.1 includes some aspects of the physical world, the cables that go between the systems, the separate servers used to manage the environment, and the remote storage used. The rest of the environment falls into the realm of securing the virtual infrastructure. The demarcation bisects the IDS/IPS Server, among others, and that is on purpose, because you need to understand that a physical IDS/IPS may not work within the environment unless it is placed appropriately on an interface into the virtual infrastructure. It is also interesting to note that you may have multiple IDS/IPS systems involved in that particular aspect of security. The other bisections relate to systems that can serve multiple duties and may act upon systems outside the virtual environment as well as within the virtual environment.

The big issue with implementing virtualization security is that there may appear to be duplication of effort from the physical world. So why not just apply what you normally do for the physical machines to the virtual machines? Unfortunately, this cannot be done yet—not until there are changes to the virtualization servers in use. Specifically, many of the BIOS security measures and much of the security hardware in use today cannot be applied to a virtual machine, whereas any hardening technique that can be applied to the OS within the physical machine can be applied to the guest OS within the virtual machine. Therefore, we have to apply security in two distinct and different environments. The VMsafe and vNetwork APIs (covered in Chapter 3) will do quite a bit to alleviate these problems when used with VMware vSphere4.0. In essence, what used to require a physical element may now require a software element.

The main point to take from this is that the virtual infrastructure is a data center within your physical data center. With the advent of even more powerful laptops, your virtual infrastructure may become mobile, which implies a limited but mobile data center. This was an almost unheard of concept in the past, yet now it is possible.

1 2 Page 1
Page 1 of 2
SD-WAN buyers guide: Key questions to ask vendors (and yourself)