INUITS The real voyage of discovery consists in having new eyes. Marcel Proust.

Slides:



Advertisements
Similar presentations
Cloud computing is used to describe a variety of computing concepts that involve a large number of computers connected through a real-time communication.
Advertisements

2  Industry trends and challenges  Windows Server 2012: Beyond virtualization  Complete virtualization platform  Improved scalability and performance.
Virtualization and Cloud Computing. Definition Virtualization is the ability to run multiple operating systems on a single physical system and share the.
1 Vladimir Knežević Microsoft Software d.o.o.. 80% Održavanje 80% Održavanje 20% New Cost Reduction Keep Business Up & Running End User Productivity End.
Security Issues and Challenges in Cloud Computing
Transform your desktop with virtualization. 22 Agenda Evolution of VDI VDI Solution VDI Use Cases Questions & Answers.
M.A.Doman Model for enabling the delivery of computing as a SERVICE.
Virtualization for Cloud Computing
5205 – IT Service Delivery and Support
VAP What is a Virtual Application ? A virtual application is an application that has been optimized to run on virtual infrastructure. The application software.
Real Security for Server Virtualization Rajiv Motwani 2 nd October 2010.
© 2010 IBM Corporation Cloudy with a chance of security Information security in virtual environments Johan Celis Security Solutions Architect EMEA IBM.
Opensource for Cloud Deployments – Risk – Reward – Reality
Virtualization Virtualization is the creation of substitutes for real resources – abstraction of real resources Users/Applications are typically unaware.
Cloud Computing Saneel Bidaye uni-slb2181. What is Cloud Computing? Cloud Computing refers to both the applications delivered as services over the Internet.
INTRODUCTION TO CLOUD COMPUTING CS 595 LECTURE 7 2/23/2015.
Windows Azure Conference 2014 Running Docker on Windows Azure.
SAIGONTECH COPPERATIVE EDUCATION NETWORKING Spring 2010 Seminar #1 VIRTUALIZATION EVERYWHERE.
SAIGONTECH COPPERATIVE EDUCATION NETWORKING Spring 2009 Seminar #1 VIRTUALIZATION EVERYWHERE.
Introduction to VMware Virtualization
A Cloud is a type of parallel and distributed system consisting of a collection of inter- connected and virtualized computers that are dynamically provisioned.
Microsoft’s Vision for IT as a Service The Server to Virtualized Datacenter to Private & Public Cloud Continuum David Greschler, Director, Microsoft Kondwani.
+ CS 325: CS Hardware and Software Organization and Architecture Cloud Architectures.
M.A.Doman Short video intro Model for enabling the delivery of computing as a SERVICE.
Presented by: Sanketh Beerabbi University of Central Florida COP Cloud Computing.
608D CloudStack 3.0 Omer Palo Readiness Specialist, WW Tech Support Readiness May 8, 2012.
COMS E Cloud Computing and Data Center Networking Sambit Sahu
Server Virtualization
Microsoft Management Seminar Series SMS 2003 Change Management.
Security Vulnerabilities in A Virtual Environment
Virtualization One computer can do the job of multiple computers, by sharing the resources of a single computer across multiple environments. Turning hardware.
Windows Azure Overview for IT Pros Anton Boyko. Intro to Cloud Computing Intro to Windows Azure Cloud Services Web Sites Virtual Machines Workload Options.
OpenQRM is not Dead by Kris Buytaert. 2 Kris Buytaert ● Senior Linux and Open Source Inuits.be ● „Infrastructure Architect“ ● Linux since.
MySQL HA An overview Kris Buytaert. ● Senior Linux and Open Source ● „Infrastructure Architect“ ● I don't remember when I started.
Building (Virtual) Appliances
Open Source Virtualization Andrey Meganov RHCA, RHCX Consultant / VDEL
OpenQRM is not Dead the lightning version Building a cloud in 5 mnutes by Kris Buytaert.
Open Source Virtualisation and Consolidation. Whoami ● Senior Linux and Open Source Consultant/ X-Tend ● „Infrastructure Architect“ ● Linux since.
Devops Kris Buytaert. ● I used to be a Dev, ● Then Became an Op ● Senior Linux and Open Source ● „Infrastructure Architect“ ● Building.
Open Source Virtualisation and Consolidation. Whoami ● Linux and Open Source Consultant ● „Infrastructure Architect“ ● Linux since 0.98 ● IANAKH ● Senior.
XEN – The Art of Virtualisation. So what is Virtualisation? ● Makes use of spare capacity ● Run multiple instances of OSes simultaneously ● Multitasking.
Automating Xen Virtual Machine Deployment Kris Buytaert
Clouding with Microsoft Azure
Check Point vSEC STORY [Protected] Non-confidential content.
Prof. Jong-Moon Chung’s Lecture Notes at Yonsei University
REMOTE MANAGEMENT OF SYSTEM
Chapter 6: Securing the Cloud
STEPS TO A CLOUD READY DATA CENTER
Introduction to VMware Virtualization
Virtualization Virtualization is the creation of substitutes for real resources – abstraction of real resources Users/Applications are typically unaware.
Windows Server 2016 Secure IaaS Microsoft Build /1/2018 4:00 AM
Prepared by: Assistant prof. Aslamzai
Container-based Operating System Virtualization: A scalable, High-performance Alternative to Hypervisors Stephen Soltesz, Herbert Potzl, Marc E. Fiuczynski,
Build a low-touch, highly scalable cloud with IBM SmartCloud Provisioning Academic Initiative © 2011 IBM Corporation.
What is Cloud Computing - How cloud computing help your Business?
Virtualization overview
Virtual Servers.
Red Hat User Group June 2014 Marco Berube, Cloud Solutions Architect
Group 8 Virtualization of the Cloud
Network Services, Cloud Computing, and Virtualization
CLOUD COMPUTING Presented By:- EduTechlearners
Cloud Testing Shilpi Chugh.
VMware NSX and Micro-Segmentation
Virtualization Layer Virtual Hardware Virtual Networking
Microsoft Virtual Academy
Managing Services with VMM and App Controller
1 Copyright © 2012, Elsevier Inc. All rights reserved Distributed and Cloud Computing K. Hwang, G. Fox and J. Dongarra Chapter 3: Virtual Machines.
Virtualization Dr. S. R. Ahmed.
Presentation transcript:

INUITS The real voyage of discovery consists in having new eyes. Marcel Proust

Kris Buytaert ● Senior Linux and Open Source ● „Infrastructure Architect“ ● Surviving the 10 th floor test ● OSSTMM ● Co-Author Virtualization with Xen ● Guest Editor at Virtualization.com

Today ● What is Virtualization ● What is VirtSec ● Fud and Reality ● VirtSec and Open Source ● CloudSec

What is Virtualization ? ● Running different operating systems together on one machine ● Isolate Operating system from the underlying hardware resources ● Running multiple identical operating systems together on one machine

Why Virtualization Matters ● Consolidation ● Saving Idle CPU Cycles ● Separating Development/Staging/Production ● Hardware independency ● Security ● Greener Environment ● All the cool kids are doing it

Why Virtualization is dangerous ● A vendor view of High availability ● Live Migration is not a HA Solution ● Vendor Lock In ● Heavy IO ● Hardware dependencies & Live Migration ● Security ?

Virtualization and Open Source ● Leading the Pack ● Paravirtualization ● VT Support ● The core Virtual Infrastructure is open ● Proprietary vendors try to catch up ● And Build the Management FrameWorks

Virtualization to Me XenKVMVirtualBox Linux Vserver OpenVZ Linux Containers LibVirtConvirtQemuOpenQRMEnomalyUML

What is VirtSec ? ● Securing Virtual Platforms, Hypervisors, Host OS ● Securing the Guest OS in a Virtual Environment ● Running Security tools in a Virtual Environment

Isn't VirtSec just a way for the security people to jump on the Virtualization Hype ?

What changes with Virtualization ? ● The Network stack System vs Network vs Virtualization System vs Network vs Virtualization The network goes inside the machine The network goes inside the machine ● Live Migration Across different VLAN's Across different VLAN's Vlan Spaghetti Vlan Spaghetti ● Scale 1 physical machine = MANY VM's 1 physical machine = MANY VM's

Legacy Apps ● Claim: Legacy Apps can't be secured properly That old badge logging app running on Win95 That old badge logging app running on Win95 That old batch job running on SCO That old batch job running on SCO ● Doesn't matter if they are virtual or not

The Virtual Network ● Claim: NIDS can't see Inter VM traffic ● What about Inter App traffic on the same host, only now we've isolated app from eachother ● Bridging / Routing InterVM traffic rather than using proprietary sockets

Flux and Scale ● Claim: Traditional HIDS can't follow the quick changing state of Hosts ● My HA Clusters, are Active Passive, Active Active, or N+M too. Their state is in constant flux too ● The role Config Management and Platform Automation grows every second.

Static Security was DEAD before Virtualization ● High Availability Clusters ● But the problem is still growing ● VM Relocation ● Live VM Migration ● Rapid ReDeployment ● Multiple Instances of a service

Thank you App Developer ● Virtual Apliances are Awesome ● A flying start ● They save you time ● They give you a nice preview of technology

Virtual Appliance & Security ● Who build it ? ● Is the app secured ● What about authentication integration ? ● How to update it ? ● They KILL your time

Image Sprawl, your update nightmare ● Image sprawl Copy VM, Deploy VM, Modify VM, Copy VM Copy VM, Deploy VM, Modify VM, Copy VM ● How do you patch 1 VM ? ● Did you patch before or after that one was copied ? ● How do you patch 100 VM's ? ● What about machines that are offline ?

Image Sprawl, your update nightmare The biggest challenges we have in virtualization are operational and organizational rather than technical. Christofer Hoff Christofer Hoff

Image Sprawl, your update nightmare ● Automate Deployment ● Implement Configuration Management ● Map Security management to Config Mgmt ● Prepare to Survive the 10 th floor test !

Hypervisor Security

Deus Ex Machina ● Remember the E10K fiasco ? No you won't be able to get from one VM to another VM ? No you won't be able to get from one VM to another VM ? You bet they will ! You bet they will ! ● Buffer overflow in Management soft ?

Ballooning ● Critical feature from a proprietary vendor ● Not available in off the shelf Xen/OracleVM Go away or I will replace you with a small shellscript

Blue Pill vs Red Pill ● Blue Pill by Invisible Labs ● Placing a Hypervisor under an OS ● Hoping no one realizes it ● Existing Source for POC ● Ignorance vs Truth

Blue Pill, a real threat ? ● POC vs Real Life Become root first Become root first Then exploit the VM vulnerability ? Then exploit the VM vulnerability ?

Managing Virtual Machines ● Early Management Frameworks ● Any client can connect... ● An example..

What is openQRM ● open-source project at sourceforge.net (GPL) ● data-center management platform ● Not just your virtual platforms ● provides generic virtualization layer ● Deploy on demand ● Support for physical, Xen, VMWare, Vserver, KVM ● OpenQRM 4 is a full rewrite ● Cloud Deployment

OpenQRM & Security ● Authentication based on IP ● No Encryption ● No handshake ● Anyone who can spoof the openQRM server IP can reboot / redeploy your infrastructure ● Being fixed

Open Source ● Not Marketing Driven ● Written because there is a need ● To scratch an itch ● Peer review ● Typically more secure than Proprietary ● Leading Innovation in Virtualization

Open Source & VirtSec ● No known projects ● No Need for specialized projects / tools ● The VirtSec Vendors claim First proprietary -> Then Open Source First proprietary -> Then Open Source Open Source doesn't innovate Open Source doesn't innovate ● The Open Source Experts claim Better Architectures Better Architectures No need for bloated hyped tools No need for bloated hyped tools

Is VirtSec a market? It's an instantiation of technology, practice and operational adjustment brought forth as a derivative of a disruptive technology and prevailing market conditions. Does that mean it's a feature as opposed to a market? No. In my opinion, it's an evolution of an existing market, rife with existing solutions and punctuated by emerging ones. The next stop is how "security" will evolve from VirtSec to CloudSec... Christofer Hoff

Isn't CloudSec just a way for the security people to jump on the Cloud Hype ?

The Cloud ? Cloud computing refers to the use of Internet ("cloud") based computer technology for a variety of services. It is a style of computing in which dynamically scalable and often virtualised resources are provided as a service over the Internet. The concept incorporates software as a service (SaaS), Web 2.0 and other recent, well-known technology trends, in which the common theme is reliance on the Internet for satisfying the computing needs of the users.

SAAS ) Cloud

SaaSSec ● One Vendor ● Full control over His application His application His application stack His application stack ● Supposed to manage his platform in Secure Fashion ● But do you TRUST him ?

CloudSec ● Deploying in an untrusted domain This is not your average DMZ This is not your average DMZ You don't even own the Vhost You don't even own the Vhost ● Cloud Datacenters Attrackt Attackers Identical Hypervisors => Only 1 exploit needed Identical Hypervisors => Only 1 exploit needed Cloud Hijacking Cloud Hijacking ● Pre and Post Deployment What was there and what stays behind ?

CloudSec ● Increase security as never before ● Encrypt all inter Vhost traffic ● FireWall as Never before ● Don't store critical data in the cloud Use it for analytics Use it for analytics Workload offload Workload offload Volatile data Volatile data ● Build your own Private Cloud

Conclusion ● Risks Change ● Scale Changes ● Automation matters ● Complexity is the Enemy of Reliability ● Watch out for FUD Specially in the closed world Specially in the closed world

Security still isn't a product you can buy It's not even a process It's a lifestyle

Kris Buytaert Further Reading ?!