Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Virtualization

Published byMerry Simon Modified over 6 years ago

Similar presentations

Presentation on theme: "Security Virtualization"— Presentation transcript:

1 Security Virtualization
Timothy Brown Director, S&V Practice Network Utility Force

2 Intro

3 What is this presentation about?
Survey of security elements and techniques Virtualization advantages and disadvantages How virtualization alters security architecture Three main concepts: Infrastructure as code Security moving with the target Reduce burden of security

4 Security Basics Protecting information systems
Balance between risk, protection from risk and ease of use Protecting systems has a real cost, heavy armor costs more and armor is oriented towards the attacker

5 How are elements protected?
IDS/IPS – Host and network Firewalls Segmentation (Limiting the pivot) Systems Monitoring Network Telemetry and Monitoring Host Integrity Intelligence (All Source) PEOPLE

6 A reference diagram

7 Virtualization Basics
Hypervisor: A hypervisor or virtual machine monitor (VMM) is a piece of computer software, firmware or hardware that creates and runs virtual machines. Core: A microprocessor (with multiple threads, cache, …) Virtual Machine: In computing, a virtual machine (VM) is an emulation of a particular computer system. vSwitch (Virtual Switch): A piece of code that emulates or runs a switch.

8 Market evolving in three ways
Appliances being made available virtually Elements more powerful Automation

9 A reference diagram

10 VM changes Add a new VLAN or Virtual Virtual Switch
Can have many VLANs attached to one virtual switch …or many virtual switches… …controlled by different parties…

11 A reference diagram

12 How does a virtual switch work?
Virtual switch similar in functionality to a traditional switch Accelerated by special drivers MAC learning or manual MAC programming (Hypervisor knows MACs, can do creative processing) Greater flexibility in where a MAC lives and where traffic goes

13 What does it mean? Can insert { any security element } { anywhere in the virtualized network } Can connect { any security element } to { any physical or virtualized host }

14 Security relationships can be built anywhere
Virtualization allows flexibility: Resources, FWs, or everything can be moved around (including between DCs)

15 Resources can be moved between DCs

16 Resources can be moved between DCs
Firewall moving with elements

17 Interesting ideas Virtual network firewalls
Virtual application firewalls Virtual load balancers / application delivery controllers Virtual taps Virtual IDS/IPS

18 How does virtualization add to security?
Segmentation and microsegmentation Including with physical hardware through the use of VXLAN Separation of management concerns Functional separation Snapshots and imaging SDN

19 Motivations for security virtualization
Reduce scope of changes and testing Increase performance for lower aggregated cost Minimize reliability concerns and impact Flexibility in architecture Move things around Reduced audit scope Hide security infrastructure from attackers More security closer to the host at higher performance

20 (Mis)conceptions Virtualization reduces performance More to manage
Impact is quite mild on the right hardware More to manage Yes, but vendors are getting smart and infrastructure is now code Cost will be high Vendors are getting smart: Cost is coming down (volume) and hardware is a losing game (commoditization) Harder to learn This is true, but only if you have a weaker understanding of the basics MACs, bridges, traffic flows, TCP…

21 What is now available in virtual form?
Firewalls Application Firewalls Database Firewalls Monitoring Appliances Sandboxing, DPI, Netflow Load Balancing Intrusion Detection

22 Coming back Easier to hide my infrastructure
Segments and snapshots; easier IDS Roll back machine quickly, better change management Firewall and IDS in front of every host, good luck with the pivot

23 Questions?

24 Thanks

Download ppt "Security Virtualization"

Similar presentations

Virtualization of Fixed Network Functions on the Oracle Fabric Krishna Srinivasan Director, Product Management Oracle Networking Savi Venkatachalapathy.

Virtualization of Fixed Network Functions on the Oracle Fabric Krishna Srinivasan Director, Product Management Oracle Networking Savi Venkatachalapathy.
5-Network Defenses Dr. John P. Abraham Professor UTPA.

5-Network Defenses Dr. John P. Abraham Professor UTPA.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
An Approach to Secure Cloud Computing Architectures By Y. Serge Joseph FAU security Group February 24th, 2011.

An Approach to Secure Cloud Computing Architectures By Y. Serge Joseph FAU security Group February 24th, 2011.
Virtual Machine Security Design of Secure Operating Systems Summer 2012 Presented By: Musaad Alzahrani.

Virtual Machine Security Design of Secure Operating Systems Summer 2012 Presented By: Musaad Alzahrani.
Keith Wiles Keith.Wiles@Intel.com DPACC vNF Overview and Proposed methods Keith Wiles Keith.Wiles@Intel.com 2015.04.03 – v0.5.

Keith Wiles DPACC vNF Overview and Proposed methods Keith Wiles – v0.5.
Jennifer Rexford Princeton University MW 11:00am-12:20pm Data-Center Traffic Management COS 597E: Software Defined Networking.

Jennifer Rexford Princeton University MW 11:00am-12:20pm Data-Center Traffic Management COS 597E: Software Defined Networking.
Virtual Machine Security Summer 2013 Presented by: Rostislav Pogrebinsky.

Virtual Machine Security Summer 2013 Presented by: Rostislav Pogrebinsky.
5205 – IT Service Delivery and Support

5205 – IT Service Delivery and Support
1Cisco Security NOW © 2003, Cisco Systems, Inc. All rights reserved. THIS IS THE POWER OF CISCO SECURITY. now.

1Cisco Security NOW © 2003, Cisco Systems, Inc. All rights reserved. THIS IS THE POWER OF CISCO SECURITY. now.
Data Center Network Redesign using SDN

Data Center Network Redesign using SDN
VAP What is a Virtual Application ? A virtual application is an application that has been optimized to run on virtual infrastructure. The application software.

VAP What is a Virtual Application ? A virtual application is an application that has been optimized to run on virtual infrastructure. The application software.
Real Security for Server Virtualization Rajiv Motwani 2 nd October 2010.

Real Security for Server Virtualization Rajiv Motwani 2 nd October 2010.
Enabling Innovation Inside the Network Jennifer Rexford Princeton University

Enabling Innovation Inside the Network Jennifer Rexford Princeton University
Extreme Networks Confidential and Proprietary. © 2010 Extreme Networks Inc. All rights reserved.

Extreme Networks Confidential and Proprietary. © 2010 Extreme Networks Inc. All rights reserved.
DPI in an SDN world Charles Glass.

DPI in an SDN world Charles Glass.
S T A N F O R D U N I V E R S I T Y I N F O R M A T I O N T E C H N O L O G Y S E R V I C E S C o m m u n i c a t i o n S e r v i c e s July 12, 2 0 1.

S T A N F O R D U N I V E R S I T Y I N F O R M A T I O N T E C H N O L O G Y S E R V I C E S C o m m u n i c a t i o n S e r v i c e s July 12,
Microkernels, virtualization, exokernels Tutorial 1 – CSC469.

Microkernels, virtualization, exokernels Tutorial 1 – CSC469.
Virtualization. Virtualization  In computing, virtualization is a broad term that refers to the abstraction of computer resources  It is a technique.

Virtualization. Virtualization  In computing, virtualization is a broad term that refers to the abstraction of computer resources  It is "a technique.
Honeypot and Intrusion Detection System

Honeypot and Intrusion Detection System

Similar presentations

Ads by Google