Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security in Virtualized Environments

Published byBastian Arnold Modified over 6 years ago

Similar presentations

Presentation on theme: "Security in Virtualized Environments"— Presentation transcript:

1 Security in Virtualized Environments
Kenneth Smith CISSP CISA CCSK @ken5m1th 9/18/2018 © Copyright 2013 GreenPages Technology Solutions

2 Agenda What do we trust? What’s different in a virtualized infrastructure Hypervisor security controls Guest security controls Silver lining Great tools and references Recommendations 9/18/2018

3 Winner of the worst Infosec stock image EVER!
Source: Intacore.com bad Intacore…bad 9/18/2018

4 What do we trust in traditional infrastructure?
Hardware Firewall appliances? Network routers and switches? Servers? Why? Physical placement concept Dedicated purpose Very clear roles & separation of duties Good foundation 9/18/2018

5 What’s different in a virtualized infrastructure?
Consolidation More stuff running in one place Many moves/adds/changes General purpose x86 hardware Servers are files All kinds of products can run as VM’s Lost a few things Some of the trustworthy foundation Roles blurred 9/18/2018

6 Hypervisors 9/18/2018

7 What do we still trust? The physical network
Hardware that Hypervisor runs on Operating system configuration? Applications? 9/18/2018

8 Must first trust the foundation
Physical hosts Hypervisor running on physical hosts Hypervisor management system Third party tools SAN / NAS Ancillary applications and systems 9/18/2018

9 Hypervisor Security Controls
Hypervisor Management Virtual network Trusted boot Physical 9/18/2018

10 Hypervisor Trusted boot
Attests to integrity of BIOS and hardware Can assign certain Hypervisors to specific hardware Relies on chipset hardware and CPU features 9/18/2018

11 Hypervisor Virtual Networking
Categorized as SDN Standard networking features Provided by hypervisor vendor or third parties Can include security features Firewall IPSec Encryption Network monitoring 9/18/2018

12 Hypervisor Management Controls
Guest access controls Storage access controls Change management Image and snapshot management Monitoring Automation Orchestration 9/18/2018

13 Hypervisor Third-party Solutions
Firewalls VMDK encryption Logging and SIEM IDS/IPS More granular access controls Key management Vulnerability management Multi-hypervisor management 9/18/2018

14 Guest Security Controls
Application Host-based tools Operating system Trusted boot 9/18/2018

15 Source: The Virtualization Practice, LLC.
Caption this slide…. 9/18/2018 Source: The Virtualization Practice, LLC.

16 Is there a silver lining?
Fewer places to look Fewer people to talk to (maybe) More automation / orchestration Further abstraction via private cloud Background image source: law.upenn.edu 9/18/2018

17 Vendors addressing virtualization security
VMware Architecture Design Guide for PCI Maps out a design strategy Educates on security/compliance controls of VMware Reviewed by a QSA 9/18/2018

18 Vendors addressing virtualization security (cont’d)
VMware Solution Guide for PCI Further educates on security/compliance controls of Vmware Maps each requirement to a feature of Vmware security controls Reviewed by a QSA 9/18/2018

19 Vendors addressing virtualization security (cont’d)
VMware vSphere 5.1 Hardening Guide Step-by-step check list of recommended secure configuration settings Managed by Mike VMWare 9/18/2018

20 Vendors addressing virtualization security (cont’d)
VBlock Solution for Trusted Multi-tenancy Released by VCE Educates on security/compliance controls Maps security requirements to control capabilities 9/18/2018

21 Vendor Security/Compliance Solutions
9/18/2018

22 Industry addressing virtualization security
Guide to Security for Full Virtualization Technologies - NIST Great vendor-neutral primer Start with this document! 9/18/2018

23 Recommendations Educate your organization
Get to know virtualization security controls Trust but verify Verify then trust Get ready even more confusion: cloud 9/18/2018

Download ppt "Security in Virtualized Environments"

Similar presentations

Wei Lu 1, Kate Keahey 2, Tim Freeman 2, Frank Siebenlist 2 1 Indiana University, 2 Argonne National Lab

Wei Lu 1, Kate Keahey 2, Tim Freeman 2, Frank Siebenlist 2 1 Indiana University, 2 Argonne National Lab
Ed Duguid with subject: MACE Cloud

Ed Duguid with subject: MACE Cloud
High Availability Deep Dive What’s New in vSphere 5 David Lane, Virtualization Engineer High Point Solutions.

High Availability Deep Dive What’s New in vSphere 5 David Lane, Virtualization Engineer High Point Solutions.
Virtualisation From the Bottom Up From storage to application.

Virtualisation From the Bottom Up From storage to application.
Architecting and Building a Secure and Compliant Virtual Infrastructure and Private Cloud Rob Randell, CISSP, CCSK Principal Systems Engineer – Security.

Architecting and Building a Secure and Compliant Virtual Infrastructure and Private Cloud Rob Randell, CISSP, CCSK Principal Systems Engineer – Security.
CTS PRIVATE CLOUD Quarterly Customer Meeting October 23, 2013 Kay Metsker.

CTS PRIVATE CLOUD Quarterly Customer Meeting October 23, 2013 Kay Metsker.
System Center 2012 R2 Overview

System Center 2012 R2 Overview
Microsoft Virtualization Last Update 2011.01.01 1.0.0 1Copyright 2011 Kenneth M. Chipps Ph.D. www.chipps.com.

Microsoft Virtualization Last Update Copyright 2011 Kenneth M. Chipps Ph.D.
An Approach to Secure Cloud Computing Architectures By Y. Serge Joseph FAU security Group February 24th, 2011.

An Approach to Secure Cloud Computing Architectures By Y. Serge Joseph FAU security Group February 24th, 2011.
VMware Virtualization Last Update 2014.02.06 2.0.0 1Copyright 2011-2014 Kenneth M. Chipps Ph.D. www.chipps.com.

VMware Virtualization Last Update Copyright Kenneth M. Chipps Ph.D.
Diagram & Icon Library – Community 1 of 2 September 2010 This document was created using the official VMware icon and diagram library. Copyright © 2010.

Diagram & Icon Library – Community 1 of 2 September 2010 This document was created using the official VMware icon and diagram library. Copyright © 2010.
BETA!BETA! Building a secure private cloud on Microsoft technologies Private cloud security concerns Security & compliance in a Microsoft private cloud.

BETA!BETA! Building a secure private cloud on Microsoft technologies Private cloud security concerns Security & compliance in a Microsoft private cloud.
M.A.Doman 2011. Model for enabling the delivery of computing as a SERVICE.

M.A.Doman Model for enabling the delivery of computing as a SERVICE.
Virtualization for Cloud Computing

Virtualization for Cloud Computing
© 2005 DataCore Software Corp SANsymphony™ Application Support Services Fast iSCSI Boot Capability Disaster Recovery, Flexibility and Cost Savings DataCore,

© 2005 DataCore Software Corp SANsymphony™ Application Support Services Fast iSCSI Boot Capability Disaster Recovery, Flexibility and Cost Savings DataCore,
Virtualization Infrastructure Administration Cluster Jakub Yaghob.

Virtualization Infrastructure Administration Cluster Jakub Yaghob.
© 2010 VMware Inc. All rights reserved VMware ESX and ESXi Module 3.

© 2010 VMware Inc. All rights reserved VMware ESX and ESXi Module 3.
5205 – IT Service Delivery and Support

5205 – IT Service Delivery and Support
© 2010 VMware Inc. All rights reserved Data Protection Module 10.

© 2010 VMware Inc. All rights reserved Data Protection Module 10.
Microsoft Virtual Academy. Microsoft Virtual Academy Part 1 | Windows Server 2012 Hyper-V &. VMware vSphere 5.1 Part 2 | System Center 2012 SP1 & VMware’s.

Microsoft Virtual Academy. Microsoft Virtual Academy Part 1 | Windows Server 2012 Hyper-V &. VMware vSphere 5.1 Part 2 | System Center 2012 SP1 & VMware’s.

Similar presentations

Ads by Google