1 WHAT IS A SECURITY THREAT? 1The 10,000 Foot View without Virtualization 2The 10,000 Foot View with Virtualization 4Applying Virtualization Security 5Definitions 10Threat 11Vulnerability 11Fault 11The Beginning of the Journey 122 HOLISTIC VIEW FROM THE BOTTOM UP 15Attack Goals 16Anatomy of an Attack 17Footprinting Stage 17Scanning Stage 17Enumeration Stage 19Penetration Stage 21Types of Attacks 23Buffer Overflows 23Heap Overflows 31Web-Based Attacks 33Layer 2 Attacks 41Layer 3 Nonrouter Attacks 46DNS Attacks 47Layer 3 Routing Attacks 49Man in the Middle Attack (MiTM) 51Conclusion 573 UNDERSTANDING VMWARE VSPHERE AND VIRTUAL INFRASTRUCTURE SECURITY 59Hypervisor Models 59Hypervisor Security 60Secure the Hardware 61Secure the Management Appliance 62Secure the Hypervisor 63Secure the Management Interfaces 81Secure the Virtual Machine 89Conclusion 894 STORAGE AND SECURITY 91Storage Connections within the Virtual Environment 92Storage Area Networks (SAN) 93Network Attached Storage (NAS) 95Internet SCSI (iSCSI) Servers 96Virtual Storage Appliances 96Storage Usage within the Virtual Environment 97VM Datastore 98Ancillary File Store 98Backup Store 99Tape Devices 100Storage Security 102Data in Motion 103Data at Rest 104Storage Security Issues 104VCB Proxy Server 104SCSI reservations 106Fibre Channel SAN (Regular or NPIV) 108iSCSI 110NFS 111CIFS for Backups 112Shared File Access over Secure Shell (SSH) or Secure Copy Use 113FTP/R-Command Usage 115Extents 115Conclusion 1165 CLUSTERING AND SECURITY 117Types of Clusters 117Standard Shared Storage 118RAID Blade 122VMware Cluster 123Virtual Machine Clusters 125Security Concerns 125Heartbeats 127Isolation 133VMware Cluster Protocols 140VMware Hot Migration Failures 141Virtual Machine Clusters 142Management 143Conclusion 1456 DEPLOYMENT AND MANAGEMENT 147Management and Deployment Data Flow 148VIC to VC (Including Plug-Ins) 148VIC to Host 152VC webAccess 153ESX(i) webAccess 154VI SDK to VC 154VI SDK to Host 156RCLI to Host 156RCLI to VC 156SSH to Host 156Console Access 157Lab Manager 157Site Manager 157LifeCycle Manager 158AppSpeed 158CapacityIQ 158VMware Update Manager 158Management and Deployment Authentication 158Difference Between Authorization and Authentication 159Mitigating Split-Brain Authorization and Authentication 162Security of Management and Deployment Network 184Using SSL 184Using IPsec 189Using Tunnels 189Using Deployment Servers 190Security Issues during Management and Deployment 191VIC Plug-ins 192VMs on the Wrong Network 193VMs or Networks Created Without Authorization 194VMs on the Wrong Storage 195VMs Assigned to Improper Resource Pools 196Premature Propagation of VMs from Quality Assurance to Production 196Physical to Virtual (P2V) Crossing Security Zones 196Conclusion 1987 OPERATIONS AND SECURITY 199Monitoring Operations 199Host Monitoring 200Host Configuration Monitoring 202Performance Monitoring 203Virtual Machine Administrator Operations 204Using the Wrong Interface to Access VMs 204Using the Built-in VNC to Access the Console 205Virtual Machine Has Crashed 211Backup Administrator Operations 211Service Console Backups 212Network Backups 213Direct Storage Access Backups 213Virtual Infrastructure Administrator Operations 214Using Tools Across Security Zones 214Running Commands Across All Hosts 215Management Roles and Permissions Set Incorrectly 216Conclusion 2178 VIRTUAL MACHINES AND SECURITY 219The Virtual Machine 219Secure the Virtual Hardware 220Secure the Guest OS and Application 239Secure the Hypervisor Interaction Layer 241Virtual Machine Administration 252Virtual Machine Creation 253Virtual Machine Modification 253Virtual Machine Deletion 254Conclusion 2549 VIRTUAL NETWORKING SECURITY 255Virtual Networking Basics 256Basic Connections 256802.1q or VLAN Tagging 268Security Zones 271Standard Zones 273Best Practices 277Virtualization Host with Single or Dual pNIC 278Three pNICs 280Four pNICs 284Five pNICs 289Six pNICs 295Eight pNICs 302Ten pNICs 304pNIC Combination Conclusion 304Cases 305DMZ on a Private vSwitch 305Use of Virtual Firewall to Protect the Virtualization Management Network 307VMware as a Service 307Tools 310Intrusion Detection and Prevention 310Auditing Interfaces 311Conclusion 31410 VIRTUAL DESKTOP SECURITY 315What Is VDI? 315Components 316VDI Products 317VDM 318VDM's Place in the Network 318The VDM Connection Server 319The VDM Client 319The VDM Web Access Client 320The VDM Agent for Virtual Desktops 321Security Implications 322VMware View 324Linked Clones: What Are They and How Do They Change Security? 324Storage Overcommit 326Overview of Linked Clones 326Protecting the VC 328Offline Desktops 329SSL in a VDM or View Environment 333Secure VDI Implementation 338Secure the Virtual Desktop 341Conclusion 34211 SECURITY AND VMWARE ESX 343VMware ESXi Hardening Recipe 345VMware ESX Hardening Recipe 349Step 1: Root Password 355Step 2: Shadow Password 355Step 3: IPtables Firewall 355Step 4: Lockdown by Source IP 357Step 5: Run Security Assessments 360Step 6: Apply Hardening per Assessments 367Step 7: Additional Auditing Tools 388Conclusion 39412 DIGITAL FORENSICS AND DATA RECOVERY 397Data Recovery 398Data Recovery-Host Unavailable 399Data Recovery-Corrupt LUN 400Data Recovery-Re-create LUN 406Data Recovery-Re-create Disk 407Digital Forensics 408Digital Forensics-Acquisition 408Digital Forensics-Analysis 422Digital Forensics-Who Did What, When, Where, and How? 426Conclusion 428CONCLUSION: JUST THE BEGINNING: THE FUTURE OF VIRTUALIZATION SECURITY 431A PATCHES TO BASTILLE TOOL 435B SECURITY HARDENING SCRIPT 441C ASSESSMENT SCRIPT OUTPUT 465CIS-CAT Output 465Bastille-Linux Output 470DISA STIG Output 475Tripwire ConfigCheck Output 496D SUGGESTED READING AND USEFUL LINKS 499Books 499Whitepapers 500Products 501Useful Links 502GLOSSARY 503INDEX 507
Edward L. Haletky is the author of the well-received book VMware ESX Server in the Enterprise: Planning and Securing Virtualization Servers. A virtualization expert, Edward has been involved in virtualization host security discussions, planning, and architecture since VMware ESX version 1.5.x. Edward owns AstroArch Consulting, Inc., providing virtualization, security, network consulting, and development. Edward is a 2009 VMware vExpert, Guru, and moderator for the VMware Communities Forums, providing answers to security and configuration questions. Edward moderates the Virtualization Security Roundtable Podcast held every two weeks where virtualization security is discussed in depth. Edward is DABCC's Virtualization Security Analyst. Edward is the virtualization Security Analyst at www.virtualizationpractice.com Tim Pierson has been a technical trainer for the past 23 years and is an industry leader in both security and virtualization. He has been the noted speaker at many industry events, including Novell's Brainshare, Innotech, GISSA, and many military venues, including the Pentagon and numerous facilities addressing security both in the United States and Europe. He is a contributor to Secure Coding best practices and coauthor of Global Knowledge Windows 2000 Boot Camp courseware. Tom Howarth is DABCC's Data Center Virtualization Analyst. Tom is a moderator of the VMware Communities Forums. Tom owns TCA Consulting and PlanetVM.Net. He regularly designs large virtualization projects for enterprises in the U.K. and elsewhere in EMEA. Tom received the VMware vExpert 2009 award.
Praise Page for VMware vSphere and Virtual Infrastructure Security"I've known Edward for a while and he is very passionate about security and virtualization and this book represents his passion for both subjects. Security is one area that is often not paid enough attention to and in a virtual environment it is absolutely critical as many different security threats exist compared to physical environments. Ed's latest book covers every area of virtualization security and is a must read for anyone who has virtualized their environment so they can understand the many threats that exist and how to protect themselves from them." -Eric Siebert, author of VMware (R) V13 Implementation and Administration, blogger for Tech Target, and owner of http://vsphere-land.com and vExpert 2009 "This book is a comprehensive, in-depth review of security in virtualized environments using VMware Infrastructure and VMware vSphere. Edward reinforces the need to include security in every area of your virtualized environment as he thoroughly discusses the security implications present in your server hardware, storage, networking, virtual machines, and guest operating systems. Even without the focus on security, Edward's book is a valuable reference work for the useful tidbits of knowledge he's gathered during his career. Highly recommended!" -Scott Lowe, virtualization blogger, author, and VMware vExpert