1 WHAT IS A SECURITY THREAT? 1 The 10,000 Foot View without Virtualization 2 The 10,000 Foot View with Virtualization 4 Applying Virtualization Security 5 Definitions 10 Threat 11 Vulnerability 11 Fault 11 The Beginning of the Journey 12 2 HOLISTIC VIEW FROM THE BOTTOM UP 15 Attack Goals 16 Anatomy of an Attack 17 Footprinting Stage 17 Scanning Stage 17 Enumeration Stage 19 Penetration Stage 21 Types of Attacks 23 Buffer Overflows 23 Heap Overflows 31 Web-Based Attacks 33 Layer 2 Attacks 41 Layer 3 Nonrouter Attacks 46 DNS Attacks 47 Layer 3 Routing Attacks 49 Man in the Middle Attack (MiTM) 51 Conclusion 57 3 UNDERSTANDING VMWARE VSPHERE AND VIRTUAL INFRASTRUCTURE SECURITY 59 Hypervisor Models 59 Hypervisor Security 60 Secure the Hardware 61 Secure the Management Appliance 62 Secure the Hypervisor 63 Secure the Management Interfaces 81 Secure the Virtual Machine 89 Conclusion 89 4 STORAGE AND SECURITY 91 Storage Connections within the Virtual Environment 92 Storage Area Networks (SAN) 93 Network Attached Storage (NAS) 95 Internet SCSI (iSCSI) Servers 96 Virtual Storage Appliances 96 Storage Usage within the Virtual Environment 97 VM Datastore 98 Ancillary File Store 98 Backup Store 99 Tape Devices 100 Storage Security 102 Data in Motion 103 Data at Rest 104 Storage Security Issues 104 VCB Proxy Server 104 SCSI reservations 106 Fibre Channel SAN (Regular or NPIV) 108 iSCSI 110 NFS 111 CIFS for Backups 112 Shared File Access over Secure Shell (SSH) or Secure Copy Use 113 FTP/R-Command Usage 115 Extents 115 Conclusion 116 5 CLUSTERING AND SECURITY 117 Types of Clusters 117 Standard Shared Storage 118 RAID Blade 122 VMware Cluster 123 Virtual Machine Clusters 125 Security Concerns 125 Heartbeats 127 Isolation 133 VMware Cluster Protocols 140 VMware Hot Migration Failures 141 Virtual Machine Clusters 142 Management 143 Conclusion 145 6 DEPLOYMENT AND MANAGEMENT 147 Management and Deployment Data Flow 148 VIC to VC (Including Plug-Ins) 148 VIC to Host 152 VC webAccess 153 ESX(i) webAccess 154 VI SDK to VC 154 VI SDK to Host 156 RCLI to Host 156 RCLI to VC 156 SSH to Host 156 Console Access 157 Lab Manager 157 Site Manager 157 LifeCycle Manager 158 AppSpeed 158 CapacityIQ 158 VMware Update Manager 158 Management and Deployment Authentication 158 Difference Between Authorization and Authentication 159 Mitigating Split-Brain Authorization and Authentication 162 Security of Management and Deployment Network 184 Using SSL 184 Using IPsec 189 Using Tunnels 189 Using Deployment Servers 190 Security Issues during Management and Deployment 191 VIC Plug-ins 192 VMs on the Wrong Network 193 VMs or Networks Created Without Authorization 194 VMs on the Wrong Storage 195 VMs Assigned to Improper Resource Pools 196 Premature Propagation of VMs from Quality Assurance to Production 196 Physical to Virtual (P2V) Crossing Security Zones 196 Conclusion 198 7 OPERATIONS AND SECURITY 199 Monitoring Operations 199 Host Monitoring 200 Host Configuration Monitoring 202 Performance Monitoring 203 Virtual Machine Administrator Operations 204 Using the Wrong Interface to Access VMs 204 Using the Built-in VNC to Access the Console 205 Virtual Machine Has Crashed 211 Backup Administrator Operations 211 Service Console Backups 212 Network Backups 213 Direct Storage Access Backups 213 Virtual Infrastructure Administrator Operations 214 Using Tools Across Security Zones 214 Running Commands Across All Hosts 215 Management Roles and Permissions Set Incorrectly 216 Conclusion 217 8 VIRTUAL MACHINES AND SECURITY 219 The Virtual Machine 219 Secure the Virtual Hardware 220 Secure the Guest OS and Application 239 Secure the Hypervisor Interaction Layer 241 Virtual Machine Administration 252 Virtual Machine Creation 253 Virtual Machine Modification 253 Virtual Machine Deletion 254 Conclusion 254 9 VIRTUAL NETWORKING SECURITY 255 Virtual Networking Basics 256 Basic Connections 256 802.1q or VLAN Tagging 268 Security Zones 271 Standard Zones 273 Best Practices 277 Virtualization Host with Single or Dual pNIC 278 Three pNICs 280 Four pNICs 284 Five pNICs 289 Six pNICs 295 Eight pNICs 302 Ten pNICs 304 pNIC Combination Conclusion 304 Cases 305 DMZ on a Private vSwitch 305 Use of Virtual Firewall to Protect the Virtualization Management Network 307 VMware as a Service 307 Tools 310 Intrusion Detection and Prevention 310 Auditing Interfaces 311 Conclusion 314 10 VIRTUAL DESKTOP SECURITY 315 What Is VDI? 315 Components 316 VDI Products 317 VDM 318 VDM's Place in the Network 318 The VDM Connection Server 319 The VDM Client 319 The VDM Web Access Client 320 The VDM Agent for Virtual Desktops 321 Security Implications 322 VMware View 324 Linked Clones: What Are They and How Do They Change Security? 324 Storage Overcommit 326 Overview of Linked Clones 326 Protecting the VC 328 Offline Desktops 329 SSL in a VDM or View Environment 333 Secure VDI Implementation 338 Secure the Virtual Desktop 341 Conclusion 342 11 SECURITY AND VMWARE ESX 343 VMware ESXi Hardening Recipe 345 VMware ESX Hardening Recipe 349 Step 1: Root Password 355 Step 2: Shadow Password 355 Step 3: IPtables Firewall 355 Step 4: Lockdown by Source IP 357 Step 5: Run Security Assessments 360 Step 6: Apply Hardening per Assessments 367 Step 7: Additional Auditing Tools 388 Conclusion 394 12 DIGITAL FORENSICS AND DATA RECOVERY 397 Data Recovery 398 Data Recovery-Host Unavailable 399 Data Recovery-Corrupt LUN 400 Data Recovery-Re-create LUN 406 Data Recovery-Re-create Disk 407 Digital Forensics 408 Digital Forensics-Acquisition 408 Digital Forensics-Analysis 422 Digital Forensics-Who Did What, When, Where, and How? 426 Conclusion 428 CONCLUSION: JUST THE BEGINNING: THE FUTURE OF VIRTUALIZATION SECURITY 431 A PATCHES TO BASTILLE TOOL 435 B SECURITY HARDENING SCRIPT 441 C ASSESSMENT SCRIPT OUTPUT 465 CIS-CAT Output 465 Bastille-Linux Output 470 DISA STIG Output 475 Tripwire ConfigCheck Output 496 D SUGGESTED READING AND USEFUL LINKS 499 Books 499 Whitepapers 500 Products 501 Useful Links 502 GLOSSARY 503 INDEX 507
Edward L. Haletky is the author of the well-received book VMware ESX Server in the Enterprise: Planning and Securing Virtualization Servers. A virtualization expert, Edward has been involved in virtualization host security discussions, planning, and architecture since VMware ESX version 1.5.x. Edward owns AstroArch Consulting, Inc., providing virtualization, security, network consulting, and development. Edward is a 2009 VMware vExpert, Guru, and moderator for the VMware Communities Forums, providing answers to security and configuration questions. Edward moderates the Virtualization Security Roundtable Podcast held every two weeks where virtualization security is discussed in depth. Edward is DABCC's Virtualization Security Analyst. Edward is the virtualization Security Analyst at www.virtualizationpractice.com Tim Pierson has been a technical trainer for the past 23 years and is an industry leader in both security and virtualization. He has been the noted speaker at many industry events, including Novell's Brainshare, Innotech, GISSA, and many military venues, including the Pentagon and numerous facilities addressing security both in the United States and Europe. He is a contributor to Secure Coding best practices and coauthor of Global Knowledge Windows 2000 Boot Camp courseware. Tom Howarth is DABCC's Data Center Virtualization Analyst. Tom is a moderator of the VMware Communities Forums. Tom owns TCA Consulting and PlanetVM.Net. He regularly designs large virtualization projects for enterprises in the U.K. and elsewhere in EMEA. Tom received the VMware vExpert 2009 award.
Praise Page for VMware vSphere and Virtual Infrastructure Security "I've known Edward for a while and he is very passionate about security and virtualization and this book represents his passion for both subjects. Security is one area that is often not paid enough attention to and in a virtual environment it is absolutely critical as many different security threats exist compared to physical environments. Ed's latest book covers every area of virtualization security and is a must read for anyone who has virtualized their environment so they can understand the many threats that exist and how to protect themselves from them." -Eric Siebert, author of VMware (R) V13 Implementation and Administration, blogger for Tech Target, and owner of http://vsphere-land.com and vExpert 2009 "This book is a comprehensive, in-depth review of security in virtualized environments using VMware Infrastructure and VMware vSphere. Edward reinforces the need to include security in every area of your virtualized environment as he thoroughly discusses the security implications present in your server hardware, storage, networking, virtual machines, and guest operating systems. Even without the focus on security, Edward's book is a valuable reference work for the useful tidbits of knowledge he's gathered during his career. Highly recommended!" -Scott Lowe, virtualization blogger, author, and VMware vExpert