Putting all your eggs in one basket has never been a great idea – by not securing your virtual environment – you’re doing just that with your corporate data.

Without any security, your virtual host server isn’t far from being an open door – a direct route into your organisation for pretty much anyone with a little knowledge 
to access, compromise or corrupt every virtual machines you’ve got: not an appealing prospect!
Although it’s not impossible for the same thing to happen in a physical world: most servers and desktops after all have some form of security layer in their build – however basic: there probably isn’t a network out there that doesn’t include IDS, Firewalls, DLP or Anti-Virus in some guise. It provides a minimum level of security against internal and external threats that just doesn’t apply in a new virtual infrastructure. Virtual machines’ lack of individual security provision and their dynamic nature means that unless security is over-layered at the management level, they’re wide open to attack – in a way that most systems or network devices aren’t.
But securing the virtual world isn’t all bad news: a brand new virtual deployment gives you a unique opportunity to implement security policies and procedures from scratch – using the latest technologies. That’s rarely possible in a physical network where legacy systems, multiple vendor solutions, anomalies and upgrades mean that policies and procedures can be difficult to implement and harder still to enforce or police.
Your HyperVisor and management console are the gatekeepers to your whole virtual infrastructure, so not deploying some form of security solutions to protect them isn’t an option, it’s a necessity – unless you like scrambled eggs!

Virtualization Myths

Thought I would share this presentation with everyone from a recent seminar that I gave at the back end of last year entitled “Security in a Virtual World”.

You can check out the presentation at this link: http://bit.ly/8Vh4MM

This appeared on a VMware KB article back in August but some of you may have not seen it. Basically if you use a port scanner like NMAP and scan an ESX host in particular on port 8000, subsequent VMotion events will fail.

The only way to get VMotion to work again is to disable and then re-enable VMotion. It’s interesting that this service is obviously not robust enough to cope with a simple port scan and also highlights the fact that you should be isolating your vmotion network from general network traffic.

The original VMware article can be viewed here, KB1010672

Lab Security’s important, right? Well, so it may be – but when it comes to virtualisation, it’s not hard to get the impression that it isn’t being treated as seriously as it should be. I don’t know about you, but when I read about the take-up of virtualisation, the feeling of foreboding is not unlike seeing a five-year-old play with Daddy’s collection of Samurai swords – while nothing awful has happened yet, one can’t help thinking it’s a matter of when, not if.

More can be read the the following link:

http://www.theregister.co.uk/2009/12/15/virtual_server_security/

The VMinformer Community Edition allows security professionals and those tasked with managing virtual infrastructures the ability to assess the overall security configuration of their virtual environment. Critical virtual infrastructure assets can be rapidly assessed against out of the box policy templates based on industry standards such as CIS and PCI benchmarks.

The VMinformer Community Edition is a free, single user version with most of the capabilities of VMinformer PRO.

VMinformer provides:-

• Simple deployment - installs on a laptop or workstation in minutes
• Out of the box policies - based on standard industry benchmarks
• Remediation guidance - helps identify risks to your infrastructure quickly and accurately and provides step by step fix guidance
• No cost start up security solution - provides a free entry level solution for your virtual environment

To download the community edition of the tool follow this link

If you didn’t already know this the VMware Web Services SDK is a WSDL API that allows developers to write applications that integrate with VMware. You can also query this API using a standard web browser. The WSDL interface requires authentication and once authenticated you have access to the entire API as shown in the screenshot below.

Even if you are not a developer once authenticated using the browser you can query the virtual infrastructure in much the same way as you would using the standard VI client. You can also scheduled tasks which means you have a lot of power, eg. shutdown VM’s, Change configs etc.

Bruteforce Attack

The interesting thing to note is that the interface can be attacked using Brute Force techniques, so if you do not have adequate access control mechanisms in place you are leaving your virtual infrastructure open to compromise.

To mitigate this from happening I would suggest you lock down which source IP’s in your network are allowed to access vCenter and each ESX host, and never expose your Virtual Management layer to the Internet.

First UK VirtSec Training course to be offered in London from February 2010. I am just putting the finishing touches to the content and format for this 2 day course. More details will follow shortly if you would like to register your interest in attending this course then please register here.