VMware vSphere and Virtual Infrastructure Security

Edward L. Haletky is the author of the well-received book VMware ESX Server in the Enterprise: Planning and Securing Virtualization Servers. A virtualization expert, Edward has been involved in virtualization host security discussions, planning, and architecture since VMware ESX version 1.5.x. Edward owns AstroArch Consulting, Inc., providing virtualization, security, network consulting, and development. Edward is a 2009 VMware vExpert, Guru, and moderator for the VMware Communities Forums, providing answers to security and configuration questions. Edward moderates the Virtualization Security Roundtable Podcast held every two weeks where virtualization security is discussed in depth. Edward is DABCC’s Virtualization Security Analyst.   Edward is the virtualization Security Analyst at www.virtualizationpractice.com    Tim Pierson has been a technical trainer for the past 23 years and is an industry leader in both security and virtualization. He has been the noted speaker at many industry events, including Novell’s Brainshare, Innotech, GISSA, and many military venues, including the Pentagon and numerous facilities addressing security both in the United States and Europe. He is a contributor to Secure Coding best practices and coauthor of Global Knowledge Windows 2000 Boot Camp courseware.     Tom Howarth is DABCC’s Data Center Virtualization Analyst. Tom is a moderator of the VMware Communities Forums. Tom owns TCA Consulting and PlanetVM.Net. He regularly designs large virtualization projects for enterprises in the U.K. and elsewhere in EMEA. Tom received the VMware vExpert 2009 award.  

1  WHAT IS A SECURITY THREAT?    1

The 10,000 Foot View without Virtualization   2

The 10,000 Foot View with Virtualization    4

Applying Virtualization Security    5

Definitions    10

Threat    11

Vulnerability    11

Fault    11

The Beginning of the Journey    12

2  HOLISTIC VIEW FROM THE BOTTOM UP    15

Attack Goals    16

Anatomy of an Attack    17

Footprinting Stage    17

Scanning Stage    17

Enumeration Stage    19

Penetration Stage    21

Types of Attacks    23

Buffer Overflows    23

Heap Overflows    31

Web-Based Attacks    33

Layer 2 Attacks    41

Layer 3 Nonrouter Attacks    46

DNS Attacks    47

Layer 3 Routing Attacks    49

Man in the Middle Attack (MiTM)    51

Conclusion    57

3  UNDERSTANDING VMWARE VSPHERE AND VIRTUAL INFRASTRUCTURE SECURITY    59

Hypervisor Models    59

Hypervisor Security    60

Secure the Hardware    61

Secure the Management Appliance    62

Secure the Hypervisor    63

Secure the Management Interfaces    81

Secure the Virtual Machine    89

Conclusion    89

4  STORAGE AND SECURITY    91

Storage Connections within the Virtual Environment    92

Storage Area Networks (SAN)    93

Network Attached Storage (NAS)    95

Internet SCSI (iSCSI) Servers    96

Virtual Storage Appliances    96

Storage Usage within the Virtual Environment    97

VM Datastore    98

Ancillary File Store    98

Backup Store    99

Tape Devices    100

Storage Security    102

Data in Motion    103

Data at Rest    104

Storage Security Issues    104

VCB Proxy Server    104

SCSI reservations    106

Fibre Channel SAN (Regular or NPIV)    108

iSCSI    110

NFS    111

CIFS for Backups    112

Shared File Access over Secure Shell (SSH) or Secure Copy Use    113

FTP/R-Command Usage    115

Extents    115

Conclusion    116

5  CLUSTERING AND SECURITY       117

Types of Clusters    117

Standard Shared Storage    118

RAID Blade    122

VMware Cluster    123

Virtual Machine Clusters    125

Security Concerns    125

Heartbeats    127

Isolation    133

VMware Cluster Protocols    140

VMware Hot Migration Failures    141

Virtual Machine Clusters    142

Management    143

Conclusion    145

6  DEPLOYMENT AND MANAGEMENT    147

Management and Deployment Data Flow    148

VIC to VC (Including Plug-Ins)    148

VIC to Host    152

VC webAccess    153

ESX(i) webAccess    154

VI SDK to VC    154

VI SDK to Host    156

RCLI to Host    156

RCLI to VC    156

SSH to Host    156

Console Access    157

Lab Manager    157

Site Manager    157

LifeCycle Manager    158

AppSpeed    158

CapacityIQ    158

VMware Update Manager    158

Management and Deployment Authentication    158

Difference Between Authorization and Authentication    159

Mitigating Split-Brain Authorization and Authentication    162

Security of Management and Deployment Network    184

Using SSL    184

Using IPsec    189

Using Tunnels    189

Using Deployment Servers    190

Security Issues during Management and Deployment    191

VIC Plug-ins    192

VMs on the Wrong Network    193

VMs or Networks Created Without Authorization    194

VMs on the Wrong Storage    195

VMs Assigned to Improper Resource Pools    196

Premature Propagation of VMs from Quality Assurance to Production    196

Physical to Virtual (P2V) Crossing Security Zones    196

Conclusion    198

7  OPERATIONS AND SECURITY       199

Monitoring Operations    199

Host Monitoring    200

Host Configuration Monitoring    202

Performance Monitoring    203

Virtual Machine Administrator Operations    204

Using the Wrong Interface to Access VMs    204

Using the Built-in VNC to Access the Console    205

Virtual Machine Has Crashed    211

Backup Administrator Operations    211

Service Console Backups    212

Network Backups    213

Direct Storage Access Backups    213

Virtual Infrastructure Administrator Operations    214

Using Tools Across Security Zones    214

Running Commands Across All Hosts    215

Management Roles and Permissions Set Incorrectly    216

Conclusion    217

8  VIRTUAL MACHINES AND SECURITY       219

The Virtual Machine    219

Secure the Virtual Hardware    220

Secure the Guest OS and Application    239

Secure the Hypervisor Interaction Layer    241

Virtual Machine Administration    252

Virtual Machine Creation    253

Virtual Machine Modification    253

Virtual Machine Deletion    254

Conclusion    254

9  VIRTUAL NETWORKING SECURITY    255

Virtual Networking Basics    256

Basic Connections    256

802.1q or VLAN Tagging    268

Security Zones    271

Standard Zones    273

Best Practices    277

Virtualization Host with Single or Dual pNIC    278

Three pNICs    280

Four pNICs    284

Five pNICs    289

Six pNICs    295

Eight pNICs    302

Ten pNICs    304

pNIC Combination Conclusion    304

Cases    305

DMZ on a Private vSwitch    305

Use of Virtual Firewall to Protect the Virtualization Management Network    307

VMware as a Service    307

Tools    310

Intrusion Detection and Prevention    310

Auditing Interfaces    311

Conclusion    314

10  VIRTUAL DESKTOP SECURITY    315

What Is VDI?    315

Components    316

VDI Products    317

VDM    318

VDM’s Place in the Network    318

The VDM Connection Server    319

The VDM Client    319

The VDM Web Access Client    320

The VDM Agent for Virtual Desktops    321

Security Implications    322

VMware View    324

Linked Clones: What Are They and How Do They Change Security?    324

Storage Overcommit    326

Overview of Linked Clones    326

Protecting the VC    328

Offline Desktops    329

SSL in a VDM or View Environment    333

Secure VDI Implementation    338

Secure the Virtual Desktop    341

Conclusion    342

11  SECURITY AND VMWARE ESX    343

VMware ESXi Hardening Recipe    345

VMware ESX Hardening Recipe    349

Step 1: Root Password    355

Step 2: Shadow Password    355

Step    3: IPtables Firewall    355

Step 4: Lockdown by Source IP    357

Step 5: Run Security Assessments    360

Step 6: Apply Hardening per Assessments    367

Step 7: Additional Auditing Tools    388

Conclusion    394

12  DIGITAL FORENSICS AND DATA RECOVERY    397

Data Recovery    398

Data Recovery–Host Unavailable    399

Data Recovery–Corrupt LUN    400

Data Recovery–Re-create LUN    406

Data Recovery–Re-create Disk    407

Digital Forensics    408

Digital Forensics–Acquisition    408

Digital Forensics–Analysis    422

Digital Forensics–Who Did What, When, Where, and How?    426

Conclusion    428

CONCLUSION: JUST THE BEGINNING: THE FUTURE OF VIRTUALIZATION SECURITY    431

A  PATCHES TO BASTILLE TOOL    435

B  SECURITY HARDENING SCRIPT    441

C  ASSESSMENT SCRIPT OUTPUT    465

CIS-CAT Output    465

Bastille-Linux Output    470

DISA STIG Output    475

Tripwire ConfigCheck Output    496

D  SUGGESTED READING AND USEFUL LINKS    499

Books    499

Whitepapers    500

Products    501

Useful Links    502

GLOSSARY    503

INDEX    507