SlideShare uma empresa Scribd logo

Virtualization security

Transferir como PPT, PDF
n|u - The Open Security Community
n|u - The Open Security Community

null Pune May 2012 Meet

EducaçãoTecnologia
1 de 23
Virtualizati on -By Ma ng e s h Gunj a l
Topics to be Covered:  Vir t ua l iz at io n  Vir t ua l Ma c hine Mo nit o r  T y p es o f Vir t ua l iz at io n  Why Vir t ua l iz at io n..?  Vir t ua l iz at io n Ap p l ic at io n Ar e a s  Vir t ua l iz at io n Ris k s  Vir t ua l iz at io n Se c ur it y  VM Sp r awl  Mis c e l l a ne o us
Virtualization - Mul t ip l e Op e r a t ing Sy s t e ms o n a Sing l e Phy s ic a l Sy s t e m - Mul t ip lt e Ex e c utrio y ing Ha r d wa r e Sha r e he Und e l - n Re s o ur c e s . Env ir o nme nt s , - Ha r d wa r e a nd So f t wa r e Pa r t it io ning , - T ime -Sha r ing , - Pa r t ia l o r Co mp l e t e Ma c hine Simul a t io n/ - Se p a r a tio n o f a Re s o ur c e Emul a t io n o r Re q ue s t f o r a s e r v ic e .
S o u r c e : Vir t ua l iz a t io n Ov e r v ie w whit e p a p e r , By
- Vir t ua l Ma c hine Mo nit o r ( VMM) - Emul a t io n o r s imul a t io n - Vir t ua l Ma c hine s - I s o l a t e d Env ir o nme nt
S o u r c e : Vir t ua l iz a t io n Ov e r v ie w whit e p a p e r , By
Para Virtualization S o u r c e : Vir t ua l iz a t io n Ov e r v ie w whit e p a p e r , By
Why Virtualization..?  Se r v e r Co ns o l id at io n.  Leg a c y Ap p l ic at io ns.  Sa nd b o x .  Ex e c ut io n o f Mul t ip l e Op e r at ing Sy s t e ms.  Simul at io n o f Ha r d wa r e a nd Ne t wo r k ing Dev ic es.  Po we r f ul De bugging a nd Pe r f o r ma nc e Mo nit o r ing  Fa ul t a nd Er r o r Co nt a inme nt  Ap p l ic at io n a nd Sy s t e m Mo b il it y  Sha r e d Me mo r y Mul t ip r o c ess o r s  Bus iness Co nt inuit y
S o u r c e : Vir t ua l iz a t io n Ov e r v ie w whit e p a p e r , By
I n f r a s t r u c t u r e is wha t c o nne c t s r e s o ur c e s t o y o ur b us ine s s . V ir t u a l I n f r a s t r u c t u r e is a d y na mic ma p p ing o f y o ur r e s o ur c e s t o y o ur b us ine s s . S o u r c e : Vir t ua l iz a t io n Ov e r v ie w R e s u l t : d e c r e a s e d c o s t s a nd whit e p a p e r , By
Virtualization Application Areas Des k t o p Vir t ua l iz at io n Ap p l ic at io n Vir t ua l iz at io n
Virtualization Application Areas Se r v e r Vir t ua l iz a t io n St o r a g e Vir t ua l iz a t io n I nf r a s t r uc t ur e Vir t ua l iz at io n Ne t wo r k Vir t ua l iz a t io n
Virtualization Risks - I ne x p e r ie nc e I nv o l v e d . - I nc r e a s e d Cha nne l s f o r At t a c k . - Cha ng e Ma na g e me nt Co nt r o l . - I T Ass e t T r a c k ing a nd Ma na g e me nt . - Se c ur ing Do r ma nt Vir t ua l Ma c hines. - Sha r ing Dat a b e t we e n Vir t ua l Ma c hines.
Exploitation on Virtualization - Malicious Code Activities through Detection of VM. - Denial of Service on the Virtual Machine. - Virtual Machine Escape
Historical Incident - VMware Multiple Denial Of Service Vulnerabilities Some VMware products support storing configuration information in VMDB files. Under some circumstances, a malicious user could instruct the virtual machine process (VMX) to store malformed data, causing an error. This error could enable a successful Denial-of- Service attack on guest operating systems. Link:
Virtualization Security  Hy p e r v is o r Se c ur it y  Ho s t / Pl at f o r m Se c ur it y  Se c ur ing Co mmunic at io ns  Se c ur it y b e t we e n Gues t s  Se c ur it y b e t we e n Ho s t s a nd Gues t s  Vir t ua l iz e d I nf r a s t r uc t ur e Se c ur it y  Vir t ua l Ma c hine Sp r awl
Hardening Steps to Secure Virtualisation Environment - Server Service Console - Restriction to Internal Trusted Network - Block all the incoming and outgoing traffic except for necessary ports. - Monitor the integrity and modification of the configuration files - Limit ssh based client communication to a discrete group of ip addresses - Create separate partitions for /home, /tmp, and /var/log
Hardening Steps to Secure Virtualisation Environment - Virtual Network Layer - Network breach by user error or omission. - MAC Address spoofing (MAC address changes) - MAC Address spoofing (Forged transmissions)
Hardening Steps to Secure Virtualisation Environment - Virtual Machine - Apply standard infrastructure security measures into virtual infrastructure - Set the resource reservation and limits for each virtual machine
Virtual Machine Sprawl  Unc he c k e d c r e at io n o f ne w Vir t ua l Ma c hines ( Vms )  T he VMs t hat a r e c r e at e d f o r a s ho r t -t e r m p r o j e c t a r e s t il l us ing CPU, RAM a nd ne t wo r k r es o ur c es, a nd t hey c o ns ume s t o r a g e ev e n if t hey a r e powe r e d of f .  VM s p r awl c o ul d l e a d t o a c o mp ut ing e nv ir o nme nt r unning o ut o f r es o ur c es at a muc h q uic k e r -t ha n-e x p e c t e d r at e , a nd it c o ul d s k e w wid e r c a p a c it y - p l a nning e x e r c is es.
Miscellaneous  Ka s p e r s ky La b ha s int r o d uc e d Ka s p e r s ky Se c ur it y f o r Vir t ua l iz at io n, a v ir t ua l s e c ur it y a p p l ia nc e t hat int egr at es wit h VMwa r e v Shie l d End po int t o p r ov id e a g e nt l ess, a nt i ma l wa r e s e c ur it y.  VMwa r e So ur c e Co d e Le a k Rev e a l s Vir t ua l iz at io n Se c ur it y Co nc e r ns.  Sy ma nt e c ha s it s own wid e r a ng e o f t o o l s f o r Vir t ua l iz at io n Se c ur it y : − Sy ma nt e c Cr it ic a l Sy s t e m Pr ot e c t io n − Sy ma nt e c Dat a Lo ss Pr ev e nt io n − Sy ma nt e c Co nt r o l Co mp l ia nc e Suit e − Sy ma nt e c Se c ur it y I nf o r mat io n Ma na g e r
References - VMware.com - Microsoft.com - SANS.org - Gartner.com - Trendmicro.com - Symantec.com
Thank You

Recomendados

Virtualization security and threat
Virtualization security and threatVirtualization security and threat
Virtualization security and threat
Ammarit Thongthua ,CISSP CISM GXPN CSSLP CCNP
 
Cloud-Native DDoS Attack Mitigation
Cloud-Native DDoS Attack MitigationCloud-Native DDoS Attack Mitigation
Cloud-Native DDoS Attack Mitigation
Amazon Web Services
 
Encryption and Key Management in AWS
Encryption and Key Management in AWSEncryption and Key Management in AWS
Encryption and Key Management in AWS
Amazon Web Services
 
OTG - Practical Hands on VAPT
OTG - Practical Hands on VAPTOTG - Practical Hands on VAPT
OTG - Practical Hands on VAPT
shiriskumar
 
Building Secure Architectures on AWS
Building Secure Architectures on AWSBuilding Secure Architectures on AWS
Building Secure Architectures on AWS
Amazon Web Services
 
Identity and Access Management (IAM)
Identity and Access Management (IAM)Identity and Access Management (IAM)
Identity and Access Management (IAM)
Identacor
 
Server virtualization
Server virtualizationServer virtualization
Server virtualization
ofsorganizer
 
Zero-Trust SASE DevSecOps
Zero-Trust SASE DevSecOpsZero-Trust SASE DevSecOps
Zero-Trust SASE DevSecOps
Araf Karsh Hamid
 

Recomendados

Virtualization security and threat
Virtualization security and threatVirtualization security and threat
Virtualization security and threat
Ammarit Thongthua ,CISSP CISM GXPN CSSLP CCNP
 
Cloud-Native DDoS Attack Mitigation
Cloud-Native DDoS Attack MitigationCloud-Native DDoS Attack Mitigation
Cloud-Native DDoS Attack Mitigation
Amazon Web Services
 
Encryption and Key Management in AWS
Encryption and Key Management in AWSEncryption and Key Management in AWS
Encryption and Key Management in AWS
Amazon Web Services
 
OTG - Practical Hands on VAPT
OTG - Practical Hands on VAPTOTG - Practical Hands on VAPT
OTG - Practical Hands on VAPT
shiriskumar
 
Building Secure Architectures on AWS
Building Secure Architectures on AWSBuilding Secure Architectures on AWS
Building Secure Architectures on AWS
Amazon Web Services
 
Identity and Access Management (IAM)
Identity and Access Management (IAM)Identity and Access Management (IAM)
Identity and Access Management (IAM)
Identacor
 
Server virtualization
Server virtualizationServer virtualization
Server virtualization
ofsorganizer
 
Zero-Trust SASE DevSecOps
Zero-Trust SASE DevSecOpsZero-Trust SASE DevSecOps
Zero-Trust SASE DevSecOps
Araf Karsh Hamid
 
High Availability Websites: part one
High Availability Websites: part oneHigh Availability Websites: part one
High Availability Websites: part one
Amazon Web Services
 
VMware vSphere technical presentation
VMware vSphere technical presentationVMware vSphere technical presentation
VMware vSphere technical presentation
aleyeldean
 
CLOUD NATIVE SECURITY
CLOUD NATIVE SECURITYCLOUD NATIVE SECURITY
CLOUD NATIVE SECURITY
Maganathin Veeraragaloo
 
CloudStack - Top 5 Technical Issues and Troubleshooting
CloudStack - Top 5 Technical Issues and TroubleshootingCloudStack - Top 5 Technical Issues and Troubleshooting
CloudStack - Top 5 Technical Issues and Troubleshooting
ShapeBlue
 
5. Identity and Access Management
5. Identity and Access Management5. Identity and Access Management
5. Identity and Access Management
Sam Bowne
 
Cloud-Native Security
Cloud-Native SecurityCloud-Native Security
Cloud-Native Security
VMware Tanzu
 
Virtualization
VirtualizationVirtualization
Virtualization
Kingston Smiler
 
NSX-T Architecture and Components.pptx
NSX-T Architecture and Components.pptxNSX-T Architecture and Components.pptx
NSX-T Architecture and Components.pptx
Atif Raees
 
Azure virtual network
Azure virtual networkAzure virtual network
Azure virtual network
Lalit Rawat
 
VSICM8_M02.pptx
VSICM8_M02.pptxVSICM8_M02.pptx
VSICM8_M02.pptx
MazharUddin34
 
Virtualization presentation
Virtualization presentationVirtualization presentation
Virtualization presentation
Mangesh Gunjal
 
Container Security Using Microsoft Defender
Container Security Using Microsoft DefenderContainer Security Using Microsoft Defender
Container Security Using Microsoft Defender
Rahul Khengare
 
An Introduction to VMware NSX
An Introduction to VMware NSXAn Introduction to VMware NSX
An Introduction to VMware NSX
Scott Lowe
 
What is Virtualization
What is VirtualizationWhat is Virtualization
What is Virtualization
Dhrupesh Kotadiya
 
Amazon Lightsail
Amazon LightsailAmazon Lightsail
Amazon Lightsail
Amazon Web Services
 
Installing WordPress on AWS
Installing WordPress on AWSInstalling WordPress on AWS
Installing WordPress on AWS
Manish Jain
 
Azure Key Vault - Getting Started
Azure Key Vault - Getting StartedAzure Key Vault - Getting Started
Azure Key Vault - Getting Started
Taswar Bhatti
 
VMware Overview
VMware OverviewVMware Overview
VMware Overview
Madhu Bala
 
Active Directory Proposal
Active Directory ProposalActive Directory Proposal
Active Directory Proposal
MJ Ferdous
 
Cloud computing and Cloud security fundamentals
Cloud computing and Cloud security fundamentalsCloud computing and Cloud security fundamentals
Cloud computing and Cloud security fundamentals
Viresh Suri
 
Otology learning
Otology learningOtology learning
Otology learning
Sasan Dabiri
 
Telecom service futures driven by customer need
Telecom service futures driven by customer needTelecom service futures driven by customer need
Telecom service futures driven by customer need
University of Hertfordshire
 

Mais conteúdo relacionado

Mais procurados

VMware vSphere technical presentation
VMware vSphere technical presentationVMware vSphere technical presentation
VMware vSphere technical presentation
aleyeldean
 
Virtualization presentation
Virtualization presentationVirtualization presentation
Virtualization presentation
Mangesh Gunjal
 
Active Directory Proposal
Active Directory ProposalActive Directory Proposal
Active Directory Proposal
MJ Ferdous
 

Mais procurados (20)

High Availability Websites: part one
High Availability Websites: part oneHigh Availability Websites: part one
High Availability Websites: part one
 
VMware vSphere technical presentation
VMware vSphere technical presentationVMware vSphere technical presentation
VMware vSphere technical presentation
 
CLOUD NATIVE SECURITY
CLOUD NATIVE SECURITYCLOUD NATIVE SECURITY
CLOUD NATIVE SECURITY
 
CloudStack - Top 5 Technical Issues and Troubleshooting
CloudStack - Top 5 Technical Issues and TroubleshootingCloudStack - Top 5 Technical Issues and Troubleshooting
CloudStack - Top 5 Technical Issues and Troubleshooting
 
5. Identity and Access Management
5. Identity and Access Management5. Identity and Access Management
5. Identity and Access Management
 
Cloud-Native Security
Cloud-Native SecurityCloud-Native Security
Cloud-Native Security
 
Virtualization
VirtualizationVirtualization
Virtualization
 
NSX-T Architecture and Components.pptx
NSX-T Architecture and Components.pptxNSX-T Architecture and Components.pptx
NSX-T Architecture and Components.pptx
 
Azure virtual network
Azure virtual networkAzure virtual network
Azure virtual network
 
VSICM8_M02.pptx
VSICM8_M02.pptxVSICM8_M02.pptx
VSICM8_M02.pptx
 
Virtualization presentation
Virtualization presentationVirtualization presentation
Virtualization presentation
 
Container Security Using Microsoft Defender
Container Security Using Microsoft DefenderContainer Security Using Microsoft Defender
Container Security Using Microsoft Defender
 
An Introduction to VMware NSX
An Introduction to VMware NSXAn Introduction to VMware NSX
An Introduction to VMware NSX
 
What is Virtualization
What is VirtualizationWhat is Virtualization
What is Virtualization
 
Amazon Lightsail
Amazon LightsailAmazon Lightsail
Amazon Lightsail
 
Installing WordPress on AWS
Installing WordPress on AWSInstalling WordPress on AWS
Installing WordPress on AWS
 
Azure Key Vault - Getting Started
Azure Key Vault - Getting StartedAzure Key Vault - Getting Started
Azure Key Vault - Getting Started
 
VMware Overview
VMware OverviewVMware Overview
VMware Overview
 
Active Directory Proposal
Active Directory ProposalActive Directory Proposal
Active Directory Proposal
 
Cloud computing and Cloud security fundamentals
Cloud computing and Cloud security fundamentalsCloud computing and Cloud security fundamentals
Cloud computing and Cloud security fundamentals
 

Semelhante a Virtualization security

Telecom service futures driven by customer need
Telecom service futures driven by customer needTelecom service futures driven by customer need
Telecom service futures driven by customer need
University of Hertfordshire
 
Cyber Security in a Fully Mobile World
Cyber Security in a Fully Mobile WorldCyber Security in a Fully Mobile World
Cyber Security in a Fully Mobile World
University of Hertfordshire
 
Congresso Crimes Eletrônicos, 08/03/2009 - Apresentação Ghassan Dreibi
Congresso Crimes Eletrônicos, 08/03/2009 - Apresentação Ghassan DreibiCongresso Crimes Eletrônicos, 08/03/2009 - Apresentação Ghassan Dreibi
Congresso Crimes Eletrônicos, 08/03/2009 - Apresentação Ghassan Dreibi
FecomercioSP
 
Innovation in the platform world
Innovation in the platform worldInnovation in the platform world
Innovation in the platform world
adritab
 
Small data big impact
Small data big impactSmall data big impact
Small data big impact
University of Hertfordshire
 
Ceh v8 labs module 19 cryptography
Ceh v8 labs module 19 cryptographyCeh v8 labs module 19 cryptography
Ceh v8 labs module 19 cryptography
Mehrdad Jingoism
 
Quick Reference Guide: Server Hosting
Quick Reference Guide: Server HostingQuick Reference Guide: Server Hosting
Quick Reference Guide: Server Hosting
webhostingguy
 
Os Nightingale
Os NightingaleOs Nightingale
Os Nightingale
oscon2007
 

Semelhante a Virtualization security (20)

Otology learning
Otology learningOtology learning
Otology learning
 
Telecom service futures driven by customer need
Telecom service futures driven by customer needTelecom service futures driven by customer need
Telecom service futures driven by customer need
 
Analysis of Regional Phishing Attack
Analysis of Regional Phishing AttackAnalysis of Regional Phishing Attack
Analysis of Regional Phishing Attack
 
Cyber Security in a Fully Mobile World
Cyber Security in a Fully Mobile WorldCyber Security in a Fully Mobile World
Cyber Security in a Fully Mobile World
 
Congresso Crimes Eletrônicos, 08/03/2009 - Apresentação Ghassan Dreibi
Congresso Crimes Eletrônicos, 08/03/2009 - Apresentação Ghassan DreibiCongresso Crimes Eletrônicos, 08/03/2009 - Apresentação Ghassan Dreibi
Congresso Crimes Eletrônicos, 08/03/2009 - Apresentação Ghassan Dreibi
 
Web Development for Managers
Web Development for ManagersWeb Development for Managers
Web Development for Managers
 
Vyprvpn review
Vyprvpn reviewVyprvpn review
Vyprvpn review
 
Ceh v8 labs module 11 session hijacking
Ceh v8 labs module 11 session hijackingCeh v8 labs module 11 session hijacking
Ceh v8 labs module 11 session hijacking
 
Hacking web applications CEHv8 module 13
Hacking web applications CEHv8 module 13Hacking web applications CEHv8 module 13
Hacking web applications CEHv8 module 13
 
Innovation in the platform world
Innovation in the platform worldInnovation in the platform world
Innovation in the platform world
 
Small data big impact
Small data big impactSmall data big impact
Small data big impact
 
World Hosting Days - More than just a control panel - reveal the power of Web...
World Hosting Days - More than just a control panel - reveal the power of Web...World Hosting Days - More than just a control panel - reveal the power of Web...
World Hosting Days - More than just a control panel - reveal the power of Web...
 
WHD.usa - Plesk - more than just a control panel - reveal the power of web op...
WHD.usa - Plesk - more than just a control panel - reveal the power of web op...WHD.usa - Plesk - more than just a control panel - reveal the power of web op...
WHD.usa - Plesk - more than just a control panel - reveal the power of web op...
 
CYBER DEFENCE SCENARIOS - Part 2: Building The Blue Team
CYBER DEFENCE SCENARIOS - Part 2: Building The Blue TeamCYBER DEFENCE SCENARIOS - Part 2: Building The Blue Team
CYBER DEFENCE SCENARIOS - Part 2: Building The Blue Team
 
Internet of Things - Introduction
Internet of Things - IntroductionInternet of Things - Introduction
Internet of Things - Introduction
 
Ceh v8 labs module 19 cryptography
Ceh v8 labs module 19 cryptographyCeh v8 labs module 19 cryptography
Ceh v8 labs module 19 cryptography
 
Web Content Management - Introduction
Web Content Management - IntroductionWeb Content Management - Introduction
Web Content Management - Introduction
 
Fullscreen Digital - Retail business optimization solutions
Fullscreen Digital - Retail business optimization solutionsFullscreen Digital - Retail business optimization solutions
Fullscreen Digital - Retail business optimization solutions
 
Quick Reference Guide: Server Hosting
Quick Reference Guide: Server HostingQuick Reference Guide: Server Hosting
Quick Reference Guide: Server Hosting
 
Os Nightingale
Os NightingaleOs Nightingale
Os Nightingale
 

Mais de n|u - The Open Security Community

Mais de n|u - The Open Security Community (20)

Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)
 
Osint primer
Osint primerOsint primer
Osint primer
 
SSRF exploit the trust relationship
SSRF exploit the trust relationshipSSRF exploit the trust relationship
SSRF exploit the trust relationship
 
Nmap basics
Nmap basicsNmap basics
Nmap basics
 
Metasploit primary
Metasploit primaryMetasploit primary
Metasploit primary
 
Api security-testing
Api security-testingApi security-testing
Api security-testing
 
Introduction to TLS 1.3
Introduction to TLS 1.3Introduction to TLS 1.3
Introduction to TLS 1.3
 
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
 
Talking About SSRF,CRLF
Talking About SSRF,CRLFTalking About SSRF,CRLF
Talking About SSRF,CRLF
 
Building active directory lab for red teaming
Building active directory lab for red teamingBuilding active directory lab for red teaming
Building active directory lab for red teaming
 
Owning a company through their logs
Owning a company through their logsOwning a company through their logs
Owning a company through their logs
 
Introduction to shodan
Introduction to shodanIntroduction to shodan
Introduction to shodan
 
Cloud security
Cloud security Cloud security
Cloud security
 
Detecting persistence in windows
Detecting persistence in windowsDetecting persistence in windows
Detecting persistence in windows
 
Frida - Objection Tool Usage
Frida - Objection Tool UsageFrida - Objection Tool Usage
Frida - Objection Tool Usage
 
OSQuery - Monitoring System Process
OSQuery - Monitoring System ProcessOSQuery - Monitoring System Process
OSQuery - Monitoring System Process
 
DevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -SecurityDevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -Security
 
Extensible markup language attacks
Extensible markup language attacksExtensible markup language attacks
Extensible markup language attacks
 
Linux for hackers
Linux for hackersLinux for hackers
Linux for hackers
 
Android Pentesting
Android PentestingAndroid Pentesting
Android Pentesting
 

Último

Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
ZurliaSoop
 

Último (20)

Python Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxPython Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docx
 
Food safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdfFood safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdf
 
Towards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptxTowards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptx
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
 
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
 
This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The Basics
 
How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17
 
Fostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the ClassroomFostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the Classroom
 
Micro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfMicro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdf
 
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
 
Spatium Project Simulation student brief
Spatium Project Simulation student briefSpatium Project Simulation student brief
Spatium Project Simulation student brief
 
How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptx
 
Understanding Accommodations and Modifications
Understanding Accommodations and ModificationsUnderstanding Accommodations and Modifications
Understanding Accommodations and Modifications
 
FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024
 
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
 
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
 

Virtualization security

  • 1. Virtualizati on -By Ma ng e s h Gunj a l
  • 2. Topics to be Covered:  Vir t ua l iz at io n  Vir t ua l Ma c hine Mo nit o r  T y p es o f Vir t ua l iz at io n  Why Vir t ua l iz at io n..?  Vir t ua l iz at io n Ap p l ic at io n Ar e a s  Vir t ua l iz at io n Ris k s  Vir t ua l iz at io n Se c ur it y  VM Sp r awl  Mis c e l l a ne o us
  • 3. Virtualization - Mul t ip l e Op e r a t ing Sy s t e ms o n a Sing l e Phy s ic a l Sy s t e m - Mul t ip lt e Ex e c utrio y ing Ha r d wa r e Sha r e he Und e l - n Re s o ur c e s . Env ir o nme nt s , - Ha r d wa r e a nd So f t wa r e Pa r t it io ning , - T ime -Sha r ing , - Pa r t ia l o r Co mp l e t e Ma c hine Simul a t io n/ - Se p a r a tio n o f a Re s o ur c e Emul a t io n o r Re q ue s t f o r a s e r v ic e .
  • 4. S o u r c e : Vir t ua l iz a t io n Ov e r v ie w whit e p a p e r , By
  • 5. - Vir t ua l Ma c hine Mo nit o r ( VMM) - Emul a t io n o r s imul a t io n - Vir t ua l Ma c hine s - I s o l a t e d Env ir o nme nt
  • 6. S o u r c e : Vir t ua l iz a t io n Ov e r v ie w whit e p a p e r , By
  • 7. Para Virtualization S o u r c e : Vir t ua l iz a t io n Ov e r v ie w whit e p a p e r , By
  • 8. Why Virtualization..?  Se r v e r Co ns o l id at io n.  Leg a c y Ap p l ic at io ns.  Sa nd b o x .  Ex e c ut io n o f Mul t ip l e Op e r at ing Sy s t e ms.  Simul at io n o f Ha r d wa r e a nd Ne t wo r k ing Dev ic es.  Po we r f ul De bugging a nd Pe r f o r ma nc e Mo nit o r ing  Fa ul t a nd Er r o r Co nt a inme nt  Ap p l ic at io n a nd Sy s t e m Mo b il it y  Sha r e d Me mo r y Mul t ip r o c ess o r s  Bus iness Co nt inuit y
  • 9. S o u r c e : Vir t ua l iz a t io n Ov e r v ie w whit e p a p e r , By
  • 10. I n f r a s t r u c t u r e is wha t c o nne c t s r e s o ur c e s t o y o ur b us ine s s . V ir t u a l I n f r a s t r u c t u r e is a d y na mic ma p p ing o f y o ur r e s o ur c e s t o y o ur b us ine s s . S o u r c e : Vir t ua l iz a t io n Ov e r v ie w R e s u l t : d e c r e a s e d c o s t s a nd whit e p a p e r , By
  • 11. Virtualization Application Areas Des k t o p Vir t ua l iz at io n Ap p l ic at io n Vir t ua l iz at io n
  • 12. Virtualization Application Areas Se r v e r Vir t ua l iz a t io n St o r a g e Vir t ua l iz a t io n I nf r a s t r uc t ur e Vir t ua l iz at io n Ne t wo r k Vir t ua l iz a t io n
  • 13. Virtualization Risks - I ne x p e r ie nc e I nv o l v e d . - I nc r e a s e d Cha nne l s f o r At t a c k . - Cha ng e Ma na g e me nt Co nt r o l . - I T Ass e t T r a c k ing a nd Ma na g e me nt . - Se c ur ing Do r ma nt Vir t ua l Ma c hines. - Sha r ing Dat a b e t we e n Vir t ua l Ma c hines.
  • 14. Exploitation on Virtualization - Malicious Code Activities through Detection of VM. - Denial of Service on the Virtual Machine. - Virtual Machine Escape
  • 15. Historical Incident - VMware Multiple Denial Of Service Vulnerabilities Some VMware products support storing configuration information in VMDB files. Under some circumstances, a malicious user could instruct the virtual machine process (VMX) to store malformed data, causing an error. This error could enable a successful Denial-of- Service attack on guest operating systems. Link:
  • 16. Virtualization Security  Hy p e r v is o r Se c ur it y  Ho s t / Pl at f o r m Se c ur it y  Se c ur ing Co mmunic at io ns  Se c ur it y b e t we e n Gues t s  Se c ur it y b e t we e n Ho s t s a nd Gues t s  Vir t ua l iz e d I nf r a s t r uc t ur e Se c ur it y  Vir t ua l Ma c hine Sp r awl
  • 17. Hardening Steps to Secure Virtualisation Environment - Server Service Console - Restriction to Internal Trusted Network - Block all the incoming and outgoing traffic except for necessary ports. - Monitor the integrity and modification of the configuration files - Limit ssh based client communication to a discrete group of ip addresses - Create separate partitions for /home, /tmp, and /var/log
  • 18. Hardening Steps to Secure Virtualisation Environment - Virtual Network Layer - Network breach by user error or omission. - MAC Address spoofing (MAC address changes) - MAC Address spoofing (Forged transmissions)
  • 19. Hardening Steps to Secure Virtualisation Environment - Virtual Machine - Apply standard infrastructure security measures into virtual infrastructure - Set the resource reservation and limits for each virtual machine
  • 20. Virtual Machine Sprawl  Unc he c k e d c r e at io n o f ne w Vir t ua l Ma c hines ( Vms )  T he VMs t hat a r e c r e at e d f o r a s ho r t -t e r m p r o j e c t a r e s t il l us ing CPU, RAM a nd ne t wo r k r es o ur c es, a nd t hey c o ns ume s t o r a g e ev e n if t hey a r e powe r e d of f .  VM s p r awl c o ul d l e a d t o a c o mp ut ing e nv ir o nme nt r unning o ut o f r es o ur c es at a muc h q uic k e r -t ha n-e x p e c t e d r at e , a nd it c o ul d s k e w wid e r c a p a c it y - p l a nning e x e r c is es.
  • 21. Miscellaneous  Ka s p e r s ky La b ha s int r o d uc e d Ka s p e r s ky Se c ur it y f o r Vir t ua l iz at io n, a v ir t ua l s e c ur it y a p p l ia nc e t hat int egr at es wit h VMwa r e v Shie l d End po int t o p r ov id e a g e nt l ess, a nt i ma l wa r e s e c ur it y.  VMwa r e So ur c e Co d e Le a k Rev e a l s Vir t ua l iz at io n Se c ur it y Co nc e r ns.  Sy ma nt e c ha s it s own wid e r a ng e o f t o o l s f o r Vir t ua l iz at io n Se c ur it y : − Sy ma nt e c Cr it ic a l Sy s t e m Pr ot e c t io n − Sy ma nt e c Dat a Lo ss Pr ev e nt io n − Sy ma nt e c Co nt r o l Co mp l ia nc e Suit e − Sy ma nt e c Se c ur it y I nf o r mat io n Ma na g e r
  • 22. References - VMware.com - Microsoft.com - SANS.org - Gartner.com - Trendmicro.com - Symantec.com