BTech, MTech, PhD (Submitted) Mentor-IT CTIS, Bhubaneswar 1/10/2020 S C Nayak, CTIS 1 Primary Risk in Virtualization • Monitoring of attacks and unusual events are more complex due to additional layer that is hypervisor. (H/W-Hypervisor-OS) • No guarantee due to dynamic nature of Virtual environment. (Virtual Sprawl-: Due to dynamically change of virtual environment, there is chance of lose of track of online and offline applications, this phenomenon is called as virtual sprawl) • Moving of workload from one VM to another as per the requirements. (i.e workload from high level security VM to low level security VM). 1/10/2020 S C Nayak, CTIS 2 Issues Following security threats resulting from virtualization properties: •Untrusted Components and Hypervisor trusts model: OS trust H/w, OS trusts virtual H/W and Hypervisor, so authenticity of hypervisor is required. • Transparent virtualization: Denotes a hypervisor is undetectable and is automatically trusted.(i.e Hypervisor can alter any data inside VM, creates problems.) • Hypervisor Insertion: Different methods are used to insert hypervisor in OS and to move the OS from PM to VM. 1/10/2020 S C Nayak, CTIS 3 Issues •Introspection & intervention by hypervisor: (Introspection: A technique for monitoring the runtime state of a system-level virtual machine (VM), protecting a security application from attack by malicious software) VM scaling & cloning: Clone VM is identical to the original so may cause name and address collisions on network. • Monotonicity issues due to nonlinear VM operation: Create issues for data in configuration, logging & monitoring 1/10/2020 S C Nayak, CTIS 4 Issues •S/w decoupling from physical & h/w environment: Unable to locate the physical location of VM that creates problem for management and administration. • Weak Implementation: (Two Issues) Transparency breaches (Failure in s/w, All files should be properly installed) Resource Control breaches: Major issue in information security (There two types of information leakage, into VM and out of VM) 1/10/2020 S C Nayak, CTIS 5 Thank You
1/10/2020 S C Nayak, CTIS 6
Virtual Threats •DOS is a normal attack. Except DoS different vulnerabilities are in VE Shared clipboard: Shared clipboard is used to data transfer among VMs and Host machine. Keystroke Logging: VM monitoring from the Host: VM monitoring from another VM:Virtual hub or switch is used so ARP technique is used by hacking. VM Backdoors: The backdoor is a channel of communication between the client and the hypervisor. It allows guests to enjoy the hyper-calls on the hypervisor. 1/10/2020 S C Nayak, CTIS 7 Five Laws of Virtualization Security •Burton Group proposed 5 laws to take security decision All existing OS level attacks work in the exact same way. The hypervisor attack surface is additive to a system’s risk profile. VM monitoring from the Host: Separating functionality and / or content into VM will reduce risk. Aggregating functions and resources into a physical platform will increase risk. 1/10/2020 S C Nayak, CTIS 8 Five Laws of Virtualization Security •Burton Group proposed 5 laws to take security decision Trusted VM over untrusted host has higher risk.
1/10/2020 S C Nayak, CTIS 9
Virtual Machine Threat Levels Classified into 3 levels • Abnormally Terminated • Partially Compromised: Corrupting checkpoints or over allocating resources • Totally Compromised: VM is completely overtaken and directed to execute unauthorized commands on its host.
1/10/2020 S C Nayak, CTIS 10
Hypervisor Security • The programs run on desktop and server are secured. • But the program controls the hypervisor need to be secured • It is important to secure virtualization management system to be secured, coz it provides authentication to the user to access functionalities. • Currently pass word protection is only one way for hypervisor, other mechanism is required. 1/10/2020 S C Nayak, CTIS 11 Hypervisor Security • Various ways are used to manage hypervisor. • Manage through multiple methods: local and remotely access of hypervisor interface. • Enable and disable of capabilities of remote administration. • If enabled must be the interface should be restricted through firewall. • Hypervisor management communication should be protected. • A dedicated management communication network must be there. 1/10/2020 S C Nayak, CTIS 12 Hypervisor Security • Communication in untrusted line should be encrypted. • Limited access to the hypervisor is necessary. • Major vulnerabilities in the hypervisor are Rogue hypervisor rootkits External modification to hypervisor VM escape
1/10/2020 S C Nayak, CTIS 13
Rogue hypervisor rootkits • Guest OS runs like traditional OS and manages all in the VM and host machine. • Rootkit has nice grip in hypervisor in hacker community. • It can hide VM from malware detection system by initiating rouge hypervisor. • Create a cover channel to get rid of unauthorized code into the system. • Hypervisor Rootkit can insert into RAM, downgrade the host OS and make itself invisible. 1/10/2020 S C Nayak, CTIS 14 Rogue hypervisor rootkits • It is undetectable. • Creates serious vulnerability: It restricts malware detection, discover and remove mechanism. • For intrusion detection and correction malware code detection is important. • Some malware remains inactive and hidden till it can penetrate the physical host, then executes its payload. 1/10/2020 S C Nayak, CTIS 15 External Modification of the Hypervisor • In addition to the rootkit, a poorly protected hypervisor can create an attack vector. • A self protected VM allows direct modification of its hypervisor by external source. • This is not acceptable for the hypervisor in the regular process.
1/10/2020 S C Nayak, CTIS 16
VM Escape • An improperly configured VM can allow code to completely bypass the virtual environment and get full kernel access of physical host. • It is a failure of security mechanism of the system called VM escape. • It helps attacker to execute arbitrary on VMs by escaping hypervisor.
1/10/2020 S C Nayak, CTIS 17
Different types of Security recommendations for Hypervisor • All updates should be installed to the hypervisor (install updates, patch management solutions, etc). • Hypervisor should check updates automatically and install them if found. • Limit administration access to the management interface of hypervisor (dedicated management channel and must be protected, encrypted and authenticated). • Virtualized infrastructure should be synchronized. 1/10/2020 S C Nayak, CTIS 18 Different types of Security recommendations for Hypervisor • Unused physical hardware should be disconnected from host. • Enable hypervisor services if their are needed. • Security of guest OS should be monitored, if it is compromised, hypervisor security service should be allowed to monitor. • Monitor of activities among the guest OS. • Monitor the hypervisor for finding out the clues 1/10/2020 of compromise. S C Nayak, CTIS 19 Host/Platform Security • Different configuration options are used for host platform that connects the VMM and virtual guests to physical network depending upon system architecture. • In the network firewalls are used, but not sufficient to protects all paths to host machine. • So host/platform security can be obtained by placing protection or adjusting or maintaining different resources. 1/10/2020 S C Nayak, CTIS 20 Host/Platform Security There are two major security approach: Bastion Host OS hardening • Bastion Host: It is special purpose computer which is deployed on a public network designed to screen the network security. • OS Hardening: Harden to compromise, OS should be properly configured, update, remove of unwanted applications and services. 1/10/2020 S C Nayak, CTIS 21 Host/Platform Security • To increase security in host OS, the applications running on host OS should be minimized than hypervisor. • As guest OS runs under host OS, the security of host OS depends upon the guest OS. So a tight access control is required to protect host OS.
1/10/2020 S C Nayak, CTIS 22
Securing Communications • It is important to secure the communication from data leakage and attacks. • Mainly host system uses two security protocols: IPSec (IP security) and SSL (secure socket layer) • Rather than this virtualization provides some model such as accessing host hardware.
1/10/2020 S C Nayak, CTIS 23
Securing Communications
1/10/2020 S C Nayak, CTIS 24
Recommendations for Secure Communications • Guest OS should not have network management access, it may have network access. • Guest OS should be protected by firewall. • Security activities in guest OS must be monitored. • If two guest OS are not communicating each other, then each should run on a separate local area network. 1/10/2020 S C Nayak, CTIS 25 Guest Instances Security Different security recommendations are: • Properly install all updates of guest OS. • Log management, time synchronization, remote access and authentication features must be enable in guest OS. • Maintaining of back drive for guest OS should be in regular. • Disconnection of unused virtual hardware. • Separate authentication solution for each guest OS. • Make sure the guest OS must be associated with correct physical devices on host system. 1/10/2020 S C Nayak, CTIS 26 Security Between Host & Guest • One of the major challenges in communication between hosts and guests is VM escape. • In VM escape the malicious code could break out of the guest VM and execute on the host. • It helps attackers to access the host OS all other VMs. • The best protecting mode is to disable services that are no longer required. 1/10/2020 S C Nayak, CTIS 27 Security Between Host & Guest • A separate network is necessary for host OS to access guest VM. • So each guest VM should have two network adapter. • One adapter known as NAT (network address translation) is for guest VM to access outbound network. • Another is known as host only adapter used for the host OS to access each guest VM. 1/10/2020 S C Nayak, CTIS 28 Thank You