Trusted Computing

[awk]

"…Where existing tools largely fall short however is in their ability to monitor the whole enterprise, integrate with other tools and to keep track of and detect VMs to limit their spread. Detection tools are required to scan VMs and detect any vulnerabilities or malicious code. Again with reference to some of the newer Hyperjacking type attacks control of inter-virtual data needs to be monitored, with suspicious traffic reported and/or escalated. Communications between virtual components therefore need to be safeguarded with built-in encryption, digital signatures and hardware based root certificates provided by technologies such as the Trusted Computing initiative TPM (Trusted Platform Module) offering built in security, tamper detection and exploit prevention…"



Virtualization brings new security challenges

By David Frith, senior consultant, Siemens Enterprise Communications Limited

http://www.continuitycentral.com/feature0533.htm

Why virtualization matters
Although virtualization is not a new concept its present implementations are changing the face of corporate IT, through the reduction of the number of physical servers, the consolidation of rack space and the cutting of energy costs.

Virtualization allows the Virtual Machines (or VMs) running the applications to be divorced from their physical environment. A VM provides an isolated ‘sandbox’ for running applications, with Hypervisor processes managing multiple VM’s on each physical machine. This separation of functionality from physical location allows superior management and a pooling of resources with the ability to meet workload on demand. Virtualization technology is not just applicable to server applications within a data centre it applies across the enterprise be it within storage, security, the network or at the desktop.

The characteristics of virtualization
The use of virtualization technologies however causes the complexity of computing environments to mushroom and as we all know additional complexity breeds insecurity. Such obfuscation being an issue for both management and monitoring. With recent virtualization technologies evolving from mainframe origins to the standard server and desktop market its widespread application is still relatively new. Full security analysis of many of the vendor offerings reveals large areas of unexplored code in which could lurk potential flaws, this is an ‘known unknown’ since the lack of live deployments until recently has resulted in little testing.

One of the great benefits of virtualization as mentioned is the pooling of resources with the ability to re-deploy VM’s ‘on the fly’. It is easy to create ‘Gold’ master VM images and replicate these as needed to increase computing resources. VM’s can be deployed instantly and shuffled around the infrastructure in a similar way as transferring files, however managing change and introducing security into this mix becomes incredibly complex.

New attacks
Attacks on virtualised systems have so far been few and far between mainly due to only recent adoption, however the number of installed systems is set to double by 2012 and proof of concept attacks are already in existence. Attacks on virtual systems can come from an extension of older forms of attack such as Denial of Service (DoS), buffer overflows, spyware, rootkits and/or Trojans – all prone to lurk beneath guest operating systems.

Additionally new specific attacks include those from worms, guest hopping, Hypervisor malware and Hyperjacking all involving the Hypervisor itself being exploited and used to subvert each VM it controls. As the volume of virtualised software increases more exploits will be written and they in turn will become increasingly insidious (potentially compromising several VM systems at once).

Existing security
In the recent rush to deploy virtualization technologies, cost and mobility have been the top priorities and many other implications (such as security, integration, management etc.) have still to be worked out. Existing security technologies typically revolve around static and IP based controls (be they firewalls, IDS’s, VLAN’s etc.) however with the erosion of technology tied to a particular location, the tracking of IP or static based identifiers is no longer sufficient, indeed most network and admission control technologies are not virtualization aware. Additionally IT audit and compliance processes are now far more complex undertakings, what happens with offline or dormant VMs? Obviously these still need to be patched and reviewed on a timely basis, but how - if you can’t keep track of VMs and the applications within them? It is clear that the even with including standard best practices such as enhanced change management, separation of duties and administration controls conventional security measures fall far short.

The security requirements
With potential attacks first compromising one VM and then spreading to others, each needs to be protected with secure policies configured and adapted as needed. Here existing vendor tools can be used in the partitioning, isolating and segmenting of each VM with resource management controls to allocate, schedule, monitor and cap resources as required. Such tools can ensure that the VMs that require like levels of security are grouped together and that controls are in place to stop any unauthorised replication.

Where existing tools largely fall short however is in their ability to monitor the whole enterprise, integrate with other tools and to keep track of and detect VMs to limit their spread. Detection tools are required to scan VMs and detect any vulnerabilities or malicious code. Again with reference to some of the newer Hyperjacking type attacks control of inter-virtual data needs to be monitored, with suspicious traffic reported and/or escalated. Communications between virtual components therefore need to be safeguarded with built-in encryption, digital signatures and hardware based root certificates provided by technologies such as the Trusted Computing initiative TPM (Trusted Platform Module) offering built in security, tamper detection and exploit prevention.

Management tools are required to provision VMs as necessary together with their associated security settings, such tools also need to map interdependencies and data flows ensuring that with all the complexity administrators do not lose an understanding of their environment.

With VMs being deployed and re-deployed, patching tools are also required. The need to introduce timely patches is ever more critical to reduce attack surfaces and ensure best-practice compliance. However because of the resulting downtimes or infrastructure complications many applications are difficult to patch in a timely way, therefore new technologies such as inline patch proxying and application correction (modifying data in midstream) have been developed to help mitigate such issues.

In essence the old adage of combined layers of complementary countermeasures applies, protecting the physical devices, the Hypervisors and the Virtual Machines (VMs). It is just that these defences need to be provided dynamically with security policies and settings following and surrounding each newly mobile VM.

Conclusion
The complexity and dynamic nature of virtualised environments means that new threats and vulnerabilities have appeared and will increasingly manifest themselves. Because traditional security practices only go so far new architectural models, design practices and security tools are required. The existing tools however are generally immature and not yet certified, while such vendors and their tools need to evolve, the market also needs to educate itself, raising awareness of potential issues, new vulnerabilities, evolving threats and where necessary pressuring the vendors to enhance their security offerings.

Siemens Enterprise Communications Limited is exhibiting at Infosecurity Europe 2008. Now in its 13th year, the show continues to provide an education programme, new products and services and over 300 exhibitors. Held on the 22nd – 24th April 2008 in the Grand Hall, Olympia, this is a must attend event for all professionals involved in information security. http://www.infosec.co.uk