SlideShare ist ein Scribd-Unternehmen logo

Virtualization security

Als PPT, PDF herunterladen
n|u - The Open Security Community
n|u - The Open Security Community

null Pune May 2012 Meet

BildungTechnologie
1 von 23
Virtualizati on -By Ma ng e s h Gunj a l
Topics to be Covered:  Vir t ua l iz at io n  Vir t ua l Ma c hine Mo nit o r  T y p es o f Vir t ua l iz at io n  Why Vir t ua l iz at io n..?  Vir t ua l iz at io n Ap p l ic at io n Ar e a s  Vir t ua l iz at io n Ris k s  Vir t ua l iz at io n Se c ur it y  VM Sp r awl  Mis c e l l a ne o us
Virtualization - Mul t ip l e Op e r a t ing Sy s t e ms o n a Sing l e Phy s ic a l Sy s t e m - Mul t ip lt e Ex e c utrio y ing Ha r d wa r e Sha r e he Und e l - n Re s o ur c e s . Env ir o nme nt s , - Ha r d wa r e a nd So f t wa r e Pa r t it io ning , - T ime -Sha r ing , - Pa r t ia l o r Co mp l e t e Ma c hine Simul a t io n/ - Se p a r a tio n o f a Re s o ur c e Emul a t io n o r Re q ue s t f o r a s e r v ic e .
S o u r c e : Vir t ua l iz a t io n Ov e r v ie w whit e p a p e r , By
- Vir t ua l Ma c hine Mo nit o r ( VMM) - Emul a t io n o r s imul a t io n - Vir t ua l Ma c hine s - I s o l a t e d Env ir o nme nt
S o u r c e : Vir t ua l iz a t io n Ov e r v ie w whit e p a p e r , By
Para Virtualization S o u r c e : Vir t ua l iz a t io n Ov e r v ie w whit e p a p e r , By
Why Virtualization..?  Se r v e r Co ns o l id at io n.  Leg a c y Ap p l ic at io ns.  Sa nd b o x .  Ex e c ut io n o f Mul t ip l e Op e r at ing Sy s t e ms.  Simul at io n o f Ha r d wa r e a nd Ne t wo r k ing Dev ic es.  Po we r f ul De bugging a nd Pe r f o r ma nc e Mo nit o r ing  Fa ul t a nd Er r o r Co nt a inme nt  Ap p l ic at io n a nd Sy s t e m Mo b il it y  Sha r e d Me mo r y Mul t ip r o c ess o r s  Bus iness Co nt inuit y
S o u r c e : Vir t ua l iz a t io n Ov e r v ie w whit e p a p e r , By
I n f r a s t r u c t u r e is wha t c o nne c t s r e s o ur c e s t o y o ur b us ine s s . V ir t u a l I n f r a s t r u c t u r e is a d y na mic ma p p ing o f y o ur r e s o ur c e s t o y o ur b us ine s s . S o u r c e : Vir t ua l iz a t io n Ov e r v ie w R e s u l t : d e c r e a s e d c o s t s a nd whit e p a p e r , By
Virtualization Application Areas Des k t o p Vir t ua l iz at io n Ap p l ic at io n Vir t ua l iz at io n
Virtualization Application Areas Se r v e r Vir t ua l iz a t io n St o r a g e Vir t ua l iz a t io n I nf r a s t r uc t ur e Vir t ua l iz at io n Ne t wo r k Vir t ua l iz a t io n
Virtualization Risks - I ne x p e r ie nc e I nv o l v e d . - I nc r e a s e d Cha nne l s f o r At t a c k . - Cha ng e Ma na g e me nt Co nt r o l . - I T Ass e t T r a c k ing a nd Ma na g e me nt . - Se c ur ing Do r ma nt Vir t ua l Ma c hines. - Sha r ing Dat a b e t we e n Vir t ua l Ma c hines.
Exploitation on Virtualization - Malicious Code Activities through Detection of VM. - Denial of Service on the Virtual Machine. - Virtual Machine Escape
Historical Incident - VMware Multiple Denial Of Service Vulnerabilities Some VMware products support storing configuration information in VMDB files. Under some circumstances, a malicious user could instruct the virtual machine process (VMX) to store malformed data, causing an error. This error could enable a successful Denial-of- Service attack on guest operating systems. Link:
Virtualization Security  Hy p e r v is o r Se c ur it y  Ho s t / Pl at f o r m Se c ur it y  Se c ur ing Co mmunic at io ns  Se c ur it y b e t we e n Gues t s  Se c ur it y b e t we e n Ho s t s a nd Gues t s  Vir t ua l iz e d I nf r a s t r uc t ur e Se c ur it y  Vir t ua l Ma c hine Sp r awl
Hardening Steps to Secure Virtualisation Environment - Server Service Console - Restriction to Internal Trusted Network - Block all the incoming and outgoing traffic except for necessary ports. - Monitor the integrity and modification of the configuration files - Limit ssh based client communication to a discrete group of ip addresses - Create separate partitions for /home, /tmp, and /var/log
Hardening Steps to Secure Virtualisation Environment - Virtual Network Layer - Network breach by user error or omission. - MAC Address spoofing (MAC address changes) - MAC Address spoofing (Forged transmissions)
Hardening Steps to Secure Virtualisation Environment - Virtual Machine - Apply standard infrastructure security measures into virtual infrastructure - Set the resource reservation and limits for each virtual machine
Virtual Machine Sprawl  Unc he c k e d c r e at io n o f ne w Vir t ua l Ma c hines ( Vms )  T he VMs t hat a r e c r e at e d f o r a s ho r t -t e r m p r o j e c t a r e s t il l us ing CPU, RAM a nd ne t wo r k r es o ur c es, a nd t hey c o ns ume s t o r a g e ev e n if t hey a r e powe r e d of f .  VM s p r awl c o ul d l e a d t o a c o mp ut ing e nv ir o nme nt r unning o ut o f r es o ur c es at a muc h q uic k e r -t ha n-e x p e c t e d r at e , a nd it c o ul d s k e w wid e r c a p a c it y - p l a nning e x e r c is es.
Miscellaneous  Ka s p e r s ky La b ha s int r o d uc e d Ka s p e r s ky Se c ur it y f o r Vir t ua l iz at io n, a v ir t ua l s e c ur it y a p p l ia nc e t hat int egr at es wit h VMwa r e v Shie l d End po int t o p r ov id e a g e nt l ess, a nt i ma l wa r e s e c ur it y.  VMwa r e So ur c e Co d e Le a k Rev e a l s Vir t ua l iz at io n Se c ur it y Co nc e r ns.  Sy ma nt e c ha s it s own wid e r a ng e o f t o o l s f o r Vir t ua l iz at io n Se c ur it y : − Sy ma nt e c Cr it ic a l Sy s t e m Pr ot e c t io n − Sy ma nt e c Dat a Lo ss Pr ev e nt io n − Sy ma nt e c Co nt r o l Co mp l ia nc e Suit e − Sy ma nt e c Se c ur it y I nf o r mat io n Ma na g e r
References - VMware.com - Microsoft.com - SANS.org - Gartner.com - Trendmicro.com - Symantec.com
Thank You

Empfohlen

AWS for Backup and Recovery
AWS for Backup and RecoveryAWS for Backup and Recovery
AWS for Backup and Recovery
Amazon Web Services
 
How to backup, restore and archive your data on AWS
How to backup, restore and archive your data on AWSHow to backup, restore and archive your data on AWS
How to backup, restore and archive your data on AWS
Amazon Web Services
 
Welcome to the AWS Cloud
Welcome to the AWS CloudWelcome to the AWS Cloud
Welcome to the AWS Cloud
Amazon Web Services
 
AWS Enterprise Day | Journey to the AWS Cloud
AWS Enterprise Day | Journey to the AWS CloudAWS Enterprise Day | Journey to the AWS Cloud
AWS Enterprise Day | Journey to the AWS Cloud
Amazon Web Services
 
Privacy issues in the cloud
Privacy issues in the cloudPrivacy issues in the cloud
Privacy issues in the cloud
Constantine Karbaliotis
 
Executing a Large-Scale Migration to AWS
Executing a Large-Scale Migration to AWSExecuting a Large-Scale Migration to AWS
Executing a Large-Scale Migration to AWS
Amazon Web Services
 
Azure Security Fundamentals
Azure Security FundamentalsAzure Security Fundamentals
Azure Security Fundamentals
Lorenzo Barbieri
 
Backup and archiving in the aws cloud
Backup and archiving in the aws cloudBackup and archiving in the aws cloud
Backup and archiving in the aws cloud
Amazon Web Services
 

Empfohlen

AWS for Backup and Recovery
AWS for Backup and RecoveryAWS for Backup and Recovery
AWS for Backup and Recovery
Amazon Web Services
 
How to backup, restore and archive your data on AWS
How to backup, restore and archive your data on AWSHow to backup, restore and archive your data on AWS
How to backup, restore and archive your data on AWS
Amazon Web Services
 
Welcome to the AWS Cloud
Welcome to the AWS CloudWelcome to the AWS Cloud
Welcome to the AWS Cloud
Amazon Web Services
 
AWS Enterprise Day | Journey to the AWS Cloud
AWS Enterprise Day | Journey to the AWS CloudAWS Enterprise Day | Journey to the AWS Cloud
AWS Enterprise Day | Journey to the AWS Cloud
Amazon Web Services
 
Privacy issues in the cloud
Privacy issues in the cloudPrivacy issues in the cloud
Privacy issues in the cloud
Constantine Karbaliotis
 
Executing a Large-Scale Migration to AWS
Executing a Large-Scale Migration to AWSExecuting a Large-Scale Migration to AWS
Executing a Large-Scale Migration to AWS
Amazon Web Services
 
Azure Security Fundamentals
Azure Security FundamentalsAzure Security Fundamentals
Azure Security Fundamentals
Lorenzo Barbieri
 
Backup and archiving in the aws cloud
Backup and archiving in the aws cloudBackup and archiving in the aws cloud
Backup and archiving in the aws cloud
Amazon Web Services
 
Azure Hub spoke v1.0
Azure Hub spoke v1.0Azure Hub spoke v1.0
Azure Hub spoke v1.0
Sayed Ashraf Kazi
 
Amazon Virtual Private Cloud
Amazon Virtual Private CloudAmazon Virtual Private Cloud
Amazon Virtual Private Cloud
Amazon Web Services
 
Amazon Web Services - Elastic Beanstalk
Amazon Web Services - Elastic BeanstalkAmazon Web Services - Elastic Beanstalk
Amazon Web Services - Elastic Beanstalk
Amazon Web Services
 
AWS Multi-Account Architecture and Best Practices
AWS Multi-Account Architecture and Best PracticesAWS Multi-Account Architecture and Best Practices
AWS Multi-Account Architecture and Best Practices
Amazon Web Services
 
AWS Media and Entertainment - Broadcast and OTT Workloads - Toronto
AWS Media and Entertainment - Broadcast and OTT Workloads - TorontoAWS Media and Entertainment - Broadcast and OTT Workloads - Toronto
AWS Media and Entertainment - Broadcast and OTT Workloads - Toronto
Amazon Web Services
 
Disaster Recovery Options with AWS
Disaster Recovery Options with AWSDisaster Recovery Options with AWS
Disaster Recovery Options with AWS
Amazon Web Services
 
Cost Optimisation on AWS
Cost Optimisation on AWSCost Optimisation on AWS
Cost Optimisation on AWS
Amazon Web Services
 
Cloud Architecture in the Data Center
Cloud Architecture in the Data CenterCloud Architecture in the Data Center
Cloud Architecture in the Data Center
InterVision Systems
 
VMworld 2014: vCenter Server Architecture and Deployment Deep Dive
VMworld 2014: vCenter Server Architecture and Deployment Deep DiveVMworld 2014: vCenter Server Architecture and Deployment Deep Dive
VMworld 2014: vCenter Server Architecture and Deployment Deep Dive
VMworld
 
Vmware training presentation
Vmware training presentationVmware training presentation
Vmware training presentation
Amit Kapadia
 
Azure security and Compliance
Azure security and ComplianceAzure security and Compliance
Azure security and Compliance
Karina Matos
 
AWS Partner Data Analytics on AWS_Handout.pdf
AWS Partner Data Analytics on AWS_Handout.pdfAWS Partner Data Analytics on AWS_Handout.pdf
AWS Partner Data Analytics on AWS_Handout.pdf
SrinjoySaha12
 
Integrate Amazon WorkDocs with Security & Compliance Solutions & Applications...
Integrate Amazon WorkDocs with Security & Compliance Solutions & Applications...Integrate Amazon WorkDocs with Security & Compliance Solutions & Applications...
Integrate Amazon WorkDocs with Security & Compliance Solutions & Applications...
Amazon Web Services
 
Creating the Cloud Business Case
Creating the Cloud Business CaseCreating the Cloud Business Case
Creating the Cloud Business Case
Amazon Web Services
 
Virtualization 101: Everything You Need To Know To Get Started With VMware
Virtualization 101: Everything You Need To Know To Get Started With VMwareVirtualization 101: Everything You Need To Know To Get Started With VMware
Virtualization 101: Everything You Need To Know To Get Started With VMware
Datapath Consulting
 
5 modern desktop - windows autopilot
5 modern desktop - windows autopilot5 modern desktop - windows autopilot
5 modern desktop - windows autopilot
Andrew Bettany
 
AWS Security Fundamentals
AWS Security FundamentalsAWS Security Fundamentals
AWS Security Fundamentals
Amazon Web Services
 
Modernizing Media Supply Chains with AWS Serverless (API301) - AWS re:Invent ...
Modernizing Media Supply Chains with AWS Serverless (API301) - AWS re:Invent ...Modernizing Media Supply Chains with AWS Serverless (API301) - AWS re:Invent ...
Modernizing Media Supply Chains with AWS Serverless (API301) - AWS re:Invent ...
Amazon Web Services
 
Datacenter migration using vmware
Datacenter migration using vmwareDatacenter migration using vmware
Datacenter migration using vmware
Wilson Erique
 
Amazon EC2 Instance Types.pptx
Amazon EC2 Instance Types.pptxAmazon EC2 Instance Types.pptx
Amazon EC2 Instance Types.pptx
RomitSingh17
 
Otology learning
Otology learningOtology learning
Otology learning
Sasan Dabiri
 
Telecom service futures driven by customer need
Telecom service futures driven by customer needTelecom service futures driven by customer need
Telecom service futures driven by customer need
University of Hertfordshire
 

Weitere ähnliche Inhalte

Was ist angesagt?

AWS Multi-Account Architecture and Best Practices
AWS Multi-Account Architecture and Best PracticesAWS Multi-Account Architecture and Best Practices
AWS Multi-Account Architecture and Best Practices
Amazon Web Services
 
Vmware training presentation
Vmware training presentationVmware training presentation
Vmware training presentation
Amit Kapadia
 

Was ist angesagt? (20)

Azure Hub spoke v1.0
Azure Hub spoke v1.0Azure Hub spoke v1.0
Azure Hub spoke v1.0
 
Amazon Virtual Private Cloud
Amazon Virtual Private CloudAmazon Virtual Private Cloud
Amazon Virtual Private Cloud
 
Amazon Web Services - Elastic Beanstalk
Amazon Web Services - Elastic BeanstalkAmazon Web Services - Elastic Beanstalk
Amazon Web Services - Elastic Beanstalk
 
AWS Multi-Account Architecture and Best Practices
AWS Multi-Account Architecture and Best PracticesAWS Multi-Account Architecture and Best Practices
AWS Multi-Account Architecture and Best Practices
 
AWS Media and Entertainment - Broadcast and OTT Workloads - Toronto
AWS Media and Entertainment - Broadcast and OTT Workloads - TorontoAWS Media and Entertainment - Broadcast and OTT Workloads - Toronto
AWS Media and Entertainment - Broadcast and OTT Workloads - Toronto
 
Disaster Recovery Options with AWS
Disaster Recovery Options with AWSDisaster Recovery Options with AWS
Disaster Recovery Options with AWS
 
Cost Optimisation on AWS
Cost Optimisation on AWSCost Optimisation on AWS
Cost Optimisation on AWS
 
Cloud Architecture in the Data Center
Cloud Architecture in the Data CenterCloud Architecture in the Data Center
Cloud Architecture in the Data Center
 
VMworld 2014: vCenter Server Architecture and Deployment Deep Dive
VMworld 2014: vCenter Server Architecture and Deployment Deep DiveVMworld 2014: vCenter Server Architecture and Deployment Deep Dive
VMworld 2014: vCenter Server Architecture and Deployment Deep Dive
 
Vmware training presentation
Vmware training presentationVmware training presentation
Vmware training presentation
 
Azure security and Compliance
Azure security and ComplianceAzure security and Compliance
Azure security and Compliance
 
AWS Partner Data Analytics on AWS_Handout.pdf
AWS Partner Data Analytics on AWS_Handout.pdfAWS Partner Data Analytics on AWS_Handout.pdf
AWS Partner Data Analytics on AWS_Handout.pdf
 
Integrate Amazon WorkDocs with Security & Compliance Solutions & Applications...
Integrate Amazon WorkDocs with Security & Compliance Solutions & Applications...Integrate Amazon WorkDocs with Security & Compliance Solutions & Applications...
Integrate Amazon WorkDocs with Security & Compliance Solutions & Applications...
 
Creating the Cloud Business Case
Creating the Cloud Business CaseCreating the Cloud Business Case
Creating the Cloud Business Case
 
Virtualization 101: Everything You Need To Know To Get Started With VMware
Virtualization 101: Everything You Need To Know To Get Started With VMwareVirtualization 101: Everything You Need To Know To Get Started With VMware
Virtualization 101: Everything You Need To Know To Get Started With VMware
 
5 modern desktop - windows autopilot
5 modern desktop - windows autopilot5 modern desktop - windows autopilot
5 modern desktop - windows autopilot
 
AWS Security Fundamentals
AWS Security FundamentalsAWS Security Fundamentals
AWS Security Fundamentals
 
Modernizing Media Supply Chains with AWS Serverless (API301) - AWS re:Invent ...
Modernizing Media Supply Chains with AWS Serverless (API301) - AWS re:Invent ...Modernizing Media Supply Chains with AWS Serverless (API301) - AWS re:Invent ...
Modernizing Media Supply Chains with AWS Serverless (API301) - AWS re:Invent ...
 
Datacenter migration using vmware
Datacenter migration using vmwareDatacenter migration using vmware
Datacenter migration using vmware
 
Amazon EC2 Instance Types.pptx
Amazon EC2 Instance Types.pptxAmazon EC2 Instance Types.pptx
Amazon EC2 Instance Types.pptx
 

Ähnlich wie Virtualization security

Telecom service futures driven by customer need
Telecom service futures driven by customer needTelecom service futures driven by customer need
Telecom service futures driven by customer need
University of Hertfordshire
 
Cyber Security in a Fully Mobile World
Cyber Security in a Fully Mobile WorldCyber Security in a Fully Mobile World
Cyber Security in a Fully Mobile World
University of Hertfordshire
 
Congresso Crimes Eletrônicos, 08/03/2009 - Apresentação Ghassan Dreibi
Congresso Crimes Eletrônicos, 08/03/2009 - Apresentação Ghassan DreibiCongresso Crimes Eletrônicos, 08/03/2009 - Apresentação Ghassan Dreibi
Congresso Crimes Eletrônicos, 08/03/2009 - Apresentação Ghassan Dreibi
FecomercioSP
 
Innovation in the platform world
Innovation in the platform worldInnovation in the platform world
Innovation in the platform world
adritab
 
Small data big impact
Small data big impactSmall data big impact
Small data big impact
University of Hertfordshire
 
Ceh v8 labs module 19 cryptography
Ceh v8 labs module 19 cryptographyCeh v8 labs module 19 cryptography
Ceh v8 labs module 19 cryptography
Mehrdad Jingoism
 
Quick Reference Guide: Server Hosting
Quick Reference Guide: Server HostingQuick Reference Guide: Server Hosting
Quick Reference Guide: Server Hosting
webhostingguy
 
Os Nightingale
Os NightingaleOs Nightingale
Os Nightingale
oscon2007
 

Ähnlich wie Virtualization security (20)

Otology learning
Otology learningOtology learning
Otology learning
 
Telecom service futures driven by customer need
Telecom service futures driven by customer needTelecom service futures driven by customer need
Telecom service futures driven by customer need
 
Analysis of Regional Phishing Attack
Analysis of Regional Phishing AttackAnalysis of Regional Phishing Attack
Analysis of Regional Phishing Attack
 
Cyber Security in a Fully Mobile World
Cyber Security in a Fully Mobile WorldCyber Security in a Fully Mobile World
Cyber Security in a Fully Mobile World
 
Congresso Crimes Eletrônicos, 08/03/2009 - Apresentação Ghassan Dreibi
Congresso Crimes Eletrônicos, 08/03/2009 - Apresentação Ghassan DreibiCongresso Crimes Eletrônicos, 08/03/2009 - Apresentação Ghassan Dreibi
Congresso Crimes Eletrônicos, 08/03/2009 - Apresentação Ghassan Dreibi
 
Web Development for Managers
Web Development for ManagersWeb Development for Managers
Web Development for Managers
 
Vyprvpn review
Vyprvpn reviewVyprvpn review
Vyprvpn review
 
Ceh v8 labs module 11 session hijacking
Ceh v8 labs module 11 session hijackingCeh v8 labs module 11 session hijacking
Ceh v8 labs module 11 session hijacking
 
Hacking web applications CEHv8 module 13
Hacking web applications CEHv8 module 13Hacking web applications CEHv8 module 13
Hacking web applications CEHv8 module 13
 
Innovation in the platform world
Innovation in the platform worldInnovation in the platform world
Innovation in the platform world
 
Small data big impact
Small data big impactSmall data big impact
Small data big impact
 
World Hosting Days - More than just a control panel - reveal the power of Web...
World Hosting Days - More than just a control panel - reveal the power of Web...World Hosting Days - More than just a control panel - reveal the power of Web...
World Hosting Days - More than just a control panel - reveal the power of Web...
 
WHD.usa - Plesk - more than just a control panel - reveal the power of web op...
WHD.usa - Plesk - more than just a control panel - reveal the power of web op...WHD.usa - Plesk - more than just a control panel - reveal the power of web op...
WHD.usa - Plesk - more than just a control panel - reveal the power of web op...
 
CYBER DEFENCE SCENARIOS - Part 2: Building The Blue Team
CYBER DEFENCE SCENARIOS - Part 2: Building The Blue TeamCYBER DEFENCE SCENARIOS - Part 2: Building The Blue Team
CYBER DEFENCE SCENARIOS - Part 2: Building The Blue Team
 
Internet of Things - Introduction
Internet of Things - IntroductionInternet of Things - Introduction
Internet of Things - Introduction
 
Ceh v8 labs module 19 cryptography
Ceh v8 labs module 19 cryptographyCeh v8 labs module 19 cryptography
Ceh v8 labs module 19 cryptography
 
Web Content Management - Introduction
Web Content Management - IntroductionWeb Content Management - Introduction
Web Content Management - Introduction
 
Fullscreen Digital - Retail business optimization solutions
Fullscreen Digital - Retail business optimization solutionsFullscreen Digital - Retail business optimization solutions
Fullscreen Digital - Retail business optimization solutions
 
Quick Reference Guide: Server Hosting
Quick Reference Guide: Server HostingQuick Reference Guide: Server Hosting
Quick Reference Guide: Server Hosting
 
Os Nightingale
Os NightingaleOs Nightingale
Os Nightingale
 

Mehr von n|u - The Open Security Community

Mehr von n|u - The Open Security Community (20)

Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)
 
Osint primer
Osint primerOsint primer
Osint primer
 
SSRF exploit the trust relationship
SSRF exploit the trust relationshipSSRF exploit the trust relationship
SSRF exploit the trust relationship
 
Nmap basics
Nmap basicsNmap basics
Nmap basics
 
Metasploit primary
Metasploit primaryMetasploit primary
Metasploit primary
 
Api security-testing
Api security-testingApi security-testing
Api security-testing
 
Introduction to TLS 1.3
Introduction to TLS 1.3Introduction to TLS 1.3
Introduction to TLS 1.3
 
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
 
Talking About SSRF,CRLF
Talking About SSRF,CRLFTalking About SSRF,CRLF
Talking About SSRF,CRLF
 
Building active directory lab for red teaming
Building active directory lab for red teamingBuilding active directory lab for red teaming
Building active directory lab for red teaming
 
Owning a company through their logs
Owning a company through their logsOwning a company through their logs
Owning a company through their logs
 
Introduction to shodan
Introduction to shodanIntroduction to shodan
Introduction to shodan
 
Cloud security
Cloud security Cloud security
Cloud security
 
Detecting persistence in windows
Detecting persistence in windowsDetecting persistence in windows
Detecting persistence in windows
 
Frida - Objection Tool Usage
Frida - Objection Tool UsageFrida - Objection Tool Usage
Frida - Objection Tool Usage
 
OSQuery - Monitoring System Process
OSQuery - Monitoring System ProcessOSQuery - Monitoring System Process
OSQuery - Monitoring System Process
 
DevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -SecurityDevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -Security
 
Extensible markup language attacks
Extensible markup language attacksExtensible markup language attacks
Extensible markup language attacks
 
Linux for hackers
Linux for hackersLinux for hackers
Linux for hackers
 
Android Pentesting
Android PentestingAndroid Pentesting
Android Pentesting
 

Kürzlich hochgeladen

Kürzlich hochgeladen (20)

How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17
 
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin ClassesMixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
 
Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024
 
Unit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxUnit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptx
 
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 
Class 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfClass 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdf
 
Energy Resources. ( B. Pharmacy, 1st Year, Sem-II) Natural Resources
Energy Resources. ( B. Pharmacy, 1st Year, Sem-II) Natural ResourcesEnergy Resources. ( B. Pharmacy, 1st Year, Sem-II) Natural Resources
Energy Resources. ( B. Pharmacy, 1st Year, Sem-II) Natural Resources
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.ppt
 
This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.
 
General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...
 
Sociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning ExhibitSociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning Exhibit
 
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan Fellows
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
 
Micro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfMicro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdf
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and Mode
 
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 

Virtualization security

  • 1. Virtualizati on -By Ma ng e s h Gunj a l
  • 2. Topics to be Covered:  Vir t ua l iz at io n  Vir t ua l Ma c hine Mo nit o r  T y p es o f Vir t ua l iz at io n  Why Vir t ua l iz at io n..?  Vir t ua l iz at io n Ap p l ic at io n Ar e a s  Vir t ua l iz at io n Ris k s  Vir t ua l iz at io n Se c ur it y  VM Sp r awl  Mis c e l l a ne o us
  • 3. Virtualization - Mul t ip l e Op e r a t ing Sy s t e ms o n a Sing l e Phy s ic a l Sy s t e m - Mul t ip lt e Ex e c utrio y ing Ha r d wa r e Sha r e he Und e l - n Re s o ur c e s . Env ir o nme nt s , - Ha r d wa r e a nd So f t wa r e Pa r t it io ning , - T ime -Sha r ing , - Pa r t ia l o r Co mp l e t e Ma c hine Simul a t io n/ - Se p a r a tio n o f a Re s o ur c e Emul a t io n o r Re q ue s t f o r a s e r v ic e .
  • 4. S o u r c e : Vir t ua l iz a t io n Ov e r v ie w whit e p a p e r , By
  • 5. - Vir t ua l Ma c hine Mo nit o r ( VMM) - Emul a t io n o r s imul a t io n - Vir t ua l Ma c hine s - I s o l a t e d Env ir o nme nt
  • 6. S o u r c e : Vir t ua l iz a t io n Ov e r v ie w whit e p a p e r , By
  • 7. Para Virtualization S o u r c e : Vir t ua l iz a t io n Ov e r v ie w whit e p a p e r , By
  • 8. Why Virtualization..?  Se r v e r Co ns o l id at io n.  Leg a c y Ap p l ic at io ns.  Sa nd b o x .  Ex e c ut io n o f Mul t ip l e Op e r at ing Sy s t e ms.  Simul at io n o f Ha r d wa r e a nd Ne t wo r k ing Dev ic es.  Po we r f ul De bugging a nd Pe r f o r ma nc e Mo nit o r ing  Fa ul t a nd Er r o r Co nt a inme nt  Ap p l ic at io n a nd Sy s t e m Mo b il it y  Sha r e d Me mo r y Mul t ip r o c ess o r s  Bus iness Co nt inuit y
  • 9. S o u r c e : Vir t ua l iz a t io n Ov e r v ie w whit e p a p e r , By
  • 10. I n f r a s t r u c t u r e is wha t c o nne c t s r e s o ur c e s t o y o ur b us ine s s . V ir t u a l I n f r a s t r u c t u r e is a d y na mic ma p p ing o f y o ur r e s o ur c e s t o y o ur b us ine s s . S o u r c e : Vir t ua l iz a t io n Ov e r v ie w R e s u l t : d e c r e a s e d c o s t s a nd whit e p a p e r , By
  • 11. Virtualization Application Areas Des k t o p Vir t ua l iz at io n Ap p l ic at io n Vir t ua l iz at io n
  • 12. Virtualization Application Areas Se r v e r Vir t ua l iz a t io n St o r a g e Vir t ua l iz a t io n I nf r a s t r uc t ur e Vir t ua l iz at io n Ne t wo r k Vir t ua l iz a t io n
  • 13. Virtualization Risks - I ne x p e r ie nc e I nv o l v e d . - I nc r e a s e d Cha nne l s f o r At t a c k . - Cha ng e Ma na g e me nt Co nt r o l . - I T Ass e t T r a c k ing a nd Ma na g e me nt . - Se c ur ing Do r ma nt Vir t ua l Ma c hines. - Sha r ing Dat a b e t we e n Vir t ua l Ma c hines.
  • 14. Exploitation on Virtualization - Malicious Code Activities through Detection of VM. - Denial of Service on the Virtual Machine. - Virtual Machine Escape
  • 15. Historical Incident - VMware Multiple Denial Of Service Vulnerabilities Some VMware products support storing configuration information in VMDB files. Under some circumstances, a malicious user could instruct the virtual machine process (VMX) to store malformed data, causing an error. This error could enable a successful Denial-of- Service attack on guest operating systems. Link:
  • 16. Virtualization Security  Hy p e r v is o r Se c ur it y  Ho s t / Pl at f o r m Se c ur it y  Se c ur ing Co mmunic at io ns  Se c ur it y b e t we e n Gues t s  Se c ur it y b e t we e n Ho s t s a nd Gues t s  Vir t ua l iz e d I nf r a s t r uc t ur e Se c ur it y  Vir t ua l Ma c hine Sp r awl
  • 17. Hardening Steps to Secure Virtualisation Environment - Server Service Console - Restriction to Internal Trusted Network - Block all the incoming and outgoing traffic except for necessary ports. - Monitor the integrity and modification of the configuration files - Limit ssh based client communication to a discrete group of ip addresses - Create separate partitions for /home, /tmp, and /var/log
  • 18. Hardening Steps to Secure Virtualisation Environment - Virtual Network Layer - Network breach by user error or omission. - MAC Address spoofing (MAC address changes) - MAC Address spoofing (Forged transmissions)
  • 19. Hardening Steps to Secure Virtualisation Environment - Virtual Machine - Apply standard infrastructure security measures into virtual infrastructure - Set the resource reservation and limits for each virtual machine
  • 20. Virtual Machine Sprawl  Unc he c k e d c r e at io n o f ne w Vir t ua l Ma c hines ( Vms )  T he VMs t hat a r e c r e at e d f o r a s ho r t -t e r m p r o j e c t a r e s t il l us ing CPU, RAM a nd ne t wo r k r es o ur c es, a nd t hey c o ns ume s t o r a g e ev e n if t hey a r e powe r e d of f .  VM s p r awl c o ul d l e a d t o a c o mp ut ing e nv ir o nme nt r unning o ut o f r es o ur c es at a muc h q uic k e r -t ha n-e x p e c t e d r at e , a nd it c o ul d s k e w wid e r c a p a c it y - p l a nning e x e r c is es.
  • 21. Miscellaneous  Ka s p e r s ky La b ha s int r o d uc e d Ka s p e r s ky Se c ur it y f o r Vir t ua l iz at io n, a v ir t ua l s e c ur it y a p p l ia nc e t hat int egr at es wit h VMwa r e v Shie l d End po int t o p r ov id e a g e nt l ess, a nt i ma l wa r e s e c ur it y.  VMwa r e So ur c e Co d e Le a k Rev e a l s Vir t ua l iz at io n Se c ur it y Co nc e r ns.  Sy ma nt e c ha s it s own wid e r a ng e o f t o o l s f o r Vir t ua l iz at io n Se c ur it y : − Sy ma nt e c Cr it ic a l Sy s t e m Pr ot e c t io n − Sy ma nt e c Dat a Lo ss Pr ev e nt io n − Sy ma nt e c Co nt r o l Co mp l ia nc e Suit e − Sy ma nt e c Se c ur it y I nf o r mat io n Ma na g e r
  • 22. References - VMware.com - Microsoft.com - SANS.org - Gartner.com - Trendmicro.com - Symantec.com