[Nottingham] Virtualisation security

[Dylan Swift]

On 7 November 2011 13:11, Martin <martin at ml1.co.uk> wrote:

> On 2 November 2011 14:37, Martin <martin at ml1.co.uk> wrote:
> > On 1 November 2011 22:36, Sergiusz Pawlowicz <sergiusz at pawlowicz.name>
> wrote:
> >> On Tue, Nov 1, 2011 at 22:31, Martin <martin at ml1.co.uk> wrote:
> >>> Folks,
> >>>
> >>> Can anyone comment on the state of play/gotchas for the security for
> >>> running multiple virtual servers?
>

I'm no security expert, but given the state of most OS's I would expcect
the biggest risk would be via access methods to the guest OS. I'm not sure
what one could gain from having access to the hypervisor other than
mischief / malicious control of systems.

>>> Any concerns for the security/vulnerability of the hypervisor?...
>

I would suggest that the hypervisor itself would be pretty secure, by the
nature of the design of the application, the hypervisor 'allows' other code
to run and only provides a limited API for the client machine to access the
hypervisor processes.

Interestingly the latest version of VMware ESX comes without a console OS.
The reasoning was that the majority of the security patches VMware supplied
for ESX 3 were for the console OS. Eliminating this has reduced the
patching overhead and the size of the target for 'attack'.


> >> virtualisation has several layers :-) ...
>

Including in VMware, the ability to run non-VMware virtual switches. Cisco
do provide switches for VMware and obviously these are software based. This
might be an interesting attack vector (eg hidden port sniffing) if you
could insert your own switch, or sub module in the switch.

Interestingly, a large "cloud" services provider now offers a service
> whereby for a price premium you can have your own part of the cloud
> guaranteed to be used on servers exclusively used only by your
> cloud... The excuse for offering/wanting that is that of greater
> security.
>

In my personal experience, the ability to 'acquire' a exclusive access to a
part of the cloud service providers infrastructure would allow me to get a
better response from my virtual machines based upon the fact that you are
in control of any other VMs that are running on the same infrastructure.

I had a specific example where my VM (which had moderate disk I/O) would
become completely unresponsive, and in fact disappear from the web,
whenever another client who used the same host machine would 'destroy' a
VM. The destruction of the VM was followed by an automated scrub operation
that ensured that there was no trace of any data left on the disk
afterwards. This had the net result of producing an internally-generated
denial of service. In the worst case we lost access to the VM for 12 hours.


> Marketing hogwash or a real concern?
>

Depending on the type of data you hold / process, I could say that it would
be a real concern. However if the data was *that* sensitive then you would
probably be prevented by business security policies from utilising a public
access cloud infrastructure.


>
> Cheers,
> Martin
>
>
Cheers
Dylan

-- 
http://about.me/dylanswift
http://tungle.me/dylanswift
http://emailcharter.org/index.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.lug.org.uk/pipermail/nottingham/attachments/20111107/2126369e/attachment.htm>