Virtualization Hardening - Cloud Security Alliance
12.07.2015 Views
Share Embed Flag

Virtualization Hardening - Cloud Security Alliance

Virtualization Hardening - Cloud Security Alliance

Virtualization Hardening - Cloud Security Alliance

SHOW MORE
SHOW LESS
ePAPER READ
DOWNLOAD ePAPER
cloudsecurityalliance.org

You also want an ePaper? Increase the reach of your titles

YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.

START NOW

Physical Devices, Cabling, etc.Copyright © 2009 <strong>Cloud</strong> <strong>Security</strong> <strong>Alliance</strong>www.cloudsecurityalliance.org

HypervisorsType 1 Type 2Guest Guest GuestGuest Guest GuestHypervisorOperating SystemHypervisorHardwareHardwareCopyright © 2009 <strong>Cloud</strong> <strong>Security</strong> <strong>Alliance</strong>www.cloudsecurityalliance.org

Shared Physical ResourcesCopyright © 2009 <strong>Cloud</strong> <strong>Security</strong> <strong>Alliance</strong>www.cloudsecurityalliance.org

Virtualized ResourcesCPUMemoryDiskNetworkingVideoRandomness[...]Copyright © 2009 <strong>Cloud</strong> <strong>Security</strong> <strong>Alliance</strong>www.cloudsecurityalliance.org

Virtual Machines/Guest OS >Typical Steps:– Minimization, Patching, <strong>Hardening</strong>, RBAC, Least Privilege, etc.What about Virtual Machine:– Definitions and their storage? The new “physical”!– Configuration opportunities (e.g., administrative networks)Micro-<strong>Virtualization</strong>– The next frontier?Copyright © 2009 <strong>Cloud</strong> <strong>Security</strong> <strong>Alliance</strong>www.cloudsecurityalliance.org

Micro-<strong>Virtualization</strong>Copyright © 2009 <strong>Cloud</strong> <strong>Security</strong> <strong>Alliance</strong>www.cloudsecurityalliance.org

Management and MonitoringManagement– Isolation of the control plane– Authenticated and encrypted interaction with control plane– Management access control, role separation, etc.Monitoring– In the VM, in the Hypervisor, on the network? It depends!– Impact of encryption on monitoring– Guest and management activityCopyright © 2009 <strong>Cloud</strong> <strong>Security</strong> <strong>Alliance</strong>www.cloudsecurityalliance.org

GovernanceIT Issues– IT Architecture– IT Service ManagementBusiness Issues– Risk management– Policy and regulatory compliance– Export control, data handling requirements– ApplicabilityCopyright © 2009 <strong>Cloud</strong> <strong>Security</strong> <strong>Alliance</strong>www.cloudsecurityalliance.org

Rethinking ITEffectiveGlobalBusinessServicesCopyright © 2009 <strong>Cloud</strong> <strong>Security</strong> <strong>Alliance</strong>Standardization• Secured Golden Images• Well-defined processesConfiguration Mgt.• CMDBs, Modeling “Truth”Assembly / Distribution• Build once, patch oncedeploy everywhereAutomation• Discourage “humans”inside virtual machineswww.cloudsecurityalliance.org

Lingering ConcernsReliable, repeatable security at pace and scaleEntropy sources across virtualized infrastructureTrust management in dynamic architecturesForensic reconstruction of volatile environmentsUnauthorized virtual machine “Hot Spots”Copyright © 2009 <strong>Cloud</strong> <strong>Security</strong> <strong>Alliance</strong>www.cloudsecurityalliance.org

Contact• www.cloudsecurityalliance.org• info@cloudsecurityalliance.org• Twitter: @cloudsa, #csaguide• LinkedIn: www.linkedin.com/groups?gid=1864210Copyright © 2009 <strong>Cloud</strong> <strong>Security</strong> <strong>Alliance</strong>www.cloudsecurityalliance.org

Thank You!www.cloudsecurityalliance.org

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!