Chap 10 - 01 - Understand Virt Essential Concepts and OS Virt Security - 10_ocred.pdf

Full Transcript

Certified Cybersecurity Technician Virtualization and Cloud Computing Exam 212-82 VM Sprawl Avoidance O VM sprawl occurs because of a i ion for provisioning/deprovisioning VMs, when leaving VMs idle for a long duration, or when the administrator overlooks/fails to handle or control all the VMs in the network VM Sprawl Avoidance Methods » Perform an audit » Protect idle resources » Identify the appropriate size for the VMs R Clear orphaned snapshots » S l'\’ 0 ‘M \ o ® i._ “"’-"'f" o , o o @ o » Remove unnecessary backups » Clean up junk » Use categories N » Build standards and processes » Employ an effective VM. management tool » Archive the VMs L All Rights Reserved. Reproduction is Strictly Prohibited VM Sprawl Avoidance VM sprawl or virtualization sprawl generally occurs because of a lack of proper policy implementation in provisioning/deprovisioning VMs, leaving VMs idle for long durations. It can also occur when the administrator fails to handle or control all the VMs on the network. The negative impacts of VM sprawl include the costs incurred for unused VMs, wastage of valuable resources, lag in performance, network efficiency. overloading of backup systems, and decrease in the overall To avoid all the negative influences of virtualization sprawl, appropriate virtual machine lifecycle management (VMLM) must be implemented, which can provide a single-point solution for network administrators to supervise the operations, implementations, provisioning, and maintenance of all the virtual machines (VMs) in service. With appropriate VMLM, all VMs are monitored effectively and can be deprovisioned once their service is completed. The following are different methods to avoid VM sprawl. = Perform an audit: Through this method, the network administrator can track which VMs are associated with a host or hypervisor clusters. Consequently, the administrator can easily identify VMs that are not in service and disassociate them. = Protect idle resources: It is mandatory to identify idle but operational VMs, which often consume resources even if they are not in use. Once idle VMs are discovered, they must be assigned to a task or decommissioned from the network. = Identify appropriate sizes for VMs: It is an important technique employed for avoiding VM sprawl. When VMs do not have the required resources or have an excessive volume of resources, editing the configuration can enhance their performance. This can be performed either manually or by using a monitoring tool designed for virtualization. Module 10 Page 1291 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Virtualization and Cloud Computing = Exam 212-82 Wipe out orphaned snapshots: It is advised to take snapshots to generate a new copy of the VM disk file because they provide a log of modifications that can be used later for reconfiguring the VM. An administrator can have many snapshots but is not required to retain every snapshot. In particular, orphaned snapshots are snapshots that remain intact even after the VM is removed. Orphaned snapshots must be deleted to free up disk space for other purposes. = Employ well-organized followed owner naming conventions: Numerous in a network to track servers, but they should so that VM-related issues such as a decrease naming standards be enhanced may be to identify the in performance can be easily reported to concerned department or owner. = Archive VMs: Removing VMs might free up resources, but it is not always advisable to discard them, because the same VM can be used again in the future. In such cases, it is advisable to employ the archive facility offered by back-up products. It enables one to archive VMs in a safe location so that they can be retrieved when required. = Remove unnecessary backups: Backups are mandatory, but they can exhaust repositories. If this occurs, it is necessary to monitor the backups to check if any VMs are performing operations beyond the required backup operations. Such situations should be discovered, and redundancies must be eliminated. = Clean up junk: Many an excessive amount have been removed them can also avoid = Use categories: A major challenge in VM management is the monitoring of all objects in the VM VMs use services for operations. This continual usage can generate of junk files such as temporary files and VM configuration data that or are not required. Discovering these junk files and discarding VM sprawl. environment at a time. If VMs are categorized accordingly, then they can be grouped and handled without any difficulties. = Build standards and processes: VM sprawl can be controlled by implementing specific standards and processes such as role-based access control to determine roles and permissions for different individuals, through which only trusted personnel can configure new VMs and snapshots. This minimizes chances of rogue VMs occurring in a network. = Employing an effective VM management tool: VM management tools can be used to control VM sprawl. An effective management tool can automate certain operations such as performance monitoring, alert generation, and VM configuration tracking to provide clear visibility into the entire VM infrastructure. Module 10 Page 1292 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Virtualization and Cloud Computing Exam 212-82 VM Escape Protection I - VM escape attack attempts can be minimized by placing VMs that offer web services and other services (such as database services) on independent security zones with the corresponding physical hosts (O Mt Security Zone 1 Firewall -R Web Host Protection against VM Escape Attacks v-m Services i@‘ i i YJ : o - Firewall Local Network = : w3 Detabass service Frequently update or patch the VM software Firewall == ™ VRouter @ Install only the required resources e Minimize software installations because —_. ’ each program could have its own exploits Security Zone 2 Copyright © by EC- AL All Rights Reserved. Reproduction is Strictly Prohibited. VM Escape Protection Active VMs are isolated from each other and have their own resources such as a virtual memory unit and CPU. The resources of one VM never directly communicate with other VMs within the host system. VM escape is a vulnerability that allows attackers to intrude into the VM infrastructure and take control over the hardware, hypervisor, or host OS. For this purpose, attackers use specially crafted malware that helps in jumping from guest OSes to the host OS. Attackers ensure that malware is running within the virtual environment and is able to escape from one VM to another. If an attacker can successfully escape from VMs, they can execute malicious code and gain major control Further, the attacker can perform over the host machine and other associated activities such as the creation of new VMs, VMs. deletion of existing VMs, and modification of resource quotas and privileges allocated to different VMs. In the figure below, an attacker targets a vulnerable VM and injects malware to launch overflow attacks on VM resources. Subsequently, the attacker moves from one VM to another, ultimately reaching the host machine to gain privileged access and alter the resources of the host. Module 10 Page 1293 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Virtualization and Cloud Computing Exam 212-82 0 VM Environment The attacker leverages VM escape vulnerability to enter the VM network e nnnnnnInIIImmmImm e The == e attacker]umps from one VM to another Attacker ——— The attacker reaches the host v Host Figure 10.18: VM escape attack To protect VMs implemented: against VM escape attacks, the following security measures need to be = Update or patch the VM software frequently = |Install only the required resources = Minimize software installations because each program could have exploits unique to it VM escape attack attempts can also be minimized by placing VMs that offer web services and other services (such as database services) in independent security zones, along with the respective physical hosts. Security Zone 1 WWW ) - T(.'@:’)T |I | 11 i Firewall Internet = = Web apkhee Host VRouter Services LT Q Local - : Q Networ essssesssssed y T = i T Tlececsssnces Firewall b = VM1 E@ Database Service T Firewall —= vm VRouter Security Zone 2 Figure 10.19: VM escape protection Module 10 Page 1294 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Virtualization and Cloud Computing Exam 212-82 OS Virtualization Security Best Practices Copyright © by EC-Coumcil Al Rights Reserved. Reproduction is Strictly Prohibited OS Virtualization Security Best Practices Module 10 Page 1295 Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.