Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

3/4/2011
03:35 PM
Commentary
Commentary
Commentary
50%
50%

Hypervisor Security: Don't Trust, Verify

Combating vulnerabilities (and passing audits) is a matter of starting from the root and working up.

InformationWeek Green Virtualization Security Digital Issue- Mar. 7, 2011 InformationWeek Green
Download the InformationWeek March supplement on virtualization security , distributed in an all-digital format as part of our Green Initiative
(Registration required.)
We will plant a tree for each of the first 5,000 downloads.

VIrtualization Security

For years I've watched the delicate balance between enterprise IT groups and their security teams. Every now and then, there's a sea change in one area that gives rise to, let's say, passionate discussions. After attending last month's RSA conference, I feel one of those moments coming on, this time around production server virtualization. Specifically, we're talking about hardening the hypervisor--arguably one of the most important components of your virtual architecture.

What? Didn't think your CISO cared about hypervisors? Well, if he attended RSA, he does now. And if you have production VMs, you better get ready to prove they're secure. Don't expect your security team to just trust you.

Combating vulnerabilities (and passing audits) is a matter of starting from the root and working up. One option that impressed me at RSA is Intel's TXT (Trusted Execution Technology)--Intel's response to the Trusted Platform Module (TPM) specification published by the Trusted Computing Group and accepted as an ISO standard in 2009.

The foundation of this new trusted computing infrastructure is what's known as the "hardware root of trust," which establishes a bottoms-up security posture based on assuring the integrity of the VM kernel and loaded modules as they reside on disk and in memory. To take advantage, first make sure your server hardware supports TPM. Once you've verified that your gear has the correct processor extensions and supporting chipsets, it's just a matter of adding a small circuit board that plugs into a TPM slot on the server motherboard. After you enable TXT in the server BIOS that runs your host, you go through a process of generating the hash state that VMware ESXi, Xen, and other hypervisors will use during the boot process to detect unauthorized changes or whether malware has infiltrated the host operating system.

Moving up the stack, software vendor HyTrust offers a virtual appliance that can access the TXT status through the vSphere vCenter API and make decisions on controlling guest movement based on the classification status of the host server. HyTrust also offers network-based policy management for your virtual infrastructure that provides administrative access control, hypervisor hardening, and audit-quality logging to protect you from malicious, or sometimes just careless, insiders. Now when your security auditor asks for proof of hypervisor protection, you can go down your checklist: hardware root of trust (check), trusted virtualization environment (check), and security information and event management tools (check).

You're only going to increase your use of virtualization, so think in terms of evolving security. Evaluate where you are today and educate yourself as new hypervisor hardening options become available to ensure that you always stay a step ahead of the CISO--and the people after your data.

Schalk Theron is VP of security and operations for cloud services and ECM company SpringCM. Prior to joining SpringCM, Theron was at Washington Mutual, leading operational support for more than 50,000 users and a national network of more than 3,000 sites and multiple enterprise-class data centers supporting the award-winning Wamu.com. Write to us at [email protected].

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/1/2020
Ripple20 Threatens Increasingly Connected Medical Devices
Kelly Sheridan, Staff Editor, Dark Reading,  6/30/2020
DDoS Attacks Jump 542% from Q4 2019 to Q1 2020
Dark Reading Staff 6/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The Threat from the Internet--and What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15478
PUBLISHED: 2020-07-01
The Journal theme before 3.1.0 for OpenCart allows exposure of sensitive data via SQL errors.
CVE-2020-6261
PUBLISHED: 2020-07-01
SAP Solution Manager (Trace Analysis), version 7.20, allows an attacker to perform a log injection into the trace file, due to Incomplete XML Validation. The readability of the trace file is impaired.
CVE-2020-15471
PUBLISHED: 2020-07-01
In nDPI through 3.2, the packet parsing code is vulnerable to a heap-based buffer over-read in ndpi_parse_packet_line_info in lib/ndpi_main.c.
CVE-2020-15472
PUBLISHED: 2020-07-01
In nDPI through 3.2, the H.323 dissector is vulnerable to a heap-based buffer over-read in ndpi_search_h323 in lib/protocols/h323.c, as demonstrated by a payload packet length that is too short.
CVE-2020-15473
PUBLISHED: 2020-07-01
In nDPI through 3.2, the OpenVPN dissector is vulnerable to a heap-based buffer over-read in ndpi_search_openvpn in lib/protocols/openvpn.c.