Securing the virtual environment : how to defend the enterprise against attack

A step-by-step guide to identifying and defending against attacks on the virtual environment

As more and more data is moved into virtual environments the need to secure them becomes increasingly important. Useful for service providers as well as enterprise and small business IT professionals the book offers a broad look across virtualization used in various industries as well as a narrow view of vulnerabilities unique to virtual environments. A companion DVD is included with recipes and testing scripts.

Examines the difference in a virtual model versus traditional computing models and the appropriate technology and procedures to defend it from attack Dissects and exposes attacks targeted at the virtual environment and the steps necessary for defense Covers information security in virtual environments: building a virtual attack lab, finding leaks, getting a side-channel, denying or compromising services, abusing the hypervisor, forcing an interception, and spreading infestations Accompanying DVD includes hands-on examples and code

This how-to guide arms IT managers, vendors, and architects of virtual environments with the tools they need to protect against common threats.

• Introduction p. xxi
• Chapter 1 Virtualized Environment Attacks p. 1
• A Brief Introduction to the Cloud p. 1
• Flavors of "Cloud" p. 3
• Powering the Cloud p. 3
• Why the Cloud Is Here to Stay p. 4
• Managing Cloud Security p. 5
• Principles of Information Security p. 6
• Information Assets p. 7
• Potential Threats p. 8
• Potential Vulnerabilities p. 8
• Potential Consequences p. 8
• Incremental Risk Mitigation p. 9
• Deny by Default p. 9
• Never Trust Input; Assume the Worst p. 11
• Confidentiality, Integrity, and Availability p. 12
• The Human Factor p. 13
• Managing Cloud Risks p. 14
• Asset Management p. 20
• Vulnerability Assessment p. 22
• Communication p. 22
• Authentication and Authorization p. 23
• Software p. 25
• Managing Cloud Compliance p. 31
• Defining Compliance and Security p. 33
• Making Use of Warnings p. 34
• Cloud and the PKI p. 35
• Summary p. 36
• Chapter 2 Attacking from the Outside p. 41
• Who Is an Outsider? p. 41
• HR Policies and Procedures p. 42
• Contracting and Outsourcing Talent p. 44
• Friends and Family Discount p. 45
• Configuring Cloud Audit Logs p. 46
• Keeping Tabs on Accounts p. 50
• Extending and Trusting Communication p. 50
• Delegating and Spreading Roles in Order to Scale p. 62
• Novice Users Empowered by Cloud Environments p. 62
• Outsourced and Offshored Resources p. 62
• SaaS Software Development at "Cloud Speed" p. 63
• The Needs of Bespoke Solutions p. 63
• Ensuring Continuity p. 64
• Underspecialization p. 65
• How to Piggyback on Fixes p. 66
• Sudo and Shell Logging p. 70
• Spoofing a Certificate p. 73
• Summary p. 74
• Chapter 3 Making the Complex Simple p. 77
• Looking Around Without Getting Caught p. 78
• Checking to See If Anyone Is Watching p. 78
• Checking for Gaps in Awareness p. 79
• Checking for Responsiveness p. 80
• Complexity and the Cloud p. 81
• Choosing a Spot with a View p. 83
• The Hypervisor p. 83
• The Director/Orchestrator/Manager p. 88
• Assessing the Risk from Assessors p. 93
• Slicing and Dicing Data p. 94
• Detecting Layers of Virtualization Technology p. 94
• Identifying and Targeting Assets p. 96
• Versions p. 102
• Supporting Infrastructure p. 103
• Mail Servers p. 103
• Web Servers p. 103
• Domain Name Service p. 104
• Databases and Directory Services p. 104
• Timing an Attack p. 104
• Long-versus Short-Term Objectives p. 104
• How Long before You Are Ready to Attack? p. 104
• How Long before You Can Attack Again? p. 105
• Summary p. 106
• Chapter 4 Denial of Service p. 109
• Finding Signal in Noise p. 109
• Improving Denial p. 111
• Distributing Denial p. 112
• Defining Success p. 113
• Finding Service Vulnerabilities p. 115
• Scanning and Validating Service Levels p. 115
• Abstracting and Overcommitting p. 115
• Validating Complexity p. 118
• Limits of Penetration Testing p. 120
• Denial of Testing p. 120
• Speed Attacks p. 125
• Abusing Proximity of Services: Step Attacks and Speed Attacks p. 125
• Exploiting Service Vulnerabilities p. 127
• Breaking Connections Between Services p. 127
• Exhausting Resources p. 130
• CPU p. 130
• Memory p. 131
• Disk Space and IOPS p. 132
• The Dangers of Overcommitment p. 131
• Locking Out Others p. 132
• Summary p. 137
• Chapter 5 Abusing the Hypervisor p. 141
• Replacing Hardware Layers with Software p. 142
• Relating Physical to Virtual p. 142
• Displays p. 144
• Memory p. 145
• Disk p. 147
• Network p. 147
• Compromising the Kernel p. 148
• Low-Level Interception p. 148
• Real-World Example: Duqu p. 150
• Classification and Defense p. 151
• Breaking Out of KVM p. 161
• Attacking Virtual CPU and Memory p. 162
• The Cup Is Half Secure p. 162
• Taking Plato's Shadow Pill p. 162
• Demonstrating the Risks p. 163
• Qualifying Fear and Uncertainty p. 164
• Measuring Failure Rates p. 165
• Focusing on the Shortcomings of New technology p. 166
• Finding the Different Yet Old Attack Surfaces p. 167
• Network p. 168
• Systems p. 171
• Databases p. 172
• Escaping Jails, Sandboxes, and Buffers p. 174
• What Is the Purpose of Root, Anyway? p. 176
• Breaking Away from Identifiers p. 177
• Every Door Is the Front Door p. 178
• Summary p. 180
• Chapter 6 Finding Leaks and Obtaining a Side Channel p. 185
• Peeping Toms p. 186
• Working Around Layer 2 and Layer 3 Controls p. 187
• Becoming a Regular Man in the Middle p. 189
• VMware vmKernel, vMotion, and Management Traffic p. 190
• Xen and Live Migration p. 190
• Mayhem with Certificates p. 191
• Eliciting a Response by Manipulating State p. 193
• Noisy Neighbors p. 194
• Working on Shared Paths p. 195
• Risk of Co-Tenancy p. 195
• Detecting Co-Tenancy p. 197
• IP-Based Detection p. 197
• Timestamp Fingerprinting p. 198
• Latency Testing p. 198
• Cache-Based Detection p. 199
• Conclusion p. 199
• Forcing Co-Tenancy p. 199
• Avoiding Co-Tenancy p. 200
• Summary p. 201
• Chapter 7 Logging and Orchestration p. 205
• Logging Events p. 205
• Virtualization and Cloud Logs p. 208
• Multitenancy p. 210
• Collating, Archiving, and Protecting p. 216
• What to Look for in a SIEM Solution p. 217
• Safety and Reliability p. 219
• Sampling, or Getting Ready for the Auditors p. 219
• Testing Incident Responsiveness p. 220
• Tampering with Infrastructure p. 220
• Adding, Duplicating, Deleting, and Modifying VMs p. 226
• Modifying Logs: Hiding from SIEM p. 234
• Orchestration: Good and Evil p. 236
• Solving Business Challenges p. 237
• Why Orchestrate? p. 237
• The Power of Elasticity and Agility p. 238
• Devops and the Cloud p. 238
• Risks Resulting from Orchestration p. 239
• Outdated Images or Templates p. 239
• Archived Exploits p. 241
• Runaway Infrastructure Intelligence p. 242
• Exploiting Orchestration Directly p. 243
• Tarnishing Gold Images p. 243
• Exploiting Image Customization to Modify VMs p. 246
• Attacks Against Backups and Snapshots p. 248
• P2V p. 249
• Summary p. 249
• Chapter 8 Forcing an Interception p. 251
• Mapping the Infrastructure p. 251
• Finding and Exploiting the Middle Ground p. 258
• Abuse of Management Interfaces p. 259
• APIs and System Communication p. 261
• Getting around API Blockades p. 264
• Playing Games with Management Tools p. 265
• Elastic Nightmares: Moving Data in the Clear p. 265
• Finding Secure Boundaries p. 266
• Summary p. 270
• Chapter 9 Abusing Software as a Service p. 273
• When All You Are Is a Nail, Everything Wants to Be a Hammer p. 274
• Managing Identities p. 277
• Centralizing and Federating p. 278
• Finding Integrity Bugs p. 279
• Finding Confidentiality Bugs p. 282
• Trusting Authorities p. 285
• Secure Development p. 287
• Data Entropy p. 290
• The Ubiquity of the Browser p. 299
• Average Users and the Pain of Software Evolution p. 301
• Stuck on JavaScript p. 303
• The Risks of SaaS p. 305
• The Attackers Have Your Environment p. 310
• Homogeneity and the Rate of Infection p. 312
• Summary p. 313
• Chapter 10 Building Compliance into Virtual and Cloud Environments p. 319
• Compliance versus Security p. 319
• Virtualization Security p. 322
• Brokering p. 326
• Proxies p. 327
• Federation p. 329
• Virtualization Compliance p. 330
• Working with Auditors and Assessors p. 335
• Using Checklists and a Master Matrix p. 339
• Should Do versus How To p. 341
• ISO27001/SAS7D/and SOC2 p. 341
• Managing Expectations p. 342
• Service Organization Controls p. 344
• Automating Scope Assessments p. 347
• Managing Change p. 348
• HTPAA p. 351
• FISMA, NET, and FedRAMP p. 353
• Summary p. 356
• Appendix A Building a Virtual Attack Test Lab p. 361
• Components of the Virtual Penetration Testing Lab p. 362
• Physical versus Virtual p. 362
• Hungry for RAM p. 363
• Installation Order p. 363
• Bill of Materials p. 364
• Building the Gateway p. 364
• Building the ESXi Hypervisor System p. 367
• Configuring Shared Client Networking p. 372
• Adding a Secondary D? Address to Windows 7 p. 372
• Adding a Secondary D? Address to a Mac p. 374
• Adding a Secondary LP Address to a Linux System p. 375
• Building Xen p. 376
• Building KVM p. 383
• Using Your Virtual Environments: Virtual Attacks p. 392
• Adding Vulnerable Virtual Machines p. 392
• Setting Up Backtrack p. 396
• Where to Go from Here p. 398
• Build the Cloud Stack p. 398
• Eucalyptus p. 399
• VMware v Cloud p. 399
• OpenStack p. 399
• Amazon AWS p. 399
• Start Building an Archive p. 400
• Appendix B About the Media p. 401
• Index p. 403