esc 2010: virtualizzazione (in)security
TRANSCRIPT
![Page 1: ESC 2010: Virtualizzazione (in)security](https://reader030.vdocuments.site/reader030/viewer/2022020207/557001c5d8b42a84618b505b/html5/thumbnails/1.jpg)
Alessio L.R. Pennasilico
[email protected] Summer Camp
Forte Bazzera4 Settembre 2010
Virtualization (in)securityDovevo scrivere Cloud da qualche parte :)
![Page 2: ESC 2010: Virtualizzazione (in)security](https://reader030.vdocuments.site/reader030/viewer/2022020207/557001c5d8b42a84618b505b/html5/thumbnails/2.jpg)
Alessio L.R. Pennasilico
$ whois mayhem
Board of Directors:
CLUSIT, AIPSI/ISSA Italian Chapter, Italian Linux Society,
OpenBSD Italian User Group, Metro Olografix,
Sikurezza.org, Spippolatori Hacker Club
Hacker’s Profiling Project, CrISTAL, Recursiva.org
2
Security Evangelist @
![Page 3: ESC 2010: Virtualizzazione (in)security](https://reader030.vdocuments.site/reader030/viewer/2022020207/557001c5d8b42a84618b505b/html5/thumbnails/3.jpg)
Alessio L.R. Pennasilico
Classical threats
Escape from VM
diversi esempi nel tempo,
ne vedremo altri in futuro :)
3
![Page 4: ESC 2010: Virtualizzazione (in)security](https://reader030.vdocuments.site/reader030/viewer/2022020207/557001c5d8b42a84618b505b/html5/thumbnails/4.jpg)
Alessio L.R. Pennasilico
altre minacce
malware vm-aware
4
![Page 5: ESC 2010: Virtualizzazione (in)security](https://reader030.vdocuments.site/reader030/viewer/2022020207/557001c5d8b42a84618b505b/html5/thumbnails/5.jpg)
Alessio L.R. Pennasilico
Confidenzialità
posso clonare macchine accese e fare quello che voglio sui cloni?
5
![Page 6: ESC 2010: Virtualizzazione (in)security](https://reader030.vdocuments.site/reader030/viewer/2022020207/557001c5d8b42a84618b505b/html5/thumbnails/6.jpg)
Alessio L.R. Pennasilico
Management VLAN
Gli host/hypervisor si dicono diverse cose interessanti
Dove facciamo passare il traffico “di servizio”?
6
![Page 7: ESC 2010: Virtualizzazione (in)security](https://reader030.vdocuments.site/reader030/viewer/2022020207/557001c5d8b42a84618b505b/html5/thumbnails/7.jpg)
Alessio L.R. Pennasilico
accesso all’interfaccia amministrativa
test reachability per HA
vMotion
iSCSI, NFS
7
![Page 8: ESC 2010: Virtualizzazione (in)security](https://reader030.vdocuments.site/reader030/viewer/2022020207/557001c5d8b42a84618b505b/html5/thumbnails/8.jpg)
Alessio L.R. Pennasilico
Soluzioni?
Dividere
Filtrare
Analizzare
8
![Page 9: ESC 2010: Virtualizzazione (in)security](https://reader030.vdocuments.site/reader030/viewer/2022020207/557001c5d8b42a84618b505b/html5/thumbnails/9.jpg)
Alessio L.R. Pennasilico 9
![Page 10: ESC 2010: Virtualizzazione (in)security](https://reader030.vdocuments.site/reader030/viewer/2022020207/557001c5d8b42a84618b505b/html5/thumbnails/10.jpg)
Alessio L.R. Pennasilico 10
![Page 11: ESC 2010: Virtualizzazione (in)security](https://reader030.vdocuments.site/reader030/viewer/2022020207/557001c5d8b42a84618b505b/html5/thumbnails/11.jpg)
Alessio L.R. Pennasilico
disruption
Cosa succede se rendo “irraggiungibili” gli IP monitorati per la gestione dell’HA?
11
![Page 12: ESC 2010: Virtualizzazione (in)security](https://reader030.vdocuments.site/reader030/viewer/2022020207/557001c5d8b42a84618b505b/html5/thumbnails/12.jpg)
Alessio L.R. Pennasilico
Unauthorized access
Brute force?
Exploit (undocumented services)?
Exploit application layer? (SOAP)
12
![Page 13: ESC 2010: Virtualizzazione (in)security](https://reader030.vdocuments.site/reader030/viewer/2022020207/557001c5d8b42a84618b505b/html5/thumbnails/13.jpg)
Alessio L.R. Pennasilico
netstat
tcp 0 0 0.0.0.0:5989 0.0.0.0:* LISTENtcp 0 0 0.0.0.0:902 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:903 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:427 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN
13
![Page 14: ESC 2010: Virtualizzazione (in)security](https://reader030.vdocuments.site/reader030/viewer/2022020207/557001c5d8b42a84618b505b/html5/thumbnails/14.jpg)
Alessio L.R. Pennasilico
Perchè
intercettare / rallentare il traffico iSCSI / NFS
storage in replica per HA/DR
14
![Page 15: ESC 2010: Virtualizzazione (in)security](https://reader030.vdocuments.site/reader030/viewer/2022020207/557001c5d8b42a84618b505b/html5/thumbnails/15.jpg)
Alessio L.R. Pennasilico
Migration
Manipolare le VM durante la migrazione?
http://www.eecs.umich.edu/techreports/cse/2007/CSE-TR-539-07.pdf
Jon Oberheide, Evan Cooke, Farnam Jahanian: Xensploit
15
![Page 16: ESC 2010: Virtualizzazione (in)security](https://reader030.vdocuments.site/reader030/viewer/2022020207/557001c5d8b42a84618b505b/html5/thumbnails/16.jpg)
Alessio L.R. Pennasilico
Migration
Posso spostare VM infette
di datacenter in datacenter...
16
![Page 17: ESC 2010: Virtualizzazione (in)security](https://reader030.vdocuments.site/reader030/viewer/2022020207/557001c5d8b42a84618b505b/html5/thumbnails/17.jpg)
Alessio L.R. Pennasilico
traffico “trusted” tra datacenter per garantire la migration delle VM
Traffico protetto?
Traffico Trusted / VPN come canale di accesso?
17
![Page 18: ESC 2010: Virtualizzazione (in)security](https://reader030.vdocuments.site/reader030/viewer/2022020207/557001c5d8b42a84618b505b/html5/thumbnails/18.jpg)
Alessio L.R. Pennasilico
Dormant VM
outdated policy
outdated signatures (AV, IPS)
manipolabili? >;-)
18
![Page 19: ESC 2010: Virtualizzazione (in)security](https://reader030.vdocuments.site/reader030/viewer/2022020207/557001c5d8b42a84618b505b/html5/thumbnails/19.jpg)
Alessio L.R. Pennasilico
Botnet e Cloud?
19
![Page 20: ESC 2010: Virtualizzazione (in)security](https://reader030.vdocuments.site/reader030/viewer/2022020207/557001c5d8b42a84618b505b/html5/thumbnails/20.jpg)
Alessio L.R. Pennasilico
Traffico interVM
firewall virtuali?
feature dell’hypervisor?
prodotti di terze parti?
20
![Page 21: ESC 2010: Virtualizzazione (in)security](https://reader030.vdocuments.site/reader030/viewer/2022020207/557001c5d8b42a84618b505b/html5/thumbnails/21.jpg)
Alessio L.R. Pennasilico
Prodotti agent based
multipiattaforma?
(comprende backup, AV, IPS...)
21
![Page 22: ESC 2010: Virtualizzazione (in)security](https://reader030.vdocuments.site/reader030/viewer/2022020207/557001c5d8b42a84618b505b/html5/thumbnails/22.jpg)
Alessio L.R. Pennasilico
Budget?
81% delle intrusioni avvengono su reti che non
sodisfano i requirement delle più diffuse
norme/best practice / guidelines
Gartner
22
![Page 23: ESC 2010: Virtualizzazione (in)security](https://reader030.vdocuments.site/reader030/viewer/2022020207/557001c5d8b42a84618b505b/html5/thumbnails/23.jpg)
Alessio L.R. Pennasilico
IT Security...
Un inutile impedimento
che rallenta le comuni operazioni
e danneggia il business?
23
![Page 24: ESC 2010: Virtualizzazione (in)security](https://reader030.vdocuments.site/reader030/viewer/2022020207/557001c5d8b42a84618b505b/html5/thumbnails/24.jpg)
Alessio L.R. Pennasilico
IT Security...
O prevenzione e risposta ad eventi che danneggerebbero il business in modo peggiore?
24
![Page 25: ESC 2010: Virtualizzazione (in)security](https://reader030.vdocuments.site/reader030/viewer/2022020207/557001c5d8b42a84618b505b/html5/thumbnails/25.jpg)
Alessio L.R. Pennasilico
Conclusioni
Usare la virtualizzazione?
Si, ma…
Dividere, Filtrare, Analizzare, Patchare
25
![Page 26: ESC 2010: Virtualizzazione (in)security](https://reader030.vdocuments.site/reader030/viewer/2022020207/557001c5d8b42a84618b505b/html5/thumbnails/26.jpg)
Alessio L.R. Pennasilico
[email protected] Summer Camp
Forte Bazzera4 Settembre 2010
Grazie!Domande?
T h e s e s l i d e s a r e written by Alessio L.R. P e n n a s i l i c o a k a mayhem. They are subjected to Creative Commons Attribution-S h a r e A l i k e - 2 . 5 version; you can copy, modify, or sell them. “Please” ci te your source and use the same licence :)