Application Management in Virtualized Systems
資訊來源:
Rick Sturm, ... Julie Craig, in Application Performance Management (APM) in the Digital Enterprise, 2017
Security
Security concerns are consistently identified as one of the top five issues for senior-level IT managers and the security of virtualized servers, and infrastructure is high on their list of security concerns. Although a virtualized infrastructure is not inherently any less secure than that of a traditional infrastructure, it still has to be patched and maintained in the same way that a nonvirtual infrastructure does to keep abreast of potential vulnerabilities. As discussed earlier, virtualization adds an additional layer (VMM or hypervisor) between the operating system and the applications to manage multiple VMs on a single host, and it is theoretically possible for hackers to attack the VMM specifically or hijack a VM and use it to attack other VMs. While there are security risks associated with the VMMs beyond accepting vendor patches and keeping VMMs maintained, these VMs are primarily reliant on vendor support to keep them secure. However, there are also a number of other server and network virtualization security issues that can and should be controlled by IT departments. Let’s explore some of these virtualization security issues now to understand how they can be managed.
Host/platform configurations. In the case of virtual servers, configuration issues are magnified. The host platform can vary in the type of configuration options, depending on system architecture. To secure these systems, a number of best practice configurations can be implemented, such as setting file permissions, controlling users and groups, and synchronizing logs and times. To assist with this, a number of configuration guides are available free of charge from virtualization platform vendors, the Center for Internet Security, the National Security Agency, and the Defense Information Systems Agency.
VMM or hypervisor security. The VM manager is a piece of software. Since software is often released with "bugs" that need to be patched and maintained, it is important to maintain the latest service packs for both guests and hosts in a virtualized environment. This action is necessary to guard against any vulnerabilities and to apply the latest security roll-up patches if and when a virtual software vendor supplies them.
Least privilege controls. Creating separation of duties and providing the least amount of privilege necessary for users to perform their authorized tasks are basic tenets of information security that apply to both physical and virtual resources. For example, the director of marketing would not need access to a VM that runs a payroll application.
To address this issue, a system of checks and balances with processes to split functions and enforce dual controls for critical tasks must be put into place, and approval processes should be set up for creating new VMs and moving new applications to new VMs. Audit logs for VMs should be monitored for usage activity in the data center and on the endpoints. VMware monitoring tools that also monitor in nonvirtual environments to compare and report performance, per the least privileges policy, are also useful. Additionally, so are host-based firewalls and host intrusion prevention tools. To maximize the success of least privileges controls, it is important to involve all stakeholders in defining access levels and allocate access to specific roles, rather than individuals, and establish an annual review process to check that access levels remain consistent with business needs.
Failure to integrate into application lifecycle management. Managing vulnerabilities and patches across virtual systems can cause problems, and so can failing to conduct system integrity checks for a virtual system. However, with the appropriate combination of controls, you will be able to manage VM lifecycles more easily than their physical environment. An easy fix for this is to deploy appropriate tools that have these management capabilities. VMware vendors and third-party tools scan for weaknesses in VMs and work independently of and with the VMM.
Raising IT staff awareness. If IT staff do not know about an issue, they cannot manage it. Internal and external IT auditors need to be provided with a complete understanding of the virtualization infrastructure deployed, the data within the systems, and the policies that are put in place to govern the lifecycle of system instance creation, use, and end of lifecycle. Assessment of risk, compliance with relevant regulations, and even software licensing agreements are impacted when new VMs are dynamically deployed, temporarily retired, or eliminated. Traditional approaches to risk assessment and analysis, such as assessment questionnaires, may be inadequate in a virtual environment.
Risk must be assessed and analyzed at the onset of new virtualization projects, and risk management staff must be involved with changes in the virtualization infrastructure that may affect the level of risk. Educate risk management and compliance groups about virtualization capabilities and limitations, and consider involving compliance staff in critically shaping security policies for the virtual infrastructure in accordance with relevant regulations.
Traffic monitoring. One of the biggest security issues that may be faced in a virtualization environment is the lack of visibility into traffic among guests. Unlike the physical computing environment where a host platform has an internal virtual switch that each guest connects to, in the virtual environment, all VM traffic on a host is contained entirely within the host’s virtual switching components. This severely compromises visibility and security. To get around this, mirror ports need to be created on the built-in Layer-2 switching controls that are provided by most virtualized solution vendors to monitor traffic.
Controlling user-installed VMs. Central IT staff may not recognize the existence of VMs on endpoint systems. Even if they do, there may not be any policies in place to control the use of these technologies by end users. Licensing and patching issues may also need to be resolved and appropriate policies instituted to address desktop applications on virtual endpoints that may be operated by unsophisticated users.
In anticipation of (or in response to) user-installed VMs, a new set of management capabilities should be created that allow IT desktop support, security operations, and help desk staff discover virtualization in use throughout the organization’s endpoints, set and monitor policy, and gain visibility into the status of VMs running on desktop systems. An internal usage policy and network and endpoint securityshould be established that are VM-aware enough to locate and identify VMs and report them. To enable this visibility and control, endpoint security management needs to develop discovery protocols for virtual systems running on endpoints.
Lack of integration with existing tools and policies. Many common practices used in securing physical servers, such as hardware firewalls and intrusion sensors, either are not available or are extremely difficult to configure in virtual environments because the data is crisscrossing a system backplane, not an IP network. Unfortunately, hardware security tools that work in physical environments do not always work smoothly in a virtual environment. Instead, careful network configuration is required to help to avoid security issues related to VM failures, maintenance issues, and application removal. The good news is that security and network management vendors are moving to make their tools virtual-aware. To guard against some of these security issues, it is advisable to mirror standard security software including antimalware, host intrusion prevention, endpoint security software, and host firewalls on the VMs. Remember, a good number of traditional security and management vendors are adding functionality that addresses virtualized resources, so it is important to evaluate options for deploying system and file integrity tools, intrusion prevention systems, and firewalls as VAs with a vendor before purchasing new tools. Partnerships also enable maximum coverage at minimal cost.
沒有留言:
張貼留言