Assuria and Server Virtualisation
Virtualisation is a fact of life in
today’s IT environments. Virtualisation technology brings many benefits
to the IT operations. In the data centre server
virtualisation enables more efficient use of hardware resources. However with any new technology, such as Virtualisation,
there will always be those who will try to use it for malicious intent. Law
enforcement agencies around the world are now seeing criminals use VM’s
as a way to commit crimes, because they think VMs are untraceable. It’s easy
- Boot up a VM, launch the attack, and quickly shut the VM, restore the
previous ‘good’ image and discard changes, = no evidence. But with well
configured virtualised environments most actions will be written to the system logs.
Assuria’s Assuria Auditor and Assuria Log Manager products are fully supported running in virtualised
and real environments.
Secure the virtual machines - Use Best practice
Best practice for IT operations and the IT
security management of virtualised environments is to apply the same
disciplines and controls as with physical servers. Virtual machine
instances should be configured following accepted best practices and the
standards employed with your physical systems.
Secure the virtual environment - hypervisor
The virtualised environment, the hypervisor
VMware’s ESX or Microsoft’s HyperV or Citrix’s XEN, should be appropriately
configured and managed. Key points to be considered include:
-
Reduce the attack surface on the
hypervisor host through sensible configuration and hardening.
-
Always use least privilege access.
-
Ensure that the deployment, maintenance,
control, and access to VMs is fully auditted.
-
Take advantage of backups, snapshots, and
redundancy to reduce impact of host/guest maintenance but remember VM’s
at rest.
-
Secure your VM hard disk and
configuration files, including backups and archives.
-
Use virtual networks/VLANs/IPSec to
isolate machines, especially before they are exposed to the network.
Users
should use Assuria Auditor agent for VWare ESX 3.5 to ensure the
hypervisor is
sensibly configured and hardened.
In addition us eof the Change detection features will ensure
un-authorised configuration changes are not made.
Users
should use Assuria Auditor agent to examine and baseline each VMs
configuration files.
Users should use Assuria Auditor to
ensure that each VM 'guest' instance is appropriately and securely configured
complying with your organisations configuration and security policies or
with external configuration and security policies.
Users should use Assuria Log Manager
to securely collect all the relevant audit and event logs from both the
hypervoisor and guests into a secure
central store. Once securely stored logs should be analysed looking
abnormal or unexpected entries.
Assuria can help you ensure that you IT
environment, both real and virtualised is appropriately and securely
configured.
