Intelligence gathering is an oft overlooked aspect of system and data defense in depth. On the 7/12 Virtualization Security podcast we discussed new and old sources of such intelligence. We were joined by Urvish Vashi, VP of marketing, Alert Logic. Alert Logic has updated their report on cloud based security attacks. Add to this the yearly Verizon Breach and other reports, and we start to have a good handle on intelligence of past and possibly future attacks.
The 6/28 Virtualization Security Podcast we spoke about attacks, defense in depth, and compliance with Davi Ottenhiemer and Matt Wallace. Davi and Matt just published a book on how to defend your virtual environment against attack. Unlike other books, this approaches the problem from the point of view of well know attacks. It even gives examples of some of the more interesting attacks against any of the virtual environments, not just VMware vSphere. The discussion eventually found its way to even newer attacks and their impact on the environment.
The 6/14 Virtualization Security Podcast we spoke about firewall placement within the virtual environment as well as storage based defense in depth. While we covered Encryption on the 5/31 podcast, in the 6/14 podcast we covered other measures when dealing with storage (which will be part of a followup post). This conversation was slightly different than all other firewall discussions, as it was about migrating from a physical environment to a virtual environment, and keeping the same firewall placements. Spurred by a customer, we sought to come to a set of guidelines to follow for defense in depth within the virtual as well as physical and hybrid cloud environments.
The 5/31 Virtualization Security Podcast we spoke to High Cloud Security about encryption as a defense in depth, and where to place encryption within the virtual environment. This lead to an intriguing discussion about what is actually missing from current virtual environments when it comes to encryption. We can encrypt within each VM and we can encrypt within the networking fabric, as well as within the drives themselves, but currently that leaves several vulnerabilities and unencrypted locations that can be used as attack points. While we concentrated on vSphere, what we are discussing applies equally to all hypervisors.
The 5/17 Virtualization Security Podcast was an open forum on the Cloud Security Alliance initiatives, specifically the Security, Trust, & Assurance Registry (STAR). Which is “a free, publicly accessible registry that documents the security controls provided by various cloud computing offerings.” The CSA has grown from a grass roots organization to a major player and producer or guidance for security and compliance for clouds.
The 3/22 Virtualization Security Podcast brought to light the capabilities of Symantec Critical System Protection (CSP) software. This software successfully implements a manageable version of mandatory access control policies based on role-based and multi-level security functionality within the virtual environment. More specifically on those systems that are critical to the well being and health of your virtual and cloud environments such as all your management and control-plane tools (VMware vCenter, Microsoft SCVVM, XenConsole, etc.). In addition, Symantec CSP will monitor your virtualization hosts for common security issues. This in itself is great news but why are we just hearing about this now? Is this a replacement for other security tools?