Get Adobe Flash player

VIRTUMANIA Episode 19: Security Is The Dark Side Of Virtualization

The VIRTUMANIA continues with Episode 19! Rick Vanover joins Marc and I again along with very special guest Ed Haletky for an extremely important discussion about security in virtualization infrastructure. The following is the podcast summary:

VIRTUMANIA Podcast Episode 19Security is The Dark Side of Virtualization. Rich Brambley (@rbrambley) of VMETC and Marc Farley (@3parfarley) of 3Par and StorageRap.com with show regular Rick Vanover (@rickvanover) of RickVanover.com host Ed Haletky (@texiwill) of The Virtualization Practice Blog. This episode includes interesting discussion about unintentionally created security concerns with virtual infrastructure that arise when administrators decide to deviate from best practices in the name of convenience. The show gets into well known attacks possible on a hypervisor, and what, if anything, can be done to stop them. Virtumania is an Infosmack Production.

All virtualization administrators should pay close attention to the Blue Pill Attack discussion. it’s definitely some scary stuff!

Before, between, and after the important stuff we also have some fun with Farley Fest, The World Cup, 4th of July Vacations, and Wisconsin. Ed reveals he is a foodie like Jason Perlow in our last episode, and he makes a recommendation for Mama Reux in Austin, TX. Look out for the bad alligator jokes too.

Rick gives Ed a hard time for being a known as being too serious at times, and he proudly keeps track of how many times Haletky laughs on this show. :)

Listen to the podcast with the embedded player or subscribe to get a weekly copy so you can listen when convenient.

Subscribe to VIRTUMANIA with iTunesAdd to my GoogleAdd to my Yahoorss2 podcast

Check out the VM /ETC VIRTUMANIA Page to listen to past episodes as well as episodes of Infosmack.

The following links offer more information on some of the topics mentioned in VIRTUMANIA Episode 19:


The Blue Pill Attack

http://en.wikipedia.org/wiki/Blue_Pill_(malware)

The name Blue Pill is a reference to the blue pill from The Matrix where one character (Morpheus) is in a virtual reality simulation talking to another character (Neo) who is unaware that they are in a virtual reality.

Morpheus says, "This is your last chance. After this, there is no turning back. You take the blue pill, the story ends, you wake up in your bed and believe whatever you want to believe. You take the red pill, you stay in Wonderland and I show you how deep the rabbit-hole goes."

A Blue Pill computing system victim is like Neo, unaware that it has been compromised.

The Blue Pill virtualization attack: Virtual machine malware

http://searchservervirtualization.techtarget.com/tip/0,289483,sid94_gci1220291,00.html

The Blue Pill attack itself manipulates kernel mode memory paging and the VMRUN and related SVM instructions that control the interaction between the host (hypervisor) and guest (virtual machine). This permits undetected, on-the-fly placement of the host operating system in its own secure virtual machine allowing for complete control of the system including manipulation by other malware.

Debunking Blue Pill myth

VI: Looking at Ms. Rutkowaska demonstration Austin Wilson, Director of the Windows Client Group at Microsoft, said the company will try to prevent such scenario in upcoming Vista operating system. What do you think can really be done at operating system level to mitigate the risk? Is this something also the Linux, BSD and Solaris communities should look at?

AL: I wouldn’t lose a bit of sleep over this particular threat. I don’t feel there is any new risk here at all.

Researchers to cure Blue Pill virtualization attacks

http://www.networkworld.com/news/2010/050710-researchers-to-cure-blue-pill.html

Two researchers from North Carolina State University have developed software that they say can protect virtualization hypervisors from malicious "Blue Pill" rootkit threats.

"HyperSafe enables the hypervisor self-protection from code injection attempts," said Xuxian Jiang, an assistant professor of computer science at NCSU.

Security Tools for virtualization mentioned:

More Info about @texiwill

Blue Gears Blog

http://www.astroarch.com/blog/

The Virtualization Practice

http://www.virtualizationpractice.com/

Virtualization Security Podcast

http://www.talkshoe.com/talkshoe/web/tscmd/tc/34217

Books

All on Amazon: http://www.amazon.com/s?ie=UTF8&rh=i:stripbooks,p_27:Edward%20L.%20Haletky&field-author=Edward%20L.%20Haletky&page=1

Forensics: Guidance for Virtual Environments

Posted By Texiwill on April 21, 2010

We discussed forensic from the perspective of evidence necessary for the court of law. In other words, forensically sound data acquisition prepared for forensic analysis. This is the an interesting aspect of virtualization. Some of which I have discussed before.

Out of this discussion came some fairly straight forward advice that many may find difficult to perform due entirely to the additional cost and requirements:

  1. Have a Written Incident Response Policy and Procedure
  2. Have a Written Data Retention Policy
  3. Have a Separate ESX Cluster for purely Forensics

Virtualization & Security: Real Threats to Virtual Systems.

Hakin9: Hard Core IT Security Magazine, June 2008, pp 54-58.

 

The Virtualization Practice’s Edward Haletky presents

BrownBag #10 – Security Deep Dive

 

Secure Multi Tenancy Concerns

Safe way to Encrypt within a VM – Need for Technology

So to the hypervisor vendors, give us encrypted memory and encrypted vMotion or Live Migration. Then we can finally start to seriously implement SMT.

 

End to End Virtualization Security Whitepaper

produced by Edward L. Haletky of The Virtualization Practice

Related Posts

Badges

follow-me-twitter

I blog with Blogsy

Comments / DISQUS