![Page 1: Smau 2010 MIlano: Seminario AIPSI Virtualizzazione Sicura](https://reader038.vdocuments.net/reader038/viewer/2022110308/55757f27d8b42adb7e8b4fd7/html5/thumbnails/1.jpg)
Alessio L.R. [email protected]: mayhemsppFaceBook: alessio.pennasilico
Virtualization (in)security
Thursday, 21 October, 2010
![Page 2: Smau 2010 MIlano: Seminario AIPSI Virtualizzazione Sicura](https://reader038.vdocuments.net/reader038/viewer/2022110308/55757f27d8b42adb7e8b4fd7/html5/thumbnails/2.jpg)
Virtualization (in)security [email protected]
$ whois mayhem
Board of Directors:CLUSIT, Associazione Informatici Professionisti,
Associazione Italiana Professionisti Sicurezza Informatica, Italian Linux Society, OpenBSD Italian User Group,
Hacker’s Profiling Project
2
Security Evangelist @
Thursday, 21 October, 2010
![Page 3: Smau 2010 MIlano: Seminario AIPSI Virtualizzazione Sicura](https://reader038.vdocuments.net/reader038/viewer/2022110308/55757f27d8b42adb7e8b4fd7/html5/thumbnails/3.jpg)
Virtualization (in)security [email protected]
Classical threats
Escape from VM
diversi esempi nel tempo,
ne vedremo altri in futuro :)
3
Thursday, 21 October, 2010
![Page 4: Smau 2010 MIlano: Seminario AIPSI Virtualizzazione Sicura](https://reader038.vdocuments.net/reader038/viewer/2022110308/55757f27d8b42adb7e8b4fd7/html5/thumbnails/4.jpg)
Virtualization (in)security [email protected]
altre minacce
malware vm-aware
4
Thursday, 21 October, 2010
![Page 5: Smau 2010 MIlano: Seminario AIPSI Virtualizzazione Sicura](https://reader038.vdocuments.net/reader038/viewer/2022110308/55757f27d8b42adb7e8b4fd7/html5/thumbnails/5.jpg)
Virtualization (in)security [email protected]
Confidenzialità
posso clonare macchine accese e fare quello che voglio sui cloni?
5
Thursday, 21 October, 2010
![Page 6: Smau 2010 MIlano: Seminario AIPSI Virtualizzazione Sicura](https://reader038.vdocuments.net/reader038/viewer/2022110308/55757f27d8b42adb7e8b4fd7/html5/thumbnails/6.jpg)
Virtualization (in)security [email protected]
Management VLAN
Gli host/hypervisor si dicono diverse cose interessanti
Dove facciamo passare il traffico “di servizio”?
6
Thursday, 21 October, 2010
![Page 7: Smau 2010 MIlano: Seminario AIPSI Virtualizzazione Sicura](https://reader038.vdocuments.net/reader038/viewer/2022110308/55757f27d8b42adb7e8b4fd7/html5/thumbnails/7.jpg)
Virtualization (in)security [email protected]
Traffico di servizio
accesso all’interfaccia amministrativa
test reachability per HA
vMotion
iSCSI, NFS
7
Thursday, 21 October, 2010
![Page 8: Smau 2010 MIlano: Seminario AIPSI Virtualizzazione Sicura](https://reader038.vdocuments.net/reader038/viewer/2022110308/55757f27d8b42adb7e8b4fd7/html5/thumbnails/8.jpg)
Virtualization (in)security [email protected]
Soluzioni?
Dividere
Filtrare
Analizzare
8
Thursday, 21 October, 2010
![Page 11: Smau 2010 MIlano: Seminario AIPSI Virtualizzazione Sicura](https://reader038.vdocuments.net/reader038/viewer/2022110308/55757f27d8b42adb7e8b4fd7/html5/thumbnails/11.jpg)
Virtualization (in)security [email protected]
disruption
Cosa succede se rendo “irraggiungibili” gli IP monitorati per la gestione dell’HA?
11
Thursday, 21 October, 2010
![Page 12: Smau 2010 MIlano: Seminario AIPSI Virtualizzazione Sicura](https://reader038.vdocuments.net/reader038/viewer/2022110308/55757f27d8b42adb7e8b4fd7/html5/thumbnails/12.jpg)
Virtualization (in)security [email protected]
Unauthorized access
Brute force?
Exploit (undocumented services)?
Exploit application layer? (SOAP)
12
Thursday, 21 October, 2010
![Page 13: Smau 2010 MIlano: Seminario AIPSI Virtualizzazione Sicura](https://reader038.vdocuments.net/reader038/viewer/2022110308/55757f27d8b42adb7e8b4fd7/html5/thumbnails/13.jpg)
Virtualization (in)security [email protected]
netstat
tcp 0 0 0.0.0.0:5989 0.0.0.0:* LISTENtcp 0 0 0.0.0.0:902 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:903 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:427 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN
13
Thursday, 21 October, 2010
![Page 14: Smau 2010 MIlano: Seminario AIPSI Virtualizzazione Sicura](https://reader038.vdocuments.net/reader038/viewer/2022110308/55757f27d8b42adb7e8b4fd7/html5/thumbnails/14.jpg)
Virtualization (in)security [email protected]
Perchè
intercettare / rallentare il traffico iSCSI / NFS
storage in replica per HA/DR
14
Thursday, 21 October, 2010
![Page 15: Smau 2010 MIlano: Seminario AIPSI Virtualizzazione Sicura](https://reader038.vdocuments.net/reader038/viewer/2022110308/55757f27d8b42adb7e8b4fd7/html5/thumbnails/15.jpg)
Virtualization (in)security [email protected]
Migration
Manipolare le VM durante la migrazione?
http://www.eecs.umich.edu/techreports/cse/2007/CSE-TR-539-07.pdfJon Oberheide, Evan Cooke, Farnam Jahanian: Xensploit
15
Thursday, 21 October, 2010
![Page 16: Smau 2010 MIlano: Seminario AIPSI Virtualizzazione Sicura](https://reader038.vdocuments.net/reader038/viewer/2022110308/55757f27d8b42adb7e8b4fd7/html5/thumbnails/16.jpg)
Virtualization (in)security [email protected]
Migration
Posso spostare VM infette
di datacenter in datacenter...
16
Thursday, 21 October, 2010
![Page 17: Smau 2010 MIlano: Seminario AIPSI Virtualizzazione Sicura](https://reader038.vdocuments.net/reader038/viewer/2022110308/55757f27d8b42adb7e8b4fd7/html5/thumbnails/17.jpg)
Virtualization (in)security [email protected]
Dubbi...
traffico “trusted” tra datacenter per garantire la migration delle VM?
Traffico protetto?
Traffico Trusted / VPN come canale di accesso amministrativo?
17
Thursday, 21 October, 2010
![Page 18: Smau 2010 MIlano: Seminario AIPSI Virtualizzazione Sicura](https://reader038.vdocuments.net/reader038/viewer/2022110308/55757f27d8b42adb7e8b4fd7/html5/thumbnails/18.jpg)
Virtualization (in)security [email protected]
Dormant VM
outdated policy
outdated signatures (AV, IPS)
manipolabili? >;-)
18
Thursday, 21 October, 2010
![Page 20: Smau 2010 MIlano: Seminario AIPSI Virtualizzazione Sicura](https://reader038.vdocuments.net/reader038/viewer/2022110308/55757f27d8b42adb7e8b4fd7/html5/thumbnails/20.jpg)
Virtualization (in)security [email protected]
Traffico interVM
firewall virtuali?
feature dell’hypervisor?
prodotti di terze parti?
20
Thursday, 21 October, 2010
![Page 21: Smau 2010 MIlano: Seminario AIPSI Virtualizzazione Sicura](https://reader038.vdocuments.net/reader038/viewer/2022110308/55757f27d8b42adb7e8b4fd7/html5/thumbnails/21.jpg)
Virtualization (in)security [email protected]
Prodotti agent based
multipiattaforma?
(comprende backup, AV, IPS...)
21
Thursday, 21 October, 2010
![Page 22: Smau 2010 MIlano: Seminario AIPSI Virtualizzazione Sicura](https://reader038.vdocuments.net/reader038/viewer/2022110308/55757f27d8b42adb7e8b4fd7/html5/thumbnails/22.jpg)
Virtualization (in)security [email protected]
Budget?
81% delle intrusioni avvengono su reti che non
sodisfano i requirement delle più diffuse
norme/best practice / guidelines
Gartner
22
Thursday, 21 October, 2010
![Page 23: Smau 2010 MIlano: Seminario AIPSI Virtualizzazione Sicura](https://reader038.vdocuments.net/reader038/viewer/2022110308/55757f27d8b42adb7e8b4fd7/html5/thumbnails/23.jpg)
Virtualization (in)security [email protected]
Conclusioni
Usare la virtualizzazione?
Si, ma…
Dividere, Filtrare, Analizzare, Patchare
23
Thursday, 21 October, 2010
![Page 24: Smau 2010 MIlano: Seminario AIPSI Virtualizzazione Sicura](https://reader038.vdocuments.net/reader038/viewer/2022110308/55757f27d8b42adb7e8b4fd7/html5/thumbnails/24.jpg)
Alessio L.R. [email protected]: mayhemsppFaceBook: alessio.pennasilico
Domande?
These slides are written by Alessio L.R. Pennasilico aka mayhem. They are subjected to Creative Commons Attribution-ShareAlike 2.5 version; you can copy, modify or sell them. “Please” cite your source and use the same licence :)
Grazie per l’attenzione!
Thursday, 21 October, 2010