Securitatea virtualizarii
-
Upload
tudor-damian -
Category
Technology
-
view
1.067 -
download
4
description
Transcript of Securitatea virtualizarii
![Page 1: Securitatea virtualizarii](https://reader034.fdocument.pub/reader034/viewer/2022042502/5560b8e2d8b42aef3b8b4bac/html5/thumbnails/1.jpg)
![Page 2: Securitatea virtualizarii](https://reader034.fdocument.pub/reader034/viewer/2022042502/5560b8e2d8b42aef3b8b4bac/html5/thumbnails/2.jpg)
despre mine
![Page 3: Securitatea virtualizarii](https://reader034.fdocument.pub/reader034/viewer/2022042502/5560b8e2d8b42aef3b8b4bac/html5/thumbnails/3.jpg)
Tudor DamianIT Solutions Specialist
tudy
![Page 4: Securitatea virtualizarii](https://reader034.fdocument.pub/reader034/viewer/2022042502/5560b8e2d8b42aef3b8b4bac/html5/thumbnails/4.jpg)
despre webcast
![Page 5: Securitatea virtualizarii](https://reader034.fdocument.pub/reader034/viewer/2022042502/5560b8e2d8b42aef3b8b4bac/html5/thumbnails/5.jpg)
virtualizarea ca instrument și țintăîn securitatea sistemelor informatice
![Page 6: Securitatea virtualizarii](https://reader034.fdocument.pub/reader034/viewer/2022042502/5560b8e2d8b42aef3b8b4bac/html5/thumbnails/6.jpg)
o scurtă istorie
![Page 7: Securitatea virtualizarii](https://reader034.fdocument.pub/reader034/viewer/2022042502/5560b8e2d8b42aef3b8b4bac/html5/thumbnails/7.jpg)
un SO, un user, o aplicație
![Page 8: Securitatea virtualizarii](https://reader034.fdocument.pub/reader034/viewer/2022042502/5560b8e2d8b42aef3b8b4bac/html5/thumbnails/8.jpg)
un SO, un user, mai multe aplicații
![Page 9: Securitatea virtualizarii](https://reader034.fdocument.pub/reader034/viewer/2022042502/5560b8e2d8b42aef3b8b4bac/html5/thumbnails/9.jpg)
un SO, mai mulți useri, mai multe aplicații
![Page 10: Securitatea virtualizarii](https://reader034.fdocument.pub/reader034/viewer/2022042502/5560b8e2d8b42aef3b8b4bac/html5/thumbnails/10.jpg)
mai multe SO, mai mulți useri, mai multe aplicații
![Page 11: Securitatea virtualizarii](https://reader034.fdocument.pub/reader034/viewer/2022042502/5560b8e2d8b42aef3b8b4bac/html5/thumbnails/11.jpg)
”granițe” artificiale în securitate
![Page 12: Securitatea virtualizarii](https://reader034.fdocument.pub/reader034/viewer/2022042502/5560b8e2d8b42aef3b8b4bac/html5/thumbnails/12.jpg)
securitatea nu poate fi impusă întotdeauna doar prin elemente fizice
![Page 13: Securitatea virtualizarii](https://reader034.fdocument.pub/reader034/viewer/2022042502/5560b8e2d8b42aef3b8b4bac/html5/thumbnails/13.jpg)
separarea privilegiilor utilizatorilor la nivel de aplicație
![Page 14: Securitatea virtualizarii](https://reader034.fdocument.pub/reader034/viewer/2022042502/5560b8e2d8b42aef3b8b4bac/html5/thumbnails/14.jpg)
separarea privilegiilor la nivel de SO prin intermediul kernel-ului
![Page 15: Securitatea virtualizarii](https://reader034.fdocument.pub/reader034/viewer/2022042502/5560b8e2d8b42aef3b8b4bac/html5/thumbnails/15.jpg)
separarea SO prin intermediul separării fizice a hardware-ului
![Page 16: Securitatea virtualizarii](https://reader034.fdocument.pub/reader034/viewer/2022042502/5560b8e2d8b42aef3b8b4bac/html5/thumbnails/16.jpg)
separarea la nivel de rețea prin intermediul unui firewall
![Page 17: Securitatea virtualizarii](https://reader034.fdocument.pub/reader034/viewer/2022042502/5560b8e2d8b42aef3b8b4bac/html5/thumbnails/17.jpg)
ce este virtualizarea?
![Page 18: Securitatea virtualizarii](https://reader034.fdocument.pub/reader034/viewer/2022042502/5560b8e2d8b42aef3b8b4bac/html5/thumbnails/18.jpg)
proces prin care o entitate fizică e făcută să se comporte ca mai multe
entități logice independente
![Page 19: Securitatea virtualizarii](https://reader034.fdocument.pub/reader034/viewer/2022042502/5560b8e2d8b42aef3b8b4bac/html5/thumbnails/19.jpg)
ce se poate virtualiza?
![Page 20: Securitatea virtualizarii](https://reader034.fdocument.pub/reader034/viewer/2022042502/5560b8e2d8b42aef3b8b4bac/html5/thumbnails/20.jpg)
platforme
![Page 21: Securitatea virtualizarii](https://reader034.fdocument.pub/reader034/viewer/2022042502/5560b8e2d8b42aef3b8b4bac/html5/thumbnails/21.jpg)
resurse
![Page 22: Securitatea virtualizarii](https://reader034.fdocument.pub/reader034/viewer/2022042502/5560b8e2d8b42aef3b8b4bac/html5/thumbnails/22.jpg)
aplicații
![Page 23: Securitatea virtualizarii](https://reader034.fdocument.pub/reader034/viewer/2022042502/5560b8e2d8b42aef3b8b4bac/html5/thumbnails/23.jpg)
desktop
![Page 24: Securitatea virtualizarii](https://reader034.fdocument.pub/reader034/viewer/2022042502/5560b8e2d8b42aef3b8b4bac/html5/thumbnails/24.jpg)
mituri de securitate
![Page 25: Securitatea virtualizarii](https://reader034.fdocument.pub/reader034/viewer/2022042502/5560b8e2d8b42aef3b8b4bac/html5/thumbnails/25.jpg)
”dacă îmi protejez mașina gazdă, și mașinile virtuale vor fi protejate”
![Page 26: Securitatea virtualizarii](https://reader034.fdocument.pub/reader034/viewer/2022042502/5560b8e2d8b42aef3b8b4bac/html5/thumbnails/26.jpg)
”fișierele .VHD/.VMDK sunt implicit sigure”
![Page 27: Securitatea virtualizarii](https://reader034.fdocument.pub/reader034/viewer/2022042502/5560b8e2d8b42aef3b8b4bac/html5/thumbnails/27.jpg)
”dacă expun o mașină virtuală, trebuie să-mi expun toate mașinile
virtuale, și mașina gazdă”
![Page 28: Securitatea virtualizarii](https://reader034.fdocument.pub/reader034/viewer/2022042502/5560b8e2d8b42aef3b8b4bac/html5/thumbnails/28.jpg)
”toate mașinile virtuale se <<văd>> între ele”
![Page 29: Securitatea virtualizarii](https://reader034.fdocument.pub/reader034/viewer/2022042502/5560b8e2d8b42aef3b8b4bac/html5/thumbnails/29.jpg)
tipuri de atacuri
![Page 30: Securitatea virtualizarii](https://reader034.fdocument.pub/reader034/viewer/2022042502/5560b8e2d8b42aef3b8b4bac/html5/thumbnails/30.jpg)
jailbreak attacks (escapes)
![Page 31: Securitatea virtualizarii](https://reader034.fdocument.pub/reader034/viewer/2022042502/5560b8e2d8b42aef3b8b4bac/html5/thumbnails/31.jpg)
migration attacks
![Page 32: Securitatea virtualizarii](https://reader034.fdocument.pub/reader034/viewer/2022042502/5560b8e2d8b42aef3b8b4bac/html5/thumbnails/32.jpg)
virtual/physical network service attacks
![Page 33: Securitatea virtualizarii](https://reader034.fdocument.pub/reader034/viewer/2022042502/5560b8e2d8b42aef3b8b4bac/html5/thumbnails/33.jpg)
encryption attacks
![Page 34: Securitatea virtualizarii](https://reader034.fdocument.pub/reader034/viewer/2022042502/5560b8e2d8b42aef3b8b4bac/html5/thumbnails/34.jpg)
exemple de atacuri raportate
![Page 35: Securitatea virtualizarii](https://reader034.fdocument.pub/reader034/viewer/2022042502/5560b8e2d8b42aef3b8b4bac/html5/thumbnails/35.jpg)
feb 2007, apr 2009
VMware / ESX
VMware Workstation escape attack
![Page 36: Securitatea virtualizarii](https://reader034.fdocument.pub/reader034/viewer/2022042502/5560b8e2d8b42aef3b8b4bac/html5/thumbnails/36.jpg)
oct 2007, Secunia
open-source Xen hypervisor
obținere de privilegii neautorizate
![Page 37: Securitatea virtualizarii](https://reader034.fdocument.pub/reader034/viewer/2022042502/5560b8e2d8b42aef3b8b4bac/html5/thumbnails/37.jpg)
2007
Microsoft Virtual PC & Microsoft Virtual Server
vulnerabilitate care permitea unui guest săruleze cod pe host sau pe alt guest
![Page 38: Securitatea virtualizarii](https://reader034.fdocument.pub/reader034/viewer/2022042502/5560b8e2d8b42aef3b8b4bac/html5/thumbnails/38.jpg)
câteva link-uri...
![Page 39: Securitatea virtualizarii](https://reader034.fdocument.pub/reader034/viewer/2022042502/5560b8e2d8b42aef3b8b4bac/html5/thumbnails/39.jpg)
http://searchsecurity.bitpipe.com/detail/RES/1213273947_134.html
http://www.foolmoon.net/cgi-bin/blog/index.cgi?mode=viewone&blog=1185593255
http://www.securityfocus.com/bid/29183/info
http://secunia.com/advisories/29129/
http://seclists.org/fulldisclosure/2007/Sep/0355.html
http://lists.vmware.com/pipermail/security-announce/2009/000055.html
http://www.immunityinc.com/documentation/cloudburst-vista.html
http://taviso.decsystem.org/virtsec.pdf
http://www.eecs.umich.edu/techreports/cse/2007/CSE-TR-539-07.pdf
http://www.stanford.edu/~talg/papers/HOTOS05/virtual-harder-hotos05.pdf
![Page 40: Securitatea virtualizarii](https://reader034.fdocument.pub/reader034/viewer/2022042502/5560b8e2d8b42aef3b8b4bac/html5/thumbnails/40.jpg)
soluții de securitate bazate pe virtualizare
![Page 41: Securitatea virtualizarii](https://reader034.fdocument.pub/reader034/viewer/2022042502/5560b8e2d8b42aef3b8b4bac/html5/thumbnails/41.jpg)
sandboxing
http://en.wikipedia.org/wiki/Sandbox_(computer_security)
![Page 42: Securitatea virtualizarii](https://reader034.fdocument.pub/reader034/viewer/2022042502/5560b8e2d8b42aef3b8b4bac/html5/thumbnails/42.jpg)
high availability
![Page 43: Securitatea virtualizarii](https://reader034.fdocument.pub/reader034/viewer/2022042502/5560b8e2d8b42aef3b8b4bac/html5/thumbnails/43.jpg)
disaster recovery
![Page 44: Securitatea virtualizarii](https://reader034.fdocument.pub/reader034/viewer/2022042502/5560b8e2d8b42aef3b8b4bac/html5/thumbnails/44.jpg)
forensic analysis
![Page 45: Securitatea virtualizarii](https://reader034.fdocument.pub/reader034/viewer/2022042502/5560b8e2d8b42aef3b8b4bac/html5/thumbnails/45.jpg)
honeypots / honeynets
http://en.wikipedia.org/wiki/Honeypot_(computing)
![Page 46: Securitatea virtualizarii](https://reader034.fdocument.pub/reader034/viewer/2022042502/5560b8e2d8b42aef3b8b4bac/html5/thumbnails/46.jpg)
soluțiile de virtualizare sunt într-o continuă evoluție
![Page 47: Securitatea virtualizarii](https://reader034.fdocument.pub/reader034/viewer/2022042502/5560b8e2d8b42aef3b8b4bac/html5/thumbnails/47.jpg)
exemplu concret:Hyper-V R2 și SCVMM R2
![Page 48: Securitatea virtualizarii](https://reader034.fdocument.pub/reader034/viewer/2022042502/5560b8e2d8b42aef3b8b4bac/html5/thumbnails/48.jpg)
Hyper-V Server 2008 R2 vs. Windows Server 2008 R2
CapabilitiesMicrosoft
Hyper-V Server 2008 Microsoft
Hyper-V Server 2008 R2
Windows Server 2008 R2 EE, DC
(Hyper-V)
Number of Logicalprocessors supported
24 64 64
Number of Sockets (Licensing)
Up to 4 Up to 8 Up to 8 = EE | Up to 64 = DC
Memory Up to 32 GB Up to 1 TB Up to 1TB
VM Migration None Quick and Live migration Quick and Live Migration
Number of VM’s per node in a cluster
Not applicable 32 (server workloads)64 (VDI workloads)
32 (server workloads)64 (VDI workloads)
Virtualization Rights for Windows Server 2008
guests0 0
EE = 4 VMDC = unlimited VM’s
Number of running VMGuests
Up to 192, or as many as physical resources allow
Up to 384 or as many as physical resources allow
Up to 384, or as many as physical resources allow
Windows Server 2008 CALs Required for Guest Server
OSNo No Yes
Guest OS supportWindows Server 2008 R2, Windows Server 2008 & SP2, Windows Server 2003 SP2, Windows 2000 Server, SLES
10, SLES 11, Red Hat Enterprise 5.2/5.3, Windows 7, Windows Vista SP1, SP2 & Windows XP SP3/SP2
![Page 49: Securitatea virtualizarii](https://reader034.fdocument.pub/reader034/viewer/2022042502/5560b8e2d8b42aef3b8b4bac/html5/thumbnails/49.jpg)
odată cu R2, Hyper-V™ devine cu adevărat competitiv
![Page 50: Securitatea virtualizarii](https://reader034.fdocument.pub/reader034/viewer/2022042502/5560b8e2d8b42aef3b8b4bac/html5/thumbnails/50.jpg)
Hyper-V R2 - scalabilitate în producție• Microsoft.com: ~50% Hyper-V (în creștere)
– ~1.2 miliarde de hit-uri pe lună
• MSDN/TechNet: 100% Hyper-V– ~1 milion de hit-uri pe zi, fiecare
• Connect, Codeplex, Social: 100% Hyper-V
• Microsoft IT (4 clustere, incluzând unul cu 16 noduri)
• Microsoft Global Foundation Services
– peste 1300 VM-uri pentru Windows Live games
![Page 51: Securitatea virtualizarii](https://reader034.fdocument.pub/reader034/viewer/2022042502/5560b8e2d8b42aef3b8b4bac/html5/thumbnails/51.jpg)
tehnic, soluțiile de virtualizare existente sunt oarecum echivalente
![Page 52: Securitatea virtualizarii](https://reader034.fdocument.pub/reader034/viewer/2022042502/5560b8e2d8b42aef3b8b4bac/html5/thumbnails/52.jpg)
diferența o fac instrumentele de administrare / management
![Page 53: Securitatea virtualizarii](https://reader034.fdocument.pub/reader034/viewer/2022042502/5560b8e2d8b42aef3b8b4bac/html5/thumbnails/53.jpg)
System Center Virtual Machine Manager
http://www.microsoft.com/systemcenter/virtualmachinemanager/en/us/features.aspx
![Page 54: Securitatea virtualizarii](https://reader034.fdocument.pub/reader034/viewer/2022042502/5560b8e2d8b42aef3b8b4bac/html5/thumbnails/54.jpg)
în final, un feedback din industrie (hosting / VPS)
![Page 55: Securitatea virtualizarii](https://reader034.fdocument.pub/reader034/viewer/2022042502/5560b8e2d8b42aef3b8b4bac/html5/thumbnails/55.jpg)
”From a hosting perspective, virtualization is all about control. Servers multiply fast and you
need to keep track of who has them and what they are doing with them. Customer data,
resource data and usage data are essential.”
Ross Brouse, CEO
![Page 56: Securitatea virtualizarii](https://reader034.fdocument.pub/reader034/viewer/2022042502/5560b8e2d8b42aef3b8b4bac/html5/thumbnails/56.jpg)
”I knew that would be the biggest hurdle when I started this thing, that's why I chose Parallels. Not
because the software was insecure and unstable, but because I needed to automate. Automation is what
Xen, Hyper-V, VMWare and all the other solutions out there lack. All of their solutions are built for the
enterprise, which in this day and age is a mistake. Not that its a bad market, but these companies have such
poor focus on the service provider.”
Ross Brouse, CEO
![Page 57: Securitatea virtualizarii](https://reader034.fdocument.pub/reader034/viewer/2022042502/5560b8e2d8b42aef3b8b4bac/html5/thumbnails/57.jpg)
întrebări
![Page 58: Securitatea virtualizarii](https://reader034.fdocument.pub/reader034/viewer/2022042502/5560b8e2d8b42aef3b8b4bac/html5/thumbnails/58.jpg)
mulțumesc.
![Page 59: Securitatea virtualizarii](https://reader034.fdocument.pub/reader034/viewer/2022042502/5560b8e2d8b42aef3b8b4bac/html5/thumbnails/59.jpg)
Tudor DamianIT Solutions Specialist
tudy