Hyper-V Security Tips:Protect yourself from vulnerabilities that you never knew existedSymon Perriman Alex KaravanovVP, Business Development Director of Sales EngineeringSymon@5nine.com AMK@5nine.com

5nine Software, Inc.www.5nine.comTwitter @5nine_Software

Hyper-V Security Tips

• Introduction

• Firewall

• Antivirus & Antimalware

• Intrusion Detection

• Management

• Summary

Introduction

Hyper-V Security Tips:Protect yourself from vulnerabilities that you never knew existed

Meet the Speakers

Symon Perriman is 5nine Software’s VP of Business Development and Marketing. Previously he was Microsoft's Senior Technical Evangelist and worldwide technical lead covering Hyper-V, Windows Server, and System Center. He has trained millions of IT Professionals, holds several patents and dozens of industry certifications, and in 2013 he co-authored "Introduction to System Center 2012 R2 for IT Professionals" (Microsoft Press).

Contact Symon@5nine.com or Twitter @SymonPerriman

Alex Karavanov manages 5nine Software’s Sales Engineering team.He has been in information security field for more than 10 years. Alex leads major 5nine Software management and security projects worldwide and aims to deliver the best efficiency and protection of the virtual infrastructures, to achieve the highest system performance and security level. He also holds multiple industry certifications.

Contact AMK@5nine.com or Twitter @5nine_Software

Meet 5nine Software

• Founded in 2009

• Headquartered in Chicago with offices worldwide

• More than 50,000 customers globally, representing companies and datacenters of all sizes

• The #1 leading solutions provider of security & management applications for Hyper-V environments– 5nine Cloud Security - Agentless security for Hyper-V, System Center and Azure Pack

– 5nine Manager - Integrated Hyper-V and Cluster Management for SMB

– 5nine V2V Easy Converter - Free VMware to Hyper-V virtual machine migration tool

• www.5nine.com

• Traditional endpoint security fails– Installing agents inside every VM is impractical– Securing every VM will affect the performance of the host and other VMs

• Virtual machines, networks and storage are dynamic– Users can rapidly create and destroy virtualized resources– Protection needs to be automatic and immediate

• Fabric admins lack full control over all resources– Tenant VMs are often private and protected from fabric admins

• Security & compliance is critical to the business & reputation– Many security and compliance regulations now consider virtualization & clouds– Many threats target virtualized environments & clouds– A security breach can ruin the reputation of a company

Security Design for a Virtualized Environment

5nine Cloud Security

Hyper-V HostsSQL Server

5nine Cloud Security Management Server / VM

Hyper-V Cluster

5nine Cloud Security Management 5nine Console | PowerShell | Azure Pack Extension | SCVMM

- Architecture

Firewall

Hyper-V Security Tips:Protect yourself from vulnerabilities that you never knew existed

Firewall Challenges

• Windows Firewall not possible for all Hyper-V VMs– Different requirements for Linux, VDI & Windows Server

workloads

• Physical firewalls do not monitor private (internal) virtual networks– Does not analyze private VM networks (“blind spots”)

as the VM’s traffic does not leave the host– Allows for security breaches to spread within a host

Firewall Best Practices

• Use a central point of management– Use templates and apply global policies– Use a database with reporting capabilities (such as SQL

Server)

• Protect private virtual networks– Physical firewalls are ineffective or complex– Prevent threats from spreading across a host

• Protect at the host level– Secure every supported Hyper-V guest OS– Use the Hyper-V extensible switch in kernel mode used to

inspect, drop, modify, or insert packets

Hyper-V Extensible Switch

Hyper-V Virtual Machines

Virtual Network Adapters

Virtual Switch

Hyper-V Host

Physical Network Adapter

5nine Cloud Security Filtering Extension

• Virtual Networks– External– Internal– Private

Agentless Firewall Protection Across all Networks

DEMO5nine Cloud SecurityVirtual Firewall

Antivirus & Antimalware

Hyper-V Security Tips:Protect yourself from vulnerabilities that you never knew existed

Antivirus & Antimalware Challenges

• Admin may not have access to VM guest OS– Tenant may remove or disable the agent

• Full scan on every VM is not recommended– During scanning could have a massive performance hit– Very dense VM hosts may be overwhelmed by a “scanning

storm”– Could decrease VM performance due to high memory

paging– Could trigger live migration storms and other network

disruptions

Warning! AV Scanning can cause VM Corruption• Host scanning tools not designed for Hyper-V can cause

corruption

• KB 961804 – Microsoft recommended to not scan folders with VM configuration files, VHDs, replicated disks, snapshots and executables

Antivirus & Antimalware Best Practices

• Protect at the host level– Secure every supported Hyper-V guest OS– Admin may not have access to VM guest OS– Tenant may remove or disable the agent

• Use a solution designed for Hyper-V to avoid “blind spots” or VM corruption (KB 961804)

• Use industry-standard signatures

• Do not scan every VM– Hosts may be overwhelmed by a “scanning storm”– Use an agentless solution with Change Block Tracking (CBT)

and staggered scans

Hyper-V Virtual Hard Disk Storage

VHD on traditional SAN orCluster Shared Volumes (CSV) diskC:\ClusterStorage\Volume1\VM3

VHD on DASF:\VM1

VHD on SMB File Server\\FileServer\VM4

VM Network Protection

Prevent new infections

VM Storage Protection

Incremental scans with

Change Block Tracking

VM Storage Protection

Staggered full scans for

newly classified issues

DEMO5nine Cloud SecurityAntivirus & Antimalware

Intrusion Detection

Hyper-V Security Tips:Protect yourself from vulnerabilities that you never knew existed

Intrusion Detection Systems Challenges

• Hardware IDS monitors only internal and external network connections– Does not analyze threats on private VM networks (“blind

spots”)– Allows for security breaches to spread within a host

• Cloud scaling challenges– Slower detection– Slower response

Intrusion Detection Systems Best Practices• Use a software-based IDS solution designed for

Hyper-V– Dynamically scales with virtualization– Does not analyze traffic on private virtual networks– Secure every supported Hyper-V guest OS

• Use a central point of management– Fast reporting, tracking, and consistent heuristics

• Protect against inbound and outbound threats

• Use industry-standard signatures (Cisco Snort)

IDS Reporting

Hyper-V HostsDatabase or SQL

Server

5nine Cloud Security Management Server / VM

On-Premises Analytics (Syslog)

Cloud-Based Analytics

Public Internet

IDS Reporting

Hyper-V HostsDatabase or SQL

Server

5nine Cloud Security Management Server / VM

Public Internet

On-Premises Analytics (Syslog)

Cloud-Based Analytics

DEMO5nine Cloud SecurityIntrusion Detection System

Management

Hyper-V Security Tips:Protect yourself from vulnerabilities that you never knew existed

Management Challenges

• New regulations for virtualization & cloud computing increase complexity– Hosters and service providers must support

their customer’s requirements

• Public clouds are not available to everyone– Growing demand for Hyper-V hosting & service providers

worldwide

• Self-service users must receive immediate protection without slowing deployment or adding complexity

Management Best Practices

• Protect at the host level– Instantly protect a VM as soon as it is deployed

• Use supported software (Windows Server 2003 support ends in July, 2015)

• Use industry-standard policies, rules, filters, and log analytics

• Centralized management for an easy security and compliance audit – Store in SQL and use SQL Server Reporting Services, or

third-party analysis services and security analytics

5nine Cloud Security

Hyper-V HostsSQL Server

5nine Cloud Security Management Server / VM

Hyper-V Cluster

Redundant Management Group

SQL Server

SQL Cluster

Branch Office

SQL Server

5nine Cloud Security Management 5nine Console | PowerShell | Azure Pack Extension | SCVMM

- Enterprise Architecture

5nine Sync

DEMO5nine Cloud SecuritySCVMM Plugin & Azure Pack Extension

Summary

Hyper-V Security Tips:Protect yourself from vulnerabilities that you never knew existed

Summary

• Virtualized infrastructure has special security considerations

• Protect your datacenter with a virtual firewall, antivirus, antimalware, and intrusion detection system

• 5nine Cloud Security offers the only agentless solution for Hyper-V, System Center Virtual Machine Manager and Azure Pack

• Use centralized management and reporting with industry standard signatures from Kaspersky, ThreatTrack Vipre, and Cisco Snort

• www.5nine.com or Sales@5nine.com

• Cloud Security: http://www.5nine.com/CloudSecurity

• Licensing options– Licensed per 2 CPUs– Flexible pricing based on VM density– Service provider licenses and volume discounts available

• Sales direct, online, or through resellers & solution integrators

How to Acquire 5nine Cloud Security

Thank You

Sales:Phone US: +1 630-288-4700Phone Europe: +44 (20) 7048-2021Email: sales@5nine.com

Technical Support:Phone US/Canada Toll Free: +1 877-275-5232 Email: techsupport@5nine.com

Fax: +1 732-203-1665

Mailing Address:1385 Highway 35, STE 133, Middletown, NJ 07748 USA

5nine Software, IncOak Brooke Pointe, 700 Commerce Drive Ste 500, Oak Brook, IL 60523

Copyright © 2015 | 5nine Software, Inc. | All Rights Reserved