IT Virtualization Security
-
Upload
cameroon45 -
Category
Technology
-
view
289 -
download
7
description
Transcript of IT Virtualization Security
![Page 1: IT Virtualization Security](https://reader033.fdocuments.in/reader033/viewer/2022061120/546c2b0eaf795958298b4fc4/html5/thumbnails/1.jpg)
IT Virtualization Security 2009
Integrating Time-proven IT Security Principles with the Advantages of a
Virtualized Linux Environment on IBM System z
Dave RivardSSH Communications Security
![Page 2: IT Virtualization Security](https://reader033.fdocuments.in/reader033/viewer/2022061120/546c2b0eaf795958298b4fc4/html5/thumbnails/2.jpg)
Slides:
2 out of 240
![Page 3: IT Virtualization Security](https://reader033.fdocuments.in/reader033/viewer/2022061120/546c2b0eaf795958298b4fc4/html5/thumbnails/3.jpg)
Agenda System Virtualization and what is it? History and The Mainframe How have we gotten to this point? Why does the platform still exist? z Virtualization Architecture Advantages to Mainframe Virtualization Disadvantages How the heck do we Secure it?
![Page 4: IT Virtualization Security](https://reader033.fdocuments.in/reader033/viewer/2022061120/546c2b0eaf795958298b4fc4/html5/thumbnails/4.jpg)
System Virtualization - Overview and Benefits Ability to run multiple Operating Systems on
a single physical machine Can share resources with multiple hosts on
the same hardware Benefits:
Server consolidation and optimization Cost reduction Improved application availability Enhanced manageability
![Page 5: IT Virtualization Security](https://reader033.fdocuments.in/reader033/viewer/2022061120/546c2b0eaf795958298b4fc4/html5/thumbnails/5.jpg)
If its old does it work?
![Page 6: IT Virtualization Security](https://reader033.fdocuments.in/reader033/viewer/2022061120/546c2b0eaf795958298b4fc4/html5/thumbnails/6.jpg)
History Quote: “Forget about that
Mainframe thing, Concentrate on CCMail and Netware 3.1, that dinosaur is dead”
Unnamed IT Manager Somewhere in Springfield, Ma 1991
![Page 7: IT Virtualization Security](https://reader033.fdocuments.in/reader033/viewer/2022061120/546c2b0eaf795958298b4fc4/html5/thumbnails/7.jpg)
How have we gotten to this point? IBM Needed to open the MVS
Operating system to survive Decentralization Cost Flexibility
![Page 8: IT Virtualization Security](https://reader033.fdocuments.in/reader033/viewer/2022061120/546c2b0eaf795958298b4fc4/html5/thumbnails/8.jpg)
Why does the platform still exist?
Reliability Standardization Vast depth of 3rd party software Nobody ever got fired for buying IBM Fast transaction processor Fast database repository Security
![Page 9: IT Virtualization Security](https://reader033.fdocuments.in/reader033/viewer/2022061120/546c2b0eaf795958298b4fc4/html5/thumbnails/9.jpg)
z Virtualization Architecture Z/OS (MVS and DOS too) USS – UNIX System Services Z/VM – 1st to the scene LDAP – Out of the box Z/LINUX – How many IFL’s can
you host on one box?
![Page 10: IT Virtualization Security](https://reader033.fdocuments.in/reader033/viewer/2022061120/546c2b0eaf795958298b4fc4/html5/thumbnails/10.jpg)
So what was……
![Page 11: IT Virtualization Security](https://reader033.fdocuments.in/reader033/viewer/2022061120/546c2b0eaf795958298b4fc4/html5/thumbnails/11.jpg)
….now is…….
![Page 12: IT Virtualization Security](https://reader033.fdocuments.in/reader033/viewer/2022061120/546c2b0eaf795958298b4fc4/html5/thumbnails/12.jpg)
…and has become
![Page 13: IT Virtualization Security](https://reader033.fdocuments.in/reader033/viewer/2022061120/546c2b0eaf795958298b4fc4/html5/thumbnails/13.jpg)
Advantages to Mainframe Virtualization Scalability Flexibility Efficiency Reduction of Cost Z Security Improved Quality of Service
![Page 14: IT Virtualization Security](https://reader033.fdocuments.in/reader033/viewer/2022061120/546c2b0eaf795958298b4fc4/html5/thumbnails/14.jpg)
Disadvantages You just opened your most secure
box One Vendor How do we keep track of who is
who? How are we going to find all those
old Smelly guys?
![Page 15: IT Virtualization Security](https://reader033.fdocuments.in/reader033/viewer/2022061120/546c2b0eaf795958298b4fc4/html5/thumbnails/15.jpg)
Security in a z World
![Page 16: IT Virtualization Security](https://reader033.fdocuments.in/reader033/viewer/2022061120/546c2b0eaf795958298b4fc4/html5/thumbnails/16.jpg)
Virtualization Security Challenges Virtualization introduces a new layer of complexity
in the system new threat surface Sharing the same resource pool makes single
points of failure• Compromised hosts threaten also the guests
Virtualization breaks the traditional three tier architectural separation
Complexity of conversion to virtualized environment
• Rapid changes in the infrastructure• Not enough knowledge of the changed security
situation
![Page 17: IT Virtualization Security](https://reader033.fdocuments.in/reader033/viewer/2022061120/546c2b0eaf795958298b4fc4/html5/thumbnails/17.jpg)
Virtualized Security policies Avoid sharing of IP addresses Do not use hosts in situations where there is
risk for infectionExample: browsing the internet
Incorporate virtual machines in the corporate security policy
Link the physical security outside the pool and virtual security systems under one management to enable defense-in-depth
![Page 18: IT Virtualization Security](https://reader033.fdocuments.in/reader033/viewer/2022061120/546c2b0eaf795958298b4fc4/html5/thumbnails/18.jpg)
Authentication
PAM User Store? LDAP, RACF, ACF2, Top Secret? Provisioning? Rooms of Administrators? Federation System and User ID Parameters
Proper steps and planning to verify users and processes
![Page 19: IT Virtualization Security](https://reader033.fdocuments.in/reader033/viewer/2022061120/546c2b0eaf795958298b4fc4/html5/thumbnails/19.jpg)
Audit Individual logs? Volume of data Quality of events ID Switching/Generic ID’s Forensics
![Page 20: IT Virtualization Security](https://reader033.fdocuments.in/reader033/viewer/2022061120/546c2b0eaf795958298b4fc4/html5/thumbnails/20.jpg)
Encryption Native Hardware Cryptographic
Processors Telnet FTP
![Page 21: IT Virtualization Security](https://reader033.fdocuments.in/reader033/viewer/2022061120/546c2b0eaf795958298b4fc4/html5/thumbnails/21.jpg)
Conclusions Z Virtualized environments are being deployed
fast and the importance in production environments is growing
Virtualized environment improves security in some areas but introduces also new challenges
Virtualization requires new security thinking and a careful migration and implementation plan
Link the virtual and physical security to create a defense-in-depth approach
![Page 22: IT Virtualization Security](https://reader033.fdocuments.in/reader033/viewer/2022061120/546c2b0eaf795958298b4fc4/html5/thumbnails/22.jpg)
Resources IBM Redbooks
http://www.redbooks.ibm.com z/VM and Linux on IBM System The Virtualization Cookbook for SLES 10
SP2z/VM and Linux on IBM System z: Virtualization Cookbook for Red Hat
Enterprise Linux 4
Liberty Alliancehttp://www.projectliberty.org/
NSAhttp://www.nsa.gov/ia/_files/factsheets/
SOA_security_vulnerabilities_web.pdf