VMworld 2013: Troubleshooting and Monitoring NSX Service Composer Policies

download VMworld 2013: Troubleshooting and Monitoring NSX Service Composer Policies

of 46

  • date post

    11-Jun-2015
  • Category

    Technology

  • view

    211
  • download

    0

Embed Size (px)

description

VMworld 2013 Shubha Bheemarao, VMware Mitchell Christensen, VMware Learn more about VMworld and register at http://www.vmworld.com/index.jspa?src=socmed-vmworld-slideshare

Transcript of VMworld 2013: Troubleshooting and Monitoring NSX Service Composer Policies

  • 1. Troubleshooting and Monitoring NSX Service Composer Policies Shubha Bheemarao, VMware Mitchell Christensen, VMware SEC5889 #SEC5889

2. 2 Objective Identify specific use cases that highlight the value of advanced visibility with simplified workflows Showcase why user and application visibility is essential to have a secure datacenter policy Demonstrate how to use NSX Activity Monitoring provides advanced visibility 3. 4 Security Teams Care About Policy and Compliance Security Architect Regulations, Standards, Best Practices Access Control Segmentation Automation Audit Infrastructure Requirements Common Control Frameworks 4. 5 Think About Your Last Interaction With The Security Team VI Admin / Cloud Operator Do we have this malicious software running? PCI Auditors in the house are we compliant? High severity vulnerabilities on critical business systems must patch! 5. 6 The Cloud Operator Has to Make This All WorkBut How? VI Admin / Cloud Operator Yikes. Security Policy Security Operations Security team asks operator to implement policies that are specified at user and application level I need this. Security Architect 6. 7 Agenda Security Operations Is Catching Up with Policy Prerequisites To Enforcing Policy Visibility NSX Activity Monitoring Provides Advanced Visibility to Users and Applications Demo of NSX Activity monitoring to address Common Enterprise Security Policies Insider Threat Rogue Applications Malicious Software Next Steps 7. 8 Visibility Tools Are Required To Implement Security Policy DEFINE Security Architect MONITOR VI Admin / Cloud Operator ENFORCE VI Admin / Cloud Operator 8. 9 Get Advanced Visibility Into Users and Applications VI Admin / Cloud Operator No problem. Allow THIS user can access THAT application Security Architect Step 1. Security team defines policy for who is allowed access to what applications. Then they ask the data center operator to make it happen. 9. 10 VI Admin / Cloud Operator Easy. Step 2. Operator monitors the system to identify right level of application protection. Then they tune the enforcement rules to ensure adherence to expected policy. Security Architect Compliant. Get Advanced Visibility Into Users and Applications 10. 11 Step 3. Operator identifies non compliant activity and informs the security team to remediate/ tune security policies. Gets approval and applies to workloads. I found something fishy. VI Admin / Cloud Operator Yup. Can you block this Security Architect Sure, No problem Get Advanced Visibility Into Users and Applications 11. 12 Agenda Security Operations Is Catching Up with Policy Prerequisites To Enforcing Policy Visibility NSX Provides Tools for Advanced Visibility Demo of NSX Activity monitoring to address Common Enterprise Security Policies Insider Threat Rogue Applications Malicious Software Next Steps 12. 13 NSX Provides Tools To Define and Enforce Policy MONITOR ENFORCE DEFINE Security Architect VI Admin / Cloud Operator VI Admin / Cloud Operator NSX Service Composer NSX Service Composer NSX Firewall 13. 14 Built-In Services Firewall, Identity-based Firewall Data Security (DLP / Discovery) Visibility Network traffic flows User access of network assets Active In-guest applications User access of in-guest applications 3rd Party Services IDS / IPS, AV, Vulnerability Mgmt 2013 Vendors: Symantec, McAfee, Trend Micro, Rapid 7 Any Application (without modification) Virtual Networks VMware NSX Network Virtualization Platform Logical L2 Any Network Hardware Any Cloud Management Platform Logical Firewall Logical Load Balancer Logical L3 Logical VPN Any Hypervisor Security Policies Define policies using profiles from built-in services and 3rd party services - HOW you want to protect workloads VMware NSX Service Composer Provides Policy Framework Automation Use security tags and other context to drive dynamic membership of security groups results in IF-THEN workflows across services 14. 15 NSX Provides Advanced Visibility Into Users and Applications MONITOR ENFORCE DEFINE Security Architect VI Admin / Cloud Operator VI Admin / Cloud Operator NSX Service Composer NSX Activity Monitoring NSX Service Composer NSX Firewall 15. 16 Built-In Services Firewall, Identity-based Firewall Data Security (DLP / Discovery) Visibility Network traffic flows User access of network assets Active In-guest applications User access of in-guest applications 3rd Party Services IDS / IPS, AV, Vulnerability Mgmt 2013 Vendors: Symantec, McAfee, Trend Micro, Rapid 7 Any Application (without modification) Virtual Networks VMware NSX Network Virtualization Platform Logical L2 Any Network Hardware Any Cloud Management Platform Logical Firewall Logical Load Balancer Logical L3 Logical VPN Any Hypervisor Security Policies Define policies using profiles from built-in services and 3rd party services - HOW you want to protect workloads NSX Activity Monitoring Provides Advanced Visibility Automation Use security tags and other context to drive dynamic membership of security groups results in IF-THEN workflows across services 16. 17 NSX Activity Monitoring Provides Advanced VIsibility AD Group AD Group Security Group Security Group Desktop Pool NSX Activity Monitoring provides visibility into group, application and destination activity in the virtual environment User: Joe Users accessing assets Applications running on virtual machines Server access by AD Group, Security group or Desktop Pool Interactions between groups ( AD, SG or DP) 17. 18 Agenda Security Operations Is Catching Up with Policy Prerequisites To Enforcing Policy Visibility NSX Activity Monitoring Provides Advanced Visibility to Users and Applications Demo of NSX Activity monitoring to address Common Enterprise Security Policies Insider Threat Rogue Applications Malicious Software Next Steps 18. 19 Sample Security Policy Allow only approved users access specific applications on corporate assets. Have a policy on WHO is allowed access to WHAT from WHERE is critical to secure assets. In other words.. 1. Allow only authorized users to access critical business applications 2. Allow only authorized applications on corporate servers 3. Allow access to only required ports from specific networks MONITOR ENFORCE DEFINE 19. 20 Challenge: Do You Trust All Your Users? Monitor Enforce Define Policy Category Regulatory / HIPAA: Access controls should enable authorized users to access the minimum necessary information needed to perform job functions. Challenges Threats are not just outside organizational boundaries Network level access control is not sufficient for cloud environments Controlled access for insiders based on user identity is required to safeguard corporate assets 20. 21 EPIC Servers NursesDoctors Requirement: Allow only authorized users to access critical applications Requirements Find which user group needs access to which asset Ability to generate reports on: Which users are connecting to the set of applications? What applications are the non trusted users connecting to? Option to limit access based on user identity Monitor Enforce Define Financ e Accounting Servers 21. 22 Demo UI Introduction 22. 24 Demo Verify EPIC Access 23. 26 Demo Block Finance access to EPIC Servers 24. 28 Agenda Security Operations Is Catching Up with Policy Prerequisites To Enforcing Policy Visibility NSX Activity Monitoring Provides Advanced Visibility to Users and Applications Demo of NSX Activity monitoring to address Common Enterprise Security Policies Insider Threat Rogue Applications Malicious Software Next Steps 25. 29 Challenge: Do you know whats running on your servers? Monitor Enforce Define Policy Category Acceptable use of Information Systems: Clear definition of what is and is not acceptable Corporate Governance of IT: Define how technology is used and managed to support business needs Challenges Visibility into all data center applications Identify Rogue Applications that either capture confidential information or siphon sensitive data to external sources Identify Vulnerable Applications to reduce the scope of attack 26. 30 Requirement: Allow only authorized applications corporate servers DB Administrators HR Requirements Identify all applications running on corporate servers Create a list of acceptable, grey listed and non permitted applications for servers Monitor, restrict and report violations of all acceptable use policies Monitor Enforce Define HTTP WEB APP DATABASE ODBC ODBC 27. 31 Demo User Access to Applications 28. 32 29. 33 Demo Inbound Application Access 30. 35 Agenda Security Operations Is Catching Up with Policy Prerequisites To Enforcing Policy Visibility NSX Activity Monitoring Provides Advanced Visibility to Users and Applications Demo of NSX Activity monitoring to address Common Enterprise Security Policies Insider Threat Rogue Applications Malicious Software Next Steps 31. 36 Challenge: Are you protected from malware? Monitor Enforce Define Policy Category Acceptable use of Information Systems: Clear definition of what is and is not acceptable Single use systems: for protection of critical services Challenges Identify and prevent further spread of malware in the network Regular Monitoring for rogue or vulnerable applications to avoid compromise 32. 37 Requirement: Allow only required ports to be open based on expected use HTTPS WEB APP DATABASE Requirements Find all user and application activity on critical servers Ensure that only allowed applications are running Monitor applicable controls regularly Monitor Enforce Define HR 33. 38 Demo VM Activity 34. 41 How Do You Deploy? Active Directory Eric Frost Today Source Destination 172.16.254.1 172.16.112.2 With Activity Monitoring VM Tools User AD Group App Name Originating VM Name Destination VM Name So