Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

Management at Superior Technical College would like you to report on one or more

ID: 3603492 • Letter: M

Question

Management at Superior Technical College would like you to report on one or more of the latest virtualization malware or security threats. In this project you are to use the links below to prepare a report that describes how the Storm worm and how other malware may use virtualization. In addition to these sites, use Google or some other research tool to gather more information regarding techniques to secure the software-defined data center.

http://isc.sans.org/diary.html?storyid=3190

http://www.symantec.com/connect/blogs/does-malware-still-detect-virtual-machines

Explanation / Answer

One of the top cloud computing threats involves one of its core enabling technologies: virtualization. In virtual environments, there are multiple attack avenues, but this tip will look at ones that are most likely to be experienced by users of the technology: • Prebuilt virtual machines/virtual appliances containing malicious code (Trojaned) • Improperly configured virtual firewalls or networking • Improperly configured hypervisor • Data leakage through offline images When building security defenses against these virtualization security risks, it’s important to keep in mind a concept that is typically understood and yet often overlooked: The hypervisor and its guests are really just one big pile of code on one physical box. There is no guarantee that the hypervisor is more secure or less buggy than any other software of comparable size (unless “evaluated,” according to e.g., United States Government Department of Defense (DoD) Trusted Computer System Evaluation Criteria). The physical isolation/separation that was relied upon (at some level) for security is gone, and we need to take that into account when thinking about threats. Trojaned virtual machines/virtual appliances The presence of untrusted virtual machines or Trojaned virtual appliances in the environment should be the first virtualization security risk you address. The untrusted virtual machine will manifest itself in public clouds (i.e., multitenant), and is a bad guy bringing up a malicious system that will attempt to identify “proximity” related vulnerabilities. The threats are created because the VM is either running on the same hypervisor or within the same cloud, and the cloud provider has created some level of “trust” between the virtual machines that the consumer is not aware of. If those vulnerabilities exist, the likelihood of exploit increases significantly.Malicious virtual appliances (an appliance in this sense is anything that is “pre-packaged” for you to just download and run as a VM) would be a threat in public or private cloud environments. Since you install/use these appliances, there’s an element of trust you have given them. The malicious system would then attempt to find vulnerabilities through its “trust” and exploit them. Now an attacker would have a compromised machine in your environment, thus the intrusion succeeded. Recently, Amazon notified its Elastic Compute Cloud customers that it had identified compromised Amazon Machine Images (AMI) in its community set of AMIs, which are combinations (i.e., stacks) of software created to help users deploy servers quickly in EC2. The notification reminded users about the danger of compromised AMIs. Amazon realized that a compromised “appliance” or “build image” provides a trusted foothold in obtaining critical information, such as credentials for further exploit. The keys to preventing these threats are to only use verified and tested appliances/images, and have assurance that your cloud provider has properly configured hypervisor and networking configurations that do not create unintended proximity trust. Further, keep in mind the nature of physical isolation/separation in the virtualized environment and configure systems accordingly. Improperly configured virtual firewalls or networking Traditionally, the networking team handled the configuration of firewalls and network equipment. They understand the intricacies and security implications of VLANs, tagging, routing, stateful connections, how inbound vs. outbound apply to interfaces, etc. This may or may not be true for many host administrators. In a virtual environment, many of the host administrators are now configuring and managing these network security devices. If these devices are not configured correctly, you can have traffic meant for one VM being seen or delivered to another VM or an outside entity. While tools exist to do this right, it is primarily a people “issue,” in that administrators are being asked to manage security devices they do not understand. Overlook this, and you can have your underbelly exposed.

Related Questions

Management Assignment Wal-Mart Stores Inc. is the largest retail company in the
Question #367706
Management By Objectives (MBO) is a process that almost always is discussed in c
Question #357614
Management Decision MANAGING OR SPYING? Well, it’s the last Friday of the month,
Question #364602
Management Diagram One new idea I gained from reading was the in depth descripti
Question #413412
Management Information System Ed 7, Chapter 13 KIMBALL’S REVISITED The initial a
Question #424038
Management Information System Ed 7, Chapter 13 KIMBALL’S REVISITED The initial a
Question #424092
Management Information System MIS 201 1) Define SCM and how it can benefit Zappo
Question #380343
Management Information Systems - Kenneth J. Sousa Effy Oz 7th Edition Chapter 9
Question #361627
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
Management at Gordon Electronics is considering adopting a bonus system to incre
Next
Management at Work Employees at Diving Swallow Custom Tattoo in Oakland, Califor

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.