LECTURE 4
CLOUD SECURITY POLICY IMPLEMENTATION
Security policies are the foundation of a sound security implementation. Often organizations will implement technical security solutions without first creating this foundation of policies, standards, guidelines, and procedures, unintentionally creating unfocused and ineffective security controls.
Policy
A policy is one of those terms that can mean several things. For example, there are security policies on firewalls, which refer to the access control and routing list information. Standards, procedures, and guidelines are also referred to as policies in the larger sense of a global information security policy.
A good, well-written policy is more than an exercise created on white paper — it is an essential and fundamental element of sound security practice. A policy, for example, can literally be a lifesaver during a disaster, or it might be a requirement of a governmental or regulatory function. A policy can also provide protection from liability due to an employee’s actions, or it can control access to trade secrets.
Policy Types
In the corporate world, when we refer to specific polices, rather than a group policy, we generally mean those policies that are distinct from the standards, procedures, and guidelines. Policies are considered the first and highest level of documentation, from which the lower-level elements of standards, procedures, and guidelines flow.
This is not to say, however, that higher-level policies are more important than the lower elements. These higher-level policies, which reflect the more general policies and statements, should be created first in the process, for strategic reasons, and then the more tactical elements can follow.
Management should ensure the high visibility of a formal security policy. This is because nearly all employees at all levels will in some way be affected, major organizational resources will be addressed, and many new terms, procedures, and activities will be introduced.
Including security as a regular topic at staff meetings at all levels of the organization can be helpful. In addition, providing visibility through such avenues as management presentations, panel discussions, guest speakers, question/ answer forums, and newsletters can be beneficial.
1. Senior Management Statement of Policy
The first policy of any policy creation process is the senior management statement of policy. This is a general, high-level policy that acknowledges the importance of the computing resources to the business model; states support for information security throughout the enterprise; and commits to authorizing and managing the definition of the lower-level standards, procedures, and guidelines.
2. Regulatory Policies
Regulatory policies are security policies that an organization must implement due to compliance, regulation, or other legal requirements. These companies might be financial institutions, public utilities, or some other type of organization that operates in the public interest. Such policies are usually very detailed and specific to the industry in which the organization operates.
3. Advisory Policies
Advisory policies are security policies that are not mandated but strongly suggested, perhaps with serious consequences defined for failure to follow them (such as termination, a job action warning, and so forth). A company with such policies wants most employees to consider these policies mandatory. Most policies fall under this broad category.
4. Informative Policies
Informative policies are policies that exist simply to inform the reader. There are not implied or specified requirements, and the audience for this information could be certain internal (within the organization) or external parties. This does not mean that the policies are authorized for public consumption but that they are general enough to be distributed to external parties (vendors accessing an extranet, for example) without a loss of confidentiality.
CLOUD COMPUTING SECURITY CHALLENGES
Cloud computing opens up a new world of opportunities for businesses, but mixed in with these opportunities are numerous security challenges that need to be considered and addressed prior to committing to a cloud computing strategy.
Simply, if we want to understand, then
· CSPs believe that Security is End-users’ Issue
· Lack of Awareness about Cloud Security
· Inconsistent Network Connection Issues
· Lack of Proper Cloud Security Standards
Broadly, Cloud computing security challenges fall into three categories:
· Data Protection: Securing your data both at rest and in transit
· User Authentication: Limiting access to data and monitoring who accesses the data
· Disaster and Data Breach: Contingency Planning
Data Protection
Implementing a cloud computing strategy means placing critical data in the hands of a third party, so ensuring the data remains secure both at rest (data residing on storage media) as well as when in transit is of paramount importance. Data needs to be encrypted at all times, with clearly defined roles when it comes to who will be managing the encryption keys. In most cases, the only way to truly ensure confidentiality of encrypted data that resides on a cloud provider's storage servers is for the client to own and manage the data encryption keys.
User Authentication
Data resting in the cloud needs to be accessible only by those authorized to do so, making it critical to both restrict and monitor who will be accessing the company's data through the cloud. In order to ensure the integrity of user authentication, companies need to be able to view data access logs and audit trails to verify that only authorized users are accessing the data. These access logs and audit trails additionally need to be secured and maintained for as long as the company needs or legal purposes require. As with all cloud computing security challenges, it's the responsibility of the customer to ensure that the cloud provider has taken all necessary security measures to protect the customer's data and the access to that data.
Contingency Planning
With the cloud serving as a single centralized repository for a company's mission-critical data, the risks of having that data compromised due to a data breach or temporarily made unavailable due to a natural disaster are real concerns. Much of the liability for the disruption of data in a cloud ultimately rests with the company whose mission-critical operations depend on that data, although liability can and should be negotiated in a contract with the services provider prior to commitment. A comprehensive security assessment from a neutral third-party is strongly recommended as well.
Companies need to know how their data is being secured and what measures the service provider will be taking to ensure the integrity and availability of that data should the unexpected occur. Additionally, companies should also have contingency plans in place in the event their cloud provider fails or goes bankrupt. Can the data be easily retrieved and migrated to a new service provider or to a non-cloud strategy if this happens? And what happens to the data and the ability to access that data if the provider gets acquired by another company?
VIRTUALIZATION SECURITY MANAGEMENT
Virtualization has made a huge impact in a very short time in the IT and networking worlds and has already provided huge cost savings and returns on investments for data centers, enterprises and the Cloud. What seems to be less substantial and lagging is the understanding of virtualization and virtualized environments from a security point of view. Some people think that virtualization is more secure than traditional environments because they’ve heard of isolation between virtual machines (VMs) and because they haven’t heard of any successful attacks on hypervisors. Others think that the new virtualized environment needs security just like traditional physical environments and therefore apply the same long standing approaches to securities that are already in place. The bottom line is that the new environment is more complex, and virtualization approaches added to current networks creates a new network that needs a new approach to security. This should include traditional security as well as additional security for virtualization.
Security benefits due to virtualization
The following are some of the benefits to security once virtualization is introduced into the environment:
· Centralized storage used in virtualized environments prevents a loss of important data if a device is lost, stolen or compromised.
· When VMs and applications are properly isolated, only one application on one OS is affected by an attack.
· When configured properly, a virtual environment provides flexibility in that it allows the sharing of systems without necessarily having to share critical information across the systems.
· If a VM is infected, it can be rolled back to a prior “secure” state that existed before the attack.
· Hardware reductions that occur due to virtualization improve physical security since there are fewer devices and ultimately fewer data centers.
· Desktop virtualization can be deployed to better control the user environment. An administrator can create and control a “golden image” that can be sent down to users’ computers. This technology provides better control of the OS to ensure that it meets organizational requirements as well as security policies.
· Server virtualization can lead to better incident handling since servers can revert back to a previous state in order to examine what occurred before and during an attack.
· The system and network administration’s access control as well as separation of duties can be improved as certain individuals may be assigned to only control VMs within the network while others only deal with VMs in the DMZ. You can also have certain administrators deal with Windows servers only for example, while others deal with Linux servers.
· Hypervisor software is small and not really complex and this provides for a smaller attack surface on the hypervisor itself. The smaller the attack surface and things running, the less potential vulnerabilities.
· Virtual Switches (vswitches) don’t perform the dynamic trunking necessary to conduct Inter-switch link tagging attacks. They also drop double encapsulated packets so double encapsulation attacks aren’t effective. Vswitches also don’t allow packets to leave their assigned broadcast domain so they nullify the multicast brute force attacks that rely on overloading switches to let packets broadcast to other VLAN domains.
Notice that I’ve qualified a number of the above benefits with statements like “if configured or set up properly.” Virtualization is very complex so it must be secures properly to gain the above benefits.
4.7.2 Common Virtualization Attacks
The following are some of the common, known attacks with virtualization:
· Denial of Service (DoS)
A successful DoS attack here can lead to a shutdown of the hypervisor. This can lead to the ability to add a backdoor to allow access to the VMs underneath the hypervisor.
A successful DoS attack here can lead to a shutdown of the hypervisor. This can lead to the ability to add a backdoor to allow access to the VMs underneath the hypervisor.
· VM Jumping
If a security hole in the hypervisor occurs and is found, a user logged into one VM can hop over to another VM and gain access to it to look at information or acquire it.
If a security hole in the hypervisor occurs and is found, a user logged into one VM can hop over to another VM and gain access to it to look at information or acquire it.
· Host Traffic Interception
Vulnerabilities in the hypervisor can allow for tracking of system calls, paging files, and monitoring of memory and disk activity.
Vulnerabilities in the hypervisor can allow for tracking of system calls, paging files, and monitoring of memory and disk activity.
4.7.3 Recommendations and Best Practices for Secure Virtualization
Administrator Access and Separation of Duties
· Provide server admins with on/off rights for their servers only and no others.
· You may want to give admins the right to deploy new VMs but not modify existing VMs. Other admins can then be able to modify existing VMs but not create new ones.
· Separate authentication should be in place for each guest OS unless there’s a good reason for two or more guest OS to share credentials.
Desktop Virtualization and Security
The following are five effective measures for making sure that unauthorized and unsecured virtualization doesn’t exist in the environment:
· Update Acceptable Use Policy
Spell out the exact conditions under which virtualization software can be installed and define what approvals are required. State what software can be run and how it should be protected. Spell out the repercussions that employees can expect if they don’t follow the rules.
· Limit the Use of VMs to the Users That Need Them
Most users won’t need VMs on their desktops. Forbid the installation of freely downloadable software on corporate desktops and laptops. Limit permissions to a small group of developers and testers for virtual tools and VMs, and help them understand that they still have to conform to corporate security policies.
· Keep Virtualization and Security Software Up to Date
Ensure all of the VMs contain the same firewalls, anti-virus and IDS/IPS as the physical desktops and laptops.
· Choose Security Policies That Support Virtualization
Make sure that there aren’t any known security policy conflicts with existing virtualization platforms.
· Create and Maintain a Library of Secure VM Builds
Maintain a repository of VM builds containing all of the configuration settings, security software and patches that users can download, use and re-use.
Network Security
· Disconnect any unused NICs so that there isn’t an easy way to get onto the network.
· Make sure that the host platform that connects the hypervisor and guests to the physical network is secure by setting file permissions, putting things in place to control users and groups, and setting up logging and time synchronization.
· Encrypt all traffic between clients and hosts, between management systems and the hypervisor, and between the hypervisor and hosts using SSL.
· Secure IP communications between two hosts by using authentication and encryption on each IP packet.
· Do not use default self-signed certificates as they’re vulnerable to man-in-the-middle attacks.
· Place virtual switches into promiscuous mode for monitoring purposes and enable MAC address filtering to prevent MAC spoofing attacks.
Disaster Recovery
· Maintain your production firewall, security posture and IPS/IDS at your disaster recovery (DR) site. If your firewall is disabled at the DR site, until a disaster occurs or if the rules on the firewall are different from the main site, audit the firewall regularly.
· Implement proper change control so that your backup site and main site are kept as identical as possible.
· Any logging and monitoring at the DR site should be treated as if it is at your primary site.
· Audit and PEN test your DR site separate from your main site with the same frequency and importance.
· Any replications to your backup site should be encrypted.
· Place a copy of your business recovery plan at your offsite location.
· Rotate your backup media and keep it in offsite storage.
Auditing and Logging
· Use centralized logging to determine whether guests have gone offline. These guests can get out of sync in regards to patches and updates. Log any VM power events (such as On, Off, Suspended or resumed), changes in hardware configurations or any login events related to those with elevated privileges. VMs that are copied, moved or deleted should also be logged.
· Audit files should be read only and should only be read by those in an auditing role to ensure forensic integrity. Unauthorized and authorized login attempts to the audit files and other virtual resources should be logged.
· Conduct regular audits of the environment including the virtual network, storage, the hypervisor, the VMs and the management systems.
· Send log files securely to a remote log server.
Virtual Machine Security
· Don’t create more VMs than is necessary. Keep track of all of your running VMs to track potential entry points for attacks. Limit use of VMs to critical staff only.
· Turn off any unused VMs.
· Unused hardware ports like USB on VMs should be disabled.
· Use IPSec or other forms of encryption between the host and VM.
· Security policy can be used to make sure that a new VM is not allowed to join a VM group or cluster unless it has a specific configuration and has related updates installed.
· If users are allowed to create VMs, consider allowing them to create VMs from an authorized template.
· A security gateway (firewall and IDS/IPS) can be employed to inspect traffic between VMs.
Management System
· Do not allow a management server to be accessible from all workstations.
· Secure your communications between management systems and the hosts to prevent data loss, eavesdropping and any chance for man-in-the-middle attacks. Enable one or more of the available SSH, IPSec and SSL protocols for this purpose.
· Separate management servers from database servers.
Backups, Configuration and Change Management, Remote Access are some other recommendations.
No comments:
Post a Comment