27 January 2011

Securing the Cloud an Impossible Feat? Think Again


A virtualized data center must be supported by a virtualized security system, which must be validated by a virtualized test systems and test methodologies.

The rapid rise of cloud computing has delivered cost and productivity benefits to thousands of organizations as over 200 cloud providers have emerged in the last decade. But questions of cloud security reveal that the growth of the networking and computing capabilities has outstripped the development of technologies to protect the cloud from cyber attacks.

Greg Day, security analyst at McAfee, told ComputerWeekly.com, "As cloud computing gains popularity, cyber-criminals are likely to target these services to steal information for financial gain."

At the heart of the issue is virtualization, the ability to run multiple server instances inside virtual machines (VMs) on a single physical server. This basic element is both the foundation of cloud computing and the source of new vulnerabilities that are already being exploited.

At an RSA security conference in San Francisco, John Chambers, Chairman and CEO of Cisco Systems, said that while cloud computing posed exciting opportunities, "It is a security nightmare and it can't be handled in traditional ways."

Traditional vs Virtual Security
When implemented and configured correctly, current cyber security solutions do a good job of detecting and blocking a wide range of malicious traffic from outside and even inside the data center. This is true because mature technology underlies security applications like intrusion detection systems (IDS), intrusion prevention systems (IPS) and deep-packet inspection (DPI).

Validation is the essential element in the technology cycle that drives maturity. Current security technology reached maturity through the iterative development of test methodologies that assessed and validated specific implementations. As we shall see, cloud-aware test methodologies are the key to bringing security to cloud computing.

Some may assume that existing security solutions are adequate to protect the cloud. After all, the virtual servers reside on physical servers that are behind the firewall. To see why this is not the case, we must look at the relationship between virtualization and security, more specifically, where security is traditionally implemented in a data center.

Security typically sits at the border of the LAN and WAN, protecting the data center infrastructure from threats. A firewall inspects all incoming and outgoing traffic, passes through legitimate traffic and blocks malicious traffic from the outside. In addition, a firewall can sit at the top-of-rack or end-of-row, monitoring traffic on the LAN to detect and contain inter-server threats from spreading through the LAN. These could be attacks that somehow got past the firewall or threats introduced internally, either unconsciously by uploading an infected file or intentionally through sabotage.

In the typical scenario, it is not feasible to deploy an IPS in front of every server. The best that can be done is to have an IPS per row or per rack and attempt to contain inter-server threats within a small segment of the data center. In addition, nothing sits inside a server, detecting and stopping anintra-server threat, whether it is a hacked hypervisor or a rogue VM attacking and infecting other VMs in the same server.

For example, a compromised VM could send counterfeit transactions, destroying the integrity of back-end databases. Since all the traffic that leaves the physical server appears legitimate, traditional security systems can't detect and stop this breach.

Infra/Inter/Intra Vulnerabilities
Traditional data centers have inter-server and infrastructure vulnerabilities, such as the possibility of performance and security weaknesses internally between servers, externally at the gateway, and in the end-to-end network. Virtualization intensifies these potential threats and adds another level of vulnerability, intra-server, i.e., threats between VMs inside a single physical server.

Infrastructure
Traditional end-to-end testing validates the performance of an entire system. System testing is even more important in the era of virtualization. With dozens of VMs per physical server, the amount of traffic one box can generate increases dramatically, easily filling a 10 Gigabit Ethernet link. The cloud can be composed of hundreds or thousands of physical servers.

Inter-server
Device testing evaluates the performance of a device interacting with other devices. For example, testing a security appliance involves sending legitimate traffic mixed with malicious traffic to the appliance and evaluating its ability to deflect threats while forwarding legitimate traffic at acceptable levels. The increase in utilization due to virtualization means an increase in traffic, placing more demands on the performance of the security appliance.

Intra-server
Now that we have multiple applications running in separate VMs on a single server, we have the possibility of security threats residing completely inside a physical server. Intra-server traffic never sees the network, so traditional methods of implementing and testing security are completely ineffective for intra-server threats. If a rogue application is spawned in a VM and launches a DOS attack on other VMs on the server, a software appliance in the DMZ will never know.

Virtual Security for Virtual Machines
Traditional security approaches are inadequate to protect the cloud because they can't detect and deflect intra-server threats. Virtual machines require virtual firewalls.

A virtual IPS performs the same functions as a physical IPS. The difference is where it is located. In the case of a virtual appliance, it resides in a service VM on the physical server along with the application VMs. A redirect policy allows a virtual controller to inspect and control VM-to-VM communications and direct the traffic to the appropriate appliance, whether physical or virtual. This arrangement places a virtual IPS in front of every connection to allow the traffic to and from every VM to be inspected.

A cyber security system that combines physical IPS appliances with virtual IPS appliances has end-to-end visibility of the data center network, from the DMZ at the demarcation point to every VM in every server, and all devices of interest in between.

Metrics of Virtual Service: PASS
Here is where cloud-aware test methodologies come into play. Like the traditional data center, the virtualized data center has fundamental and critical network attributes - performance, availability, security, and scalability (PASS). Established test methodologies answer the critical questions related to the PASS attributes. However, virtualization fundamentally changes the environment that these methodologies address.

Performance
Traditional over-provisioning methods of fixed resources - physical servers, storage drives, network switches-no longer apply in the virtualized environment. At the service level, the cloud designer must take this into account by ensuring an adequate number of VM instances are provisioned to make dynamic access possible for all users. Cloud security must deliver the maximum number of new connections per second and firewall bandwidth throughput while blocking threats and malicious traffic.

Availability
The traditional methods of providing local redundancy must also be reconsidered in a virtualized environment. Servers that can support 1,000 or more VMs can become a single point of failure if appropriate approaches to VM load balancing, automated resource scheduling and live migration to other hardware are not built into the design. Cyber security in the cloud requires maintaining optimum application response time at maximum throughput.

Security
Traditionally, cyber security is placed in strategic physical locations, such as at the WAN edge where requests and traffic from the Internet can be filtered and decrypted. However, geographic locations of physical servers have less meaning in a virtualized cloud, as users might be tapping resources from VMs located on one of any number of servers or even data centers. Virtual security must be cloud-aware. In the case of live migration, where a VM moves to another server with VMotion, the security solution must migrate the profile to allow legitimate traffic access to the new physical machine to avoid downtime for the end user.

Scalability
The promise of infinite scale is appealing, but the elasticity of the physical infrastructure has finite limits. Addressing this risk requires a well-thought-out network infrastructure where aggregation and core interconnects do not become the bottlenecks of the elastic demand and scale that the cloud promises, maintaining the maximum number of secure concurrent connections at maximum throughput.

Virtual Test Systems for Virtual Security
For both traditional and virtual data centers, testing answers questions related to PASS. In particular, testing provides the answer to the question: How secure is any given cloud? Testing a cyber security solution addresses two vital questions at a high level:
Does the solution block all threats while allowing legitimate traffic to pass?
How does the solution affect throughput, performance and scalability?

Answering these questions is the goal, whether testing a legacy data center or a virtualized data center. Like the virtualization of a security application, the innovation of testing virtualization lies in extending the test endpoints.

As the world of computing has employed the VM to provide the many benefits of cloud computing, test systems have extended to the virtual level to validate the functionality of applications running in the VMs, and through the iterative development process, to facilitate improvements in performance, availability, security, and scalability, the critical metrics of data center efficiency.

A virtual tester is a software-based test system implemented in a virtual machine. To the network devices under test, and to the test engineer, it looks and behaves exactly as if it were a hardware tester. A virtual tester makes it possible to test cloud security at all the levels it has impact: intra-server, inter-server and infrastructure.

When assessing a cyber security system that employs virtual and physical appliances, testers reside at the endpoints to generate traffic and accumulate results.
Intra-server: Virtual testers for each VM in the physical server serve as endpoints.
Inter-server traffic: A virtual tester for each VM in the separate physical servers can serve as endpoints, or a virtual tester on one end and a physical tester on the other.
Infrastructure: Virtual testers for each VM in the test serve as endpoints and a physical tester at the gateway serves as the other.

The result is end-to-end testing of any IDS/IPS scenario, whether the endpoints span the whole of the data center or reside in a single physical server.

A recent test conducted by Broadband Testing demonstrated the use of cloud-aware PASS methodologies to validate a cloud-aware cyber security solution.

Conclusion
Cloud computing offers tangible benefits for increasing efficiency and reducing capital and operating costs for enterprises and other organizations, but security issues have the potential of negating those benefits. A virtualized data center must be supported by a virtualized security system, which must be validated by a virtualized test systems and test methodologies.

No comments:

Post a Comment