Improved virtualization security protection and network training are needed if Australian enterprises are to avoid potential attacks via the virtual machine (VM) layer in the future, delegates at the AusCERT 2012 conference on the Gold Coast have heard.
Speaking at the event, which opens today, John Reeman, security and virtualization consultant at Symantec, told delegates that in countries such as Australia, virtualization layers have become the “bed rock” of IT networks and provide business critical applications and services.
“We need to be sure that the three stalwarts of security -- confidentially, integrity and availability -- are being adhered to,” he said. “Companies also need to have an independent security layer wrapped around virtualization platforms that are being used to deliver mission critical apps.”
Reeman cited an IBM X-Force trend and risk report from 2010 which found that 40 per cent of virtualization attacks are targeted at the system administrator and VM management layers.
Some attacks could be quite devastating such as the example he shared of an attack conducted by a system admin who was fired from the US arm of Japanese drug company , Shionogi, in 2010 and subsequently hacked 15 of the company’s Vmware host systems by logging into the company’s system from a McDonald’s restaurant WiFI service and firing up a vSphere VMware management console.
“The only reason he was caught was that he paid for his McDonald’s coffee with a credit card and the FBI used that information to track him down,” Reeman said.
Turning to education and training, he said the information security industry needed to get better at patching network vulnerabilities, even if it was viewed by some as a chore.
He said there was no excuse because the whole patching process could be automated. “The vendors do their part so it’s up to us to do our part [with patching],” he said.
According to Reeman, virtualization skills were lacking amongst younger ICT workers because there was less emphasis on fundamental computing principles.
This meant some IT workers did not understand the building blocks of how difference machines `talked’ to each other nor the complexity of the networks the workers created.
“If we expect the next generation to build Web application firewalls in complex environments that make up virtualization, we better ensure that we have those skills so we can build solid infrastructure,” he said.
Hamish Barwick travelled to AusCERT 2012 as a guest of AusCERT
Follow Hamish Barwick on Twitter: @HamishBarwick
Follow Computerworld Australia on Twitter: @ComputerworldAU