Re: Virtualization and Security ?

[Joel Rosenblatt <joel () COLUMBIA EDU>]

Segregation of duties is a very nice auditor concept, provided that all of the people that are responsible for a system 
are available all of the time :-) ..
the problem is that in many cases, the application owners are not available after hours and it falls to the security 
and systems admins to take care of
problems - if they do not have enough access to nicely remove the threat, then they have to resort to brute force - 
either shut down the box, or pull the
network access - in either case, this will take multiple systems down if the problem machine is a virtual host.

My point is not really to argue this from a security viewpoint (though, the security implications are obvious) it is 
from an availability standpoint - when you
build your virtual infrastructure, make sure that someone is looking at the mix of systems and how they interact.

My 2 cents
Joel Rosenblatt

Joel Rosenblatt, Manager Network & Computer Security
Columbia Information Security Office (CISO)
Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033
http://www.columbia.edu/~joel


--On Tuesday, November 11, 2008 6:00 PM +0000 Robert Maxwell <rmaxwell () umd edu> wrote:

> I also think there may be some administrative issue there. In working with ESX and the admin console, I can snapshot 
> and suspend or kill VMs even without the
> admin's help. That may be bad in certain environments, but you eventually have to trust someone to do something, no?
>
> Rob
> *******************************************************************************
> Robert Maxwell, CISSP, GCFA
> Lead Incident Handler                      OIT Security, University of Maryland
> rmaxwell at umd dot edu
> GnuPG Public Key:   http://security.umd.edu/contact/Robert_Maxwell.asc
> *******************************************************************************
>
> -----Original Message-----
> From: "St Clair, Jim" <Jim.StClair () GT COM>
>
> Date:         Tue, 11 Nov 2008 12:57:17
> To: <SECURITY () LISTSERV EDUCAUSE EDU>
> Subject: Re: [SECURITY] Virtualization and Security ?
>
>
> Joel Rosenblatt wrote:
> > This is what happens when you have too many specialists :-)
>
> That's true, but I would also think there is an segregation of duties
> (SoD) issue - depending on your use of virtual servers, do you want the
> OS admin to also manage the virtual environment?
>
> James A. St.Clair, CISM, PMP
> Senior Manager
> Global Public Sector
> Grant Thornton LLP
> T  703-637-3078
> F  703-637-4455
> C  703-727-6332
> E  jim.stclair () gt com
>
>
> The people in the independent firms of Grant Thornton International Ltd provide personalized attention and the highest 
> quality service to public and private
> clients in more than 100 countries. Grant Thornton LLP is the U.S. member firm of Grant Thornton International Ltd, one 
> of the six global audit, tax and
> advisory organizations. Grant Thornton International Ltd and its member firms are not a worldwide partnership, as each 
> member firm is a separate and distinct
> legal entity. In the U.S., visit Grant Thornton LLP at http://www.grantthornton.com/.
> -----Original Message-----
>
> From: The EDUCAUSE Security Constituent Group Listserv
> [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Joel Rosenblatt
> Sent: Tuesday, November 11, 2008 12:48 PM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: Re: Virtualization and Security ?
>
> Because they didn't have access to the EMX console - they were admins
> for the underlying OS only, not the virtualization.
>
> This is what happens when you have too many specialists :-)
>
> Joel
>
> --On Tuesday, November 11, 2008 10:34 AM -0700 Eric Case
> <ecase () email arizona edu> wrote:
>
> > At 09:40 AM 11/11/2008 -0500, Joel Rosenblatt wrote:
> > > One thing that we ran into was that the administrator of the hosting
> > > system should be able to shut down each virtual machine separately -
> > > we had one virtual machine compromised over a weekend and the only
> > > person available was the admin of the host - so, the whole system
> > > was shut down until we could dig up the admin of the bad virtual
> host.
> >       Why didn't you suspend the compromised machine?
> > -Eric
> >
> >
> > Eric Case, CISSP  <ecase () Arizona edu>
> > Information Technology Services Coordinator
> > Information Security Officer
> > College of Engineering   <http://www.Engr.Arizona.edu>
> > 1127 E James E. Rogers Way Room 200
> > Tucson, AZ 85721-0020
> > Mobile Phone 520-275-6436
>
>
>
> Joel Rosenblatt, Manager Network & Computer Security
> Columbia Information Security Office (CISO)
> Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033
> http://www.columbia.edu/~joel
>
> In accordance with applicable professional regulations, please understand that, unless expressly stated otherwise, any 
> written advice contained in, forwarded
> with, or attached to this e-mail is not intended or written by Grant Thornton LLP to be used, and cannot be used, by 
> any person for the purpose of avoiding
> any penalties that may be imposed under the Internal Revenue Code. 
> --------------------------------------------------------------------------
> This e-mail is intended solely for the person or entity to which it is addressed and may contain confidential and/or 
> privileged information. Any review,
> dissemination, copying, printing or other use of this e-mail by persons or entities other than the addressee is 
> prohibited. If you have received this e-mail
> in error, please contact the sender immediately and delete the material from any computer.



Joel Rosenblatt, Manager Network & Computer Security
Columbia Information Security Office (CISO)
Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033
http://www.columbia.edu/~joel