9 hours 48 minutes

Video Transcription

now, as I mentioned before, they're certain threats that are directed specifically divvy EMS because everybody's usually for using virtual ization today, right? I mean, you'll be hard pressed to go into an environment that has no virtual ization at all, whether we're talking local, certainly not in the cloud,
but but even locally. You know, I let a project 15 years ago
to move from a physical infrastructure to more of a virtual infrastructure room from 15 computers down our servers down to seven, right, and I'm sure they've scaled that back even more since then. So virtualization is everywhere. So, of course, attacks are everywhere directed at V M.
So there's some different concerns. One of the most. Remember, we said, the greatest threat with cloud computing is multi tendency.
So I have another client that has a different that separated through virtualization. But can traffic come from one virtualized network to another? It's all about the configuration. How the hyper visor restricts that access. Um, so the bottom line is it Shouldn't
you know your organization shouldn't be infected with malicious code that can skip over an attack mind. But again, the way that happens is things like tools are allowed from
the operating system into the various PM's or we shared the same physical interface, which we do. You know their ways that this happens. So intervene. Land attacks. You know the idea is that offer. We run skins on the operating system. We have to run scans in each of the PM's as well.
And any time we have a network,
we have the potential right. The whole purpose of networking Open up for sharing with security. We've got a balance. How restricted do we want to be versus the payoffs of ease of use
performance? The Morning Secure network You will almost always lose performance. You may lose backwards compatibility. You may lose ease of use. You may lose user acceptance again. It's a tradeoff, so we analyze what's necessary vs
you know the needs for security. That's what brisk management's all about is figuring out what are my assets? What are the threats and vulnerabilities? What do we wind up with for potential for laws? What's the cost of the countermeasure? Make a good mitigation solution based on that cost? So
the answer to all these is
what he protecting. What's it worth What are you willing to trade? All right, VM sprawl. Sometimes we get so excited. Weaken, virtual eyes, everything. Let's virtual eyes, everything. And, uh, you know, I have 100 hosts. Each host has 10 virtual machines. Baba Baba Baba Law.
It's called Veum Stroll.
the more of anything you have, the harder it is to manage, right? So we make sure that our virtual machines air planned out. You know, it's network architecture, whether it's a physical system or virtual system. The architecture, The fewer resource is we have on the network,
the more secure we are. So Architecture's says we look at this from the standpoint off
we provide for what we need. No more, no less.
Virtual systems are just a subjected or just as
vulnerable to miss configurations, faulty, uh, configurations, default settings. Any of those issues that we see on the network and you hear may continue to say this. It's the same as any other network. That's not exactly true because of the scale off the cloud.
But so many of the threats and vulnerabilities are the same.
They're just on a much larger scale, all right, and then hyper jacking is another virtual ization concern. Any time the hyper visor is compromised, you're dead in the water. That hyper visor
provides the security in the isolation across all of those virtual systems
on virtual networks. So let's say they're 30 clients on a specific server that hyper visors compromised all 30 clients, and all of their systems are compromised. The hyper visor is a big, big deal,
So hyper jacking generally involves some sort of root kit routing the hyper visor,
some sort of modified hyper visor and being able to compromise the isolation security. So obviously, that's gonna be concerned. Virtual ization.
Now, instant on gaps could come upon the test and the ideas. Like anything you know, A lot of times when you patch systems, they have to reboot and they come back up and then the patch gets applied. Well, is that period of time between when they reboot and come online
and continue applying the patches? Is there a spot of vulnerability?
So the idea would be that we isolate systems until they're fully patched on, then bring them back on. If you're familiar with network access control, that might be an element that you use and you can set up rules that say OK, this system until it meets the following health requirement,
I can't be part of the network.
All right, so this idea that it's a short period of time, but any period of vulnerabilities are concerned
the M theft modification, corruption compromise. So Veum should be encrypted when not use.
Uh, we use integrity checks to make sure nobody's modified the virtual machine outside of the standard configuration and change management process.
Um, again, what it comes down to is your virtual machine is just a file and files could be corrupted. Files can be compromised.
Data co mingling multi tenancy, multi tendency. Always a concern because we're using the same physical devices. And even though they're isolated through separate virtual networks,
we have different the ends that are all about isolation we may have, and we will have firewalls between virtual networks.
We're always worried about the co mingling of that data from one network being accessible through another in properly configured firewalls and properly configured isolation. Hyper visor issues, whatever is always going to be a concern.
Um, we want to make sure that if we're storing that of any torque sort of sensitivity. You know, that has any sort of classification that it's stored on a network. Off that classification, we want to strictly regulate how that data can be
access, making sure that that isn't moved from one level of classification to another
saying, as on a network,
And the biggest difference there on a network is that we're not sticking that dad on the same machine like we might be in virtualized environment. So make sure we know where s L. A's? That will always be true. Secure the virtual operating systems, of course, and secure each guest operating system.
Turn off those tools like the VM tools. Make sure that if you have a virtual os that there are tools for scanning that operating system. Generally, they're a bunch of them that are specific to virtualized. Environments have to have those secured by default, turn it all off
and then turn on what you need, regardless what it ISS interfaces, connections, Whatever we said encrypt the virtual machines,
um, security zones through, you know, just like we would submit a regular network and have firewall access between
run your scans, run your tools. It is as essential that we scan cast, assess the network in a virtualized environment as it isn't a physical environment and with infrastructures of service. That's all our job,
right? That's our responsibility. We've built the network. It's our job to protect and secure.

Up Next

Certified Cloud Security Professional (CCSP)

This Certified Cloud Security Professional (CCSP) certification course covers topics across six domains, to ensure the candidate has a wide range of competencies and is capable in the assessment and implementation of cloud service solutions.

Instructed By

Instructor Profile Image
Kelly Handerhan
Senior Instructor