Hyper-V Security Guide, versione definitiva

E' stata rilasciato da Microsoft la versione definitiva della guida per la protezione di Hyper-V: "Hyper-V Security Guide".

Per scaricare la guida, della dimensione di poco piu' di 1MB, fare clic qui

Buona lettura

Luca

Luca Conte, MCSE/MCSA:Security, MCT, MCITP:Windows 2008
MCTS: Windows Virtualization, VMWare VCP
Consulting Services & Professional Training
Virtualization Discovery - http://www.virtualizationdiscovery.com
Virtualization Technical Days - http://days.virtualizationdiscovery.com
Virtualization Webcast - http://webcast.virtualizationdiscovery.com

Riferimenti
Windows Server 2008 Security Compliance Management Toolkit
Windows Server 2008 Hyper-V
Windows Server 2008 Virtualization with Hyper-V: FAQ
Microsoft Hyper-V Server 2008 FAQ
Hyper-V Planning and Deployment Guide
Performance and Capacity Requirements for Hyper-V
Performance Tuning Guidelines for Windows Server 2008
Planning for Hyper-V Security
Hyper-V Attack Surface Reference Workbook
Virtualization with Hyper-V: Supported Guest Operating Systems
Virtualization WMI Provider
Infrastructure Planning and Design

Conficker riconosce le VM

Vi segnalo due interessanti post sul sito SANS Internet Storm Center dove è messo in evidenza un particolare aspetto del comportamento e dell'intelligenza di Conficker. Infatti, stando a quanto affermato nel post, il noto worm è in grado di rilevare se l'OS attaccato è in esecuzione come VM (Microsoft, VMWare ecc. ) oppure no.
La tecnica adottata dall'analista per rilevare questo comportamento è, ovviamente, quella del reverse enginerring. Ulteriori approfondimenti hanno messo in evidenza altri comportamenti che rivelano quanto conficker sia evoluto. Uno per tutti, Conficker effettua il pacthing della macchina...

Ecco i post:
More tricks from Conficker and VM detection
Some tricks from Conficker's bag

Per domande e dubbi è possibile scrivere sul forum di VMexperts.org oppure direttamente a lconte@vmexperts.org.

Luca

Luca Conte, MCSE/MCSA:Security, MCT, VMWare VCP
Consulting Services & Professional Training
Virtualization Discovery - http://www.virtualizationdiscovery.com
Virtualization Technical Days - http://days.virtualizationdiscovery.com
Virtualization Webcast - http://webcast.virtualizationdiscovery.com

Hyper-V Security Guide (Beta) - disponibile per il download

Rilancio la news di Giorgio Malusardi su Microsoft Technet Italia:

"... E’ appena stata annunciata la disponibilità, su Microsoft Connect, la disponibilità della guida alla sicurezza per Hyper-V: Hyper-V Security Guide

Il documento, che fa parte dei solution accelerator, indirizza sostanzialmente tre tematiche:

• Hardening di Hyper-V: si tratta di una serie di linee guida per l’hardening del ruolo server Hyper-V. In aggiunta sono disponibili anche delle best practice per l’installazione del ruolo Hyper-V con un focus sulla sicurezza
• Delega della gestione delle macchine virtuali:si tratta di linee guida per implementare in modo sicuro la delega amministrativa delle macchine virtuali, o di parte delle stesse, a figure diverse all’interno dell’organizzazione
• Protezione delle macchine virtuali: si tratta in questo caso di linee guida per la protezione delle macchine virtuali attraverso una combinazione di permessi a livello di file system, cifratura e auditing

La guida è indirizzata ai professionisti IT, agli esperti di sicurezza, agli architetti di rete. ..."
fonte: Microsoft Technet Italia

Aggiungo, al post di Giorgio, alcuni dettagli sul documento:

Titolo: Hyper-V security Guide
Pagine: 40
Serie: Solution Accelerators
Lingua: Inglese
Dimensione: 905KB (ZIP)

Tabella dei Contenuti
Chapter 1: Hardening Hyper-V
Attack Surface   
Server Role Security Configuration
Management Partition Security
Default Installation Recommendations
Host Network Configuration
Securing Dedicated Storage Devices
Host Management Configuration
Virtual Machine Security
Virtual Machine Configuration
Hardening the Virtual Machine Operating System and Applications
Virtual Machine Configuration Checklist

Chapter 2: Delegating Virtual Machine Management
Using Tools to Delegate Access
Delegating Access with Authorization Manager (AzMan)
System Center Virtual Machine Manager (VMM)
Delegated Administrator Role
Self Service Portal

Chapter 3: Protecting Virtual Machines
Methods for Protecting VMs
Using File System Security to Protect Virtual Machine Resources
Using Encryption to Protect Virtual Machine Resources
Using Auditing to Track Access to Virtual Machine Resources
Maintaining Virtual Machines
Best Practices

Per domande e dubbi è possibile scrivere sul forum di VMexperts.org oppure direttamente a lconte@vmexperts.org.

Luca

Luca Conte, MCSE/MCSA:Security, MCT, VMWare VCP
Consulting Services & Professional Training
Virtualization Discovery - http://www.virtualizationdiscovery.com
Virtualization Technical Days - http://days.virtualizationdiscovery.com
Virtualization Webcast - http://webcast.virtualizationdiscovery.com

Riferimenti
Post originale blog Technet Italia
Invito per partecipare al programma Beta e scaricare la guida
Sito ufficiale dei Solution Accelerators
Blog di Giorgio Malusardi

Vmware:EXTREMELY URGENT PROBLEM WITH ESX 3.5 U2 and ESXi U2 - 2nd UPDT

Riporto dalla newsletter VMWare:

"...

Dear VMware Customers,

We have released the express patches for the product expiration issue. Please go to http://www.vmware.com/go/esxexpresspatches for more information.

Problem:

An issue has been discovered by many VMware customers and partners with ESX/ESXi 3.5 Update 2 where Virtual Machines fail to power on or VMotion successfully. This problem began to occur on August 12, 2008 for customers that had upgraded to ESX 3.5 Update 2. The problem is caused by a build timeout that was mistakenly left enabled for the release build.

The following message is displayed in the vmware.log file for the virtual machine:

This product has expired. Be sure that your host machine's date and time are set correctly.
There is a more recent version available at the VMware web site: http://www.vmware.com/info?id=4.
--------------
Module License Power on failed.

Affected Products:

- VMware ESX 3.5 Update 2 & ESXi 3.5 Update 2.

- The problem will be seen if ESX350-200806201-UG is applied to a system.

- No other VMware products are affected.

Resolution:

VMware Engineering has produced express patches for impacted customers to resolve the issue.

FAQ:

1. What do the express patches do?

There are two express patches: one for ESX 3.5 Update 2 and one for ESXi 3.5 Update 2. They are specifically targeted for customers who have installed or fully upgraded to ESX/ESXi 3.5 Update 2 or who have applied the ESX350-200806201-UG patch to ESX/ESXi 3.5 or ESX/ESX 3.5 Update 1 hosts. For customers who haven’t done either, these express patches should not be applied.

To be noted is that these patches have been validated to work with esxupdate. However, testing with the VMware Update Manager is still under way. In subsequent communications, we will provide confirmation whether the patches work with VMware Update Manger or if a re-spin is required.

We are currently testing an option to apply the patch without requiring VMotion or VM power-off and re-power-on at the point of patch application. To immediately refresh vmx on the VM, one can VMotion off running VMs, apply the patches and VMotion the VMs back. If VMotion capability is not available, VMs can be powered off before the patches are applied and powered back on afterwards.

2. When will VMware re-issue the upgrade media and patch bundles?

VMware plans to re-issue upgrade media by 6pm, August 13 PST and all update patch bundles later in the week. We will provide an ETA for the update patch bundles subsequently.

NOTE:

• An upgrade media refers to ESX 3.5 Update 2 ISO, ESXi 3.5 Update 2 ISO, ESX 3.5 Update 2 upgrade tar and zip files. They are for customers who haven’t installed or upgraded to ESX/ESXi 3.5 Update 2 but wish to.

• The "patch bundles" here refer to those released at GA. They are for customers who do not wish to do a full upgrade to ESX/ESXi 3.5 Update 2, but apply patches that are deemed necessary to hosts running ESX/ESXi 3.5 or ESX/ESXi 3.5 Update 1. They are not the same as the express patch which is described above.

3. Why does VMware plan to re-issue the upgrade media before the patch bundles?

Since we can complete building and testing of the upgrade media before the patch bundles, we want to make that available to customers right away instead of re-issuing all the binaries later in the week.

..."

VMWare: EXTREMELY URGENT PROBLEM WITH ESX/ESXi 3.5 Update 2

Riporto dalla newsletter VMware:

"...

Dear VMware Customers,

Please find the latest update about the product expiration issue. From this point on, we’ll provide an update every two hours. Thanks.

Problem:

An issue has been discovered by many VMware customers and partners with ESX/ESXi 3.5 Update 2 where Virtual Machines fail to power on or VMotion successfully. This problem began to occur on August 12, 2008 for customers that had upgraded to ESX 3.5 Update 2. The problem is caused by a build timeout that was mistakenly left enabled for the release build.

Affected Products:

• VMware ESX 3.5 Update 2 & ESXi 3.5 Update 2
• Reports of problems with ESX 3.5 U1 with the following 3.5 Update 2 patch applied.
          1. ESX350-200806201-UG
• No other VMware products are affected.

What has been done?

• Product and Web teams pulled the ESX 3.5 Update 2 bits from the download pages last night so no more customers will be able to download the broken build.
• VMware Engineering teams have isolated the cause of the problem and are working around the clock to deliver updated builds and patches for impacted customers.
• A Knowledgebase article has been published (http://kb.vmware.com/kb/1006716), but traffic to the knowledgebase is causing time outs. A new static page has been published at http://www.vmware.com/support/esx35u2_supportalert.html that customers and partners will be able to view.
• The phone system has been updated to advise customers of the problem
• Vmware partners have been notified of the issue.

Workarounds:

1. Do not install ESX 3.5 U2 if it has been downloaded from VMware’s website or elsewhere prior to August 12, 2008.

2. Set the host time to a date prior to August 12, 2008. This workaround has a number of very serious side affects that could impact product environments. Any Virtual Machines that sync time with the ESX host and serve time sensitive applications would be broken. These include, but are not limited to database servers, mail servers, & domain administration systems.

Next Steps:
VMware to notify customers who have downloaded this version and provide an update every two hours.

Resolution:

VMware Engineering has isolated the root cause and is working to produce an express patch for impacted customers today. The target timeframe is 6pm, August 12, 2008 PST.

FAQ:

1. What would this express patch do?
More information will be provided in subsequent communication updates.

2. Will VMware still reissue the upgrade media and patch bundles in the timeframe that has been communicated?
Yes. We still plan to reissue upgrade media by 6pm, August 13 PST (instead of noon, August 13 PST) and all update patch bundles later in the week. We will provide an ETA for the update patch bundles subsequently. NOTE: the "patch bundles" referred to here are for the patches listed above under "Affected Products" and the other bundles released at GA. They are not the same as the express patch which is targeted for 6pm, August 12, 2008 PST as stated above.

3. Why does VMware plan to reissue the upgrade media before the patch bundles? That is a wrong priority call!
This is not a matter of priority. Since we can get done building and testing the upgrade media before the patch bundles, we want to make that available to customers first instead of reissuing all the binaries later in the week.

4. Can VMware issue a patch that opens the licensing backdoor in the next hour as a critical measure?
There is no licensing backdoor in our code.

5. Does this issue affect VC 2.5 Update 2?
No.

6. What is VMware doing to make sure that the problem won’t happen again?
We are making improvements on all fronts. The product team had endeavored to deliver a release with support customers deem important. But we fell short and we are deeply sorry about all the disruption and inconveniences we have caused. We have identified where the holes are and they will be addressed to restore customers’ confidence.

..."