Security in the Cloud – Virtual Firewalls Take the Stage

Keywords: Security, Virtualization, Cloud Computing
Authors: Amir Ben-Efraim, CEO of Altor Networks.
Amir has over 18 years of experience in high-tech management, including marketing, business development and software engineering. Most recently, Amir was head of business development at Check Point Software where he led the company’s global BD efforts, including partnerships, OEMs, corporate strategy and M&A considerations. Previously, Amir was co-founder and senior vice president of marketing at Blue Wireless, a vendor of personalization software for telecommunication carriers. Prior to Blue Wireless, Amir led marketing initiatives at Netro Corporation, and simulation projects as lead software engineer at Amdahl Computers. Amir holds an M.B.A. from UCLA, an M.S. in Electrical Engineering from Stanford University and a B.S. in Electrical Engineering from UC Berkeley.
Abstract:
Conflicker (a.k.a. Downadup) is a virulent worm best known for infecting Windows XP and Vista desktop PCs, but it is also attacking server-based applications. In particular, the virtualized environment presents an especially fertile habitat for Conflicker because of the lack of visibility and control present there. In this session we will see an actual attack based on the Conflicker RPC exploit and discuss what will happen when virtually-aware malware attacks hosted applications.
Security was less of an issue when virtualization was used by the development and test organizations to get easy access to multiple operating systems on a single server. Recently, virtualization has spread to production-oriented data centers within major corporations creating networks of virtual machines (VMs) within physical servers. However, traditional network monitoring and security measures-- such as switches, routers, firewalls, intrusion detection, sniffers and analyzers -- are not able to see or control the growing volume of inter-VM traffic. Today as virtualization moves to the cloud; the opportunity for exploits greatly increases and sensitive corporate information such as customer records and financial data may be compromised before anyone notices the attack.

Virtual firewalls are purpose-built specifically to mitigate the risks of virtual networks, while maintaining the ROI of virtualization. A virtual firewall is a stateful packet filtering firewall that installs as a software appliance in a virtual environment and provides visibility and control of inter-VM traffic. In this way, it can mitigate the risks of viruses, worms, Trojans, and inappropriate use in a virtual environment in the same way that a physical firewall could mitigate those risks if every physical server was directly connect to a physical firewall.

Join us to learn more about the risks of the virtual environment and see a “Live Attack” in the virtual environment. We will use the Conflicker RPC exploit to compromise a virtual machine – giving the attacking machine total control of the newly compromised one. Then, we will show one solution to this problem by installing a virtual firewall. Virtual firewalls prevent unauthorized access to the virtual machines that they are protecting; they bring back the visibility and control that was lost in moving to the virtual environment, and most importantly, virtual firewalls provide "Day 0" protection from malware like Conflicker.

-- Cloud Computing Conference - Cloud Slam 2009.