Cyber Security for Virtual and Cloud Environments
Cyber security cannot be addressed in isolation. It must consider other variables and test them together in order to ensure an optimal solution.
Four criteria should be considered when choosing a security test solution for virtual and cloud computing environments:
- PASS testing (Performance, Availability, Security, Scalability)
- Design independence
- Mixed traffic and encryption
- Physical and virtual support
This paper covers today's cyber threat, cyber security design challenges and the PASS testing methodology for design validation.
CYBER SECURITY FOR VIRTUAL
AND CLOUD ENVIRONMENTS
August 2011
Rev. A 08/11
SPIRENT
1325 Borregas Avenue
Sunnyvale, CA 94089 USA
Email: sales@spirent.com
Web: www.spirent.com
AMERICAS 1-800-SPIRENT • +1-818-676-2683 • sales@spirent.com
EUROPE AND THE MIDDLE EAST +44 (0) 1293 767979 • emeainfo@spirent.com
ASIA AND THE PACIFIC +86-10-8518-2539 • salesasia@spirent.com
© 2011 Spirent. All Rights Reserved.
All of the company names and/or brand names and/or product names referred to in this document, in particular, the name “Spirent” and its logo device, are either registered trademarks or trademarks of Spirent plc and its subsidiaries, pending registration in accordance with relevant national laws. All other registered trademarks or trademarks are the property of their respective owners.
The information contained in this document is subject to change without notice and does not represent a commitment on the part of Spirent. The information in this document is believed to be accurate and reliable; however, Spirent assumes no responsibility or liability for any errors or inaccuracies that may appear in the document.
Cyber Security for Virtual and Cloud Environments
CONTENTS
EXECUTIVE SUMMARY 1
BACKGROUND . 2
Under Cyber Security . 2
Increasing Importance of Cyber Security 2
Responsibility for Cyber Security 3
CYBER SECURITY–THE BUSINESSPERSPECTIVE . 3
Financial Impact . 3
Security Disasters 4
Cost Tradeoffs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Security Is An Optimization Problem 4
SECURITY THREATS ARE REAL . 5
Security Breaches Are All To Common 5
Network, Virtirtualization and Cloud Security 6
Network Security . 6
Virtualization and Cloud Computing 6
IT Leaders Must Take Action 6
CYBER SECURITY–A CLOSER LOOK . 7
Virtualization and Cloud Computing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
SPIRENT WHITE PAPER • i
Cyber Security for Virtual and Cloud Environments
CONTENTS
OVERCOMING THE CHALLENGES 8
Designing for Security . 8
PASS Testing Methodology 9
Choosing a Test Solution . 9
CONCLUSIONS 10
ii • SPIRENT WHITE PAPER
Cyber Security for Virtual and Cloud Environments
SPIRENT WHITE PAPER • 1
EXECUTIVE SUMMARY
Cyber threats are one of the greatest risks faced by IT organizations today. While
government organizations are increasingly involved in cyber security, individual IT
organizations still have responsibility for protecting their own assets. Without action,
IT organizations of all types risk becoming victims of expensive and damaging cyber
attacks. Cyber security is not just a technical problem, it is a business problem.
Networks serve as a key control point for cyber security, providing an access
path for both inside and outside attacks. Yet networks are not easy to secure.
They are complex, require careful configuration and are subject to human errors.
They must also maintain a degree of openness while protecting against threats.
Over recent years, the use of virtualization technologies and cloud services
has increased dramatically. Like all new technologies, virtualization and cloud
computing introduce some new security concerns. For example, gaining access
to the hypervisor in a multi-tenant environment would expose a number of
virtual machines from different tenants at the same time.
Unfortunately, even with higher and higher spending, there is no way to
absolutely guarantee cyber security. In fact there is a hidden risk with extremely
high levels of security. So many security measures can be applied that it can
become difficult to keep an organization running smoothly. If no one can access
systems, including legitimate users, the security solution is clearly not working
correctly. Similarly, if security measures make performance unacceptable,
security is again not achieving its objectives.
Cyber security cannot be addressed in isolation. It must consider other variables and
test them together in order to ensure an optimal solution. This process is called PASS
testing since it includes performance, availability, security and scalability testing. In
order to validate cyber security—including PASS testing—a proper testing system must
be selected and used. The following criteria should be considered when choosing a
security test solution for virtual and cloud computing environments:
• PASS testing – The test solution should support all aspects of PASS and
should also provide automation, advanced testing features and support
for the latest network and data center technologies.
• Design independence – The test solution should work with all types
of security designs. It should not matter whether a centralized design
based primarily on hardware is chosen, or a distributed design with
virtual appliances is used.
• Mixed traffic and encryption – The test solution must be able to
generate encrypted traffic such as IPsec VPN and SSL VPN traffic. It
should also be able to send secure and attack traffic from the same port
and measure performance while sending that traffic.
• Physical and virtual support – The test solution must work on both
physical and virtual infrastructure and test traffic between VMs within
same server. Test engineers need solutions that allow them to place test
code behind virtual firewalls, allowing one of the VMs to act as a test port.
Cyber Security for Virtual and Cloud Environments
2 • SPIRENT WHITE PAPER
BACKGROUND
Understanding Cyber Security
Modern society simply does not function without operational
food, water, power and transportation systems. The same
has become true for cyberspace, the globally interconnected
network of information technology infrastructures, including
the Internet, telecommunications networks and computer
systems. In fact, almost every economic, social and political
activity in the modern world has come to depend on elements
of cyberspace.
With so much at stake, it is not surprising that cyber security has emerged as one of the
most important domains within the IT industry. Broadly speaking, cyber security refers to
the collective processes and mechanisms by which IT data, infrastructure and services are
protected from threats that include damage, disruption, theft, exposure and corruption.
Increasing Importance of Cyber Security
Cyber security is now viewed as fundamental to the prosperity and overall security of nations
worldwide. It is becoming more common for national governments to develop cyber security
strategies alongside their national security strategies. In 2009, the British Prime Minister said:
“Just as in the nineteenth century we had to secure the seas for our national safety and
prosperity, and in the twentieth century we had to secure the air, in the twenty first century
we also have to secure our position in cyber space in order to give people and businesses the
confidence they need to operate safely there. That is why today I am announcing - alongside our
updated National Security Strategy - the UK’s first strategy for cyber security.”
More recently, the U.S. President has appointed a national Cyber Security Coordinator and
created the Cyber Security Office within the National Security Staff. In May, 2011, the U.S. Cyber
Security Coordinator said:
“I am proud to announce the United States’ first, comprehensive International Strategy for
Cyberspace. The International Strategy is a historic policy document for the 21st Century — one
that explains, for audiences at home and abroad, what the U.S. stands for internationally in
cyberspace, and how we plan to build prosperity, enhance security, and safeguard openness in
our increasingly networked world.”
Cyber security has become so critical that national governments have had no choice but to become
active participants in the protection of cyberspace. At the same time governments alone are unable
to take full responsibility for cyber security for everyone. There are far too many independent and
interconnected IT environments that must be properly managed to ensure security.
Cyber Security for Virtual and Cloud Environments
SPIRENT WHITE PAPER • 3
Responsibility for Cyber Security
The majority of enforcement takes place within infrastructure that is owned and operated
by smaller entities. This includes IT service providers as well as many types of businesses
that maintain their own IT capabilities. It also includes local, state and national government
agencies. IT leaders from all these groups must identify cyber security threats, lower their
probability of occurrence, reduce their impact and maintain plans for quick recovery from
attacks. Of course accomplishing this is no easy task
CYBER SECURITY – THE BUSINESS PERSPECTIVE
Financial Impact
Security breaches can cause severe financial damage and in extreme cases can even destroy
businesses. Simply put, security is not just a technical problem, it is also a business problem.
Consider these examples from some of the major cost categories that may be involved in
responding to a successful cyber attack:
• Loss of revenue during and while recovering from an attack
• Loss of revenue after recovery due to loss of
existing and prospective customers
• Labor costs and lower productivity for impacted
employees
• Labor costs for resources involved directly in
responding to an attack
• Legal costs related to building a case and
prosecuting attackers
• Legal costs for defending against liability suits
and paying damages and fines
• Increased operational costs due to ongoing regulatory scrutiny, higher insurance
premiums and escalating customer acquisition costs
The actual costs involved in recovering from a major security breach can be staggering. TJX,
the parent company of discount stores T.J. Maxx and Marshalls, disclosed in 2007 that tens of
millions of credit and debit cards had been stolen after its systems had been compromised.
While a number of the hackers were eventually arrested, that was little consolation to TJX
management and shareholders. Initial statements released by TJX estimated costs stemming
from the attack to be $25 million. Just a few months later, the company disclosed in an earnings
statement that costs would reach $256 million.
Cyber Security for Virtual and Cloud Environments
4 • SPIRENT WHITE PAPER
Security Disasters
The business implications of security breaches go well beyond the immediate costs of recovery.
Exposure of trade secrets and other proprietary information can wreak havoc on a company’s
position within their market. Their competitive advantage may be greatly eroded or completely
wiped out when leaked information gets in the hands of competitors. Public relations damage
can last a decade or longer, as a generation of customers avoids the business for fear of having
their own personal information stolen.
In public cloud computing environments, security breaches can be a lot
like airplane crashes in terms of publicity and damage. While automobile
accidents rarely make headlines, commercial airline disasters always do.
No one wants to be responsible for a public cloud breach that impacts
thousands of different companies. That sort of breach is sure to make
headlines. Similar to the airline industry, customers hold much higher
expectations for public clouds than for their own IT environments.
Cost Tradeoffs
Organizations can spend a nearly unlimited amount of time and money on security, yet some
risks will still remain. From this perspective, cyber security can be viewed as an exercise in risk
management where costs and budget are part of the security equation. Basic security measures
can be applied inexpensively. Then, to achieve higher levels of security, more can be spent to
add additional protections.
Unfortunately, even with higher and higher spending, there is no way to absolutely guarantee IT
security. In fact there is a hidden risk with extremely high levels of security. So many security
measures can be applied that it can become difficult to keep an organization running smoothly.
If no one can access systems, including legitimate users, the security solution is clearly not
working correctly. Similarly, if security measures make performance unacceptable, security is
again not achieving its objectives.
Security Is An Optimization Problem
Many problems in IT involve several interdependent variables. As the last examples show,
maximizing security can lead to other problems with related variables such as availability and
performance. The solution to this problem is to optimize, rather than maximize, a given variable.
So, instead of maximizing security, it should be optimized while taking into consideration other
variables such as cost, risk, performance, availability and scalability. An important step in this
process is PASS (performance, availability, security and scalability) testing.
Cyber Security for Virtual and Cloud Environments
SPIRENT WHITE PAPER • 5
SECURITY THREATS ARE REAL
Security Breaches Are All Too Common
Major security breaches seem to be a weekly occurrence with every type of organization coming
under attack at some point. Even the largest organizations with highly sophisticated cyber
security systems can become victims of cyber attacks.
Here are several notable examples:
• In an open letter to RSA customers in 2011, EMC’s RSA Security division acknowledged
it had “identified an extremely sophisticated cyber attack in progress being mounted
against RSA.” The company, which is a leading provider of two-factor authentication
solutions, said data was stolen which could potentially compromise its SecurID tokens.
• Google revealed through a blog post in 2010 that it had been the victim of a cyber
attack that originated in China. The company stated that some of its intellectual
property had been stolen and that more than twenty other companies had been victims
of the same overall attack.
• The Sony PlayStation network was hacked in 2011, which brought down the service for
several weeks and exposed personal information from about 77 million user accounts.
The exposed information included the names, addresses, birthdates and e-mail
addresses for its users.
Unfortunately, the threats which often lead to breaches are so varied, numerous and
continuously evolving that they are nearly impossible to list comprehensively. The following
categories of attacks provide a general idea of some of the more common cyber security
threats:
• Authentication and authorization attacks
• Client-side attacks
• Command execution
• Information disclosure
• Logical attacks and physical attacks
Some specific attacks include:
• Eavesdropping
• Social engineering
• Denial-of-service
• Spoofing and buffer overflow
There is no single technology available which can address all threats. Yet Cyber security must
be addressed thoroughly in order to be effective.
Cyber Security for Virtual and Cloud Environments
6 • SPIRENT WHITE PAPER
Network, Virtualization and Cloud Security
Attacks can take advantage of weaknesses in nearly any component within an IT environment.
This includes operating systems, networks, applications, file systems and databases.
Components with vulnerabilities may be hardware-based or software based. People themselves
are another source of weakness in IT environments since insiders and authenticated users have
greater access to protected systems. While vulnerabilities may exist within any component of an
IT environment, some areas demand closer attention.
Network Security
Networks serve as a key control point for cyber security.
They provide an access path for both inside and outside
attacks. Without the pervasive interconnectivity provided by
public and private networks, cyber security would be a much
simpler task. At the same time, the value and effectiveness
of IT systems as a whole would be greatly diminished. This
means networks must maintain a degree of openness while
at the same time protecting against threats. With that said,
networks are still not easy to secure. They are complex,
require careful configuration and are subject to human errors.
Virtualization and Cloud Computing
Over recent years, the use of virtualization technologies and cloud services has increased
dramatically. Like all new technologies, virtualization and cloud computing introduce some new
security concerns. For example, gaining access to the hypervisor in a multi-tenant environment
would expose a number of virtual machines from different tenants at the same time. This does
not mean that either technology is inherently less secure than its predecessors. It does mean,
however, that new issues must also be considered in order to maintain adequate protection
over emerging threats.
IT Leaders Must Take Action
Security threats have been growing in scale and sophistication for decades. Twenty years ago,
cyber attacks were primarily the domain of hobbyists. Then, as the opportunity for profiting
from stolen digital assets grew, criminals took an even larger role. More recently, spies—in
cases of both government and corporate espionage—are leading some of the most technically
advanced and resource intensive attacks. Without action, all types of IT organizations risk
becoming victims of expensive and damaging cyber attacks.
The remainder of this white paper is focused on cyber security for virtualized and cloud
computing environments from the network perspective.
Cyber Security for Virtual and Cloud Environments
SPIRENT WHITE PAPER • 7
CYBER SECURITY – A CLOSER LOOK
Security systems for IT environments have grown complex. Some elements are centralized while
many more are distributed throughout networks. Some components are hardware-based while
others are software-based or come in the form of virtual appliances. Some security systems
rely on passive monitoring while others take specific actions to deter threats. Regardless of how
they are built or where they are deployed, the entire security system must be tested to verify
correct operation across all aspects of PASS.
The security system must comprehensively address every
part of the network including LAN, WAN, DMZ and any
sub-networks. Networks for distributed organizations
include additional complexities such as site-to-site,
branch office and remote access networks. They may also
add additional network security layers such as virtual
private networks (VPN), virtual LANS (VLAN) or content
based security.
Within each portion of the network, organizations
may choose to deploy a set of individual security devices, each offering their own particular
capabilities. Alternatively, some organizations follow an approach called unified threat
management (UTM). With UTM, multiple security capabilities are packaged together in a single
device. These may include network firewalling, network intrusion prevention, gateway antivirus
(AV), gateway anti-spam and VPN. To ensure performance, availability and scalability are
maintained, it is very important to test the interactions between all of the PASS variables on
these multi-focus devices.
Virtualization and Cloud Computing
Security systems must not only help stop threats from entering an organization’s network; they
must prevent them from spreading. This idea is particularly important when it comes to multitenant
virtual and cloud environments. For example, if an intruder gains access to a hypervisor
running on a physical server—a process called hyper-jacking—all of the guest virtual machines
(VM) could in turn be compromised.
Servers may be the most obvious shared resource within virtual and cloud environments.
However, network and storage devices also utilize a variety of virtualization techniques to
enable physical resource sharing. Storage area networks (SAN), VLANs and VPNs are all
common elements within cloud computing environments. They are all intended to provide
secure resource sharing, yet they must still be tested to ensure inter-tenant security.
Hypervisors also have internal virtual switches for sending traffic between VMs on the same
host. This reduces traffic on network interface cards (NIC) but also adds some complexities
and additional security risks. Network engineers must ensure that traffic destined for one VM
cannot be leaked to other VMs.
Virtual and cloud computing environments share several more unique challenges. Since VMs
can move between servers, security policies must be able to follow and remain with them.
Yet, without taking great care, VMs can become accessible on a new server before appropriate
firewall settings are in place. These environments also make heavy use of software-based or
virtual security devices rather than just physical devices. This can lead to challenges around
performance and scalability as well as security.
Cyber Security for Virtual and Cloud Environments
8 • SPIRENT WHITE PAPER
OVERCOMING THE CHALLENGES
There are at least two critical steps toward securing virtual and cloud environments. These are
proper network design and PASS testing.
Designing for Security
There is no single answer or best approach for all situations when it comes to designing a secure
network for virtual and cloud environments. However, three common options have emerged:
• Primarily hardware – In this case,
centralized network devices provide
shared services such as firewall and
routing for all devices on the network.
For example, where VLANs are heavily
used in virtual and cloud environments,
traffic from all VLAN segments is
trunked—or brought together—on
shared network devices. These trunked
devices must perform their designated
functions while ensuring security. This
includes preventing traffic from leaking
from one VLAN to another.
• Primarily software – This method is in direct contrast to the hardware focused approach.
Rather than centralized physical devices, virtual network components are distributed
throughout the network and placed in proximity to the devices or network sub-segments
they support. For example, each VM on a server could have its own virtual appliances to
provide firewall and anti-virus capabilities.
• Hybrid mix of hardware and software – As with all design decisions, there are tradeoffs
between the hardware and software based approaches. For example, hardware-only
solutions offer centralized control, yet may require more expensive, higher capacity
devices. A hybrid approach allows architects to apply different solutions as needed
throughout the network.
IT leaders must be free to select the best approach to meet the unique needs of their particular
IT organization. Then, whatever the chosen design, they must apply PASS testing to verify that
the resulting environment is secure.
Cyber Security for Virtual and Cloud Environments
SPIRENT WHITE PAPER • 9
PASS Testing Methodology
As mentioned earlier, security involves optimizing a number of
interdependent variables. Testing should include those same
variables—Performance, Availability, Security and Scalability or PASS—
and should also consider how those variables impact each other.
Proper PASS testing includes running a complete database of
realistic threats. Importantly, those threats must be tested under
real world conditions. This means testing during normal operating
conditions as well as during times of peak workloads when
infrastructure is severely stressed. In order to validate security,
PASS testing must also occur during simulated attack situations. If
the testing is not realistic, it will fail to find problems
One important, real world attack scenario is the distributed
denial of service (DDoS) attack. Resiliency against targeted
threats should be tested while under DDoS attack loads. This helps determine if any security
components fail to detect threats while under stress. For example, in 2011 when the Sony
PlayStation Network was hacked, a DDoS attack was used to assist with and mask more
targeted attacks happening simultaneously. Effective PASS testing should combine a variety of
test scenarios at the same time.
PASS testing should also include test cases that are specific to virtualized and cloud
environments. Since VMs can move around within an infrastructure, a variety of tests should
be performed to determine whether any vulnerability is created in the process. For example,
certain network ports should remain blocked during and after VM migration. PASS testing
should be used to determine whether, and for how long, there is a time window when security
settings such as blocked ports are out of date.
Test cases and procedures for all the above scenarios and others must be developed to
achieve the desired results of PASS testing. The Spirent Journal of PASS Test Methodologies is
an element of the Spirent test ecosystem that defines and documents the most critical PASS
test cases. It includes test methodologies which are intended to help development engineers
and product verification engineers rapidly develop and test complex scenarios. Sections like
“Testing Cloud Application and Security Services” help clarify what should be tested and
provide step-by-step procedures for doing so.
Choosing a Test Solution
Security systems are necessary for protecting against cyber threats. Yet they also impact other
aspects of IT including performance, availability and scalability. Maximizing any single variable
in the PASS equation is likely to have a negative impact on the other variables. IT leaders
should choose a test system that provides a holistic view of all PASS variables so that they can
be tuned and optimized together.
There are many other detailed considerations for selecting a test solution. Automation, test
capabilities, and support for the latest technologies must all be evaluated. When it comes to
selecting a test solution for virtual and cloud computing environments, three more areas should
also be considered:
Cyber Security for Virtual and Cloud Environments
10 • SPIRENT WHITE PAPER
• Design independence – A security test solution should work regardless of your security
design. It should not matter whether a centralized design based primarily on hardware
is chosen, or a distributed design with virtual appliances is used. The test solution
should still work.
• Mixed traffic and encryption – A security test solution must be able to generate
encrypted traffic such as IPsec VPN and SSL VPN traffic. It should also be able to send
secure and attack traffic from the same port and measure performance while sending
that traffic.
• Physical and virtual support – A security test solution must work on both physical and
virtual infrastructure and test traffic between VMs within same server. Test engineers
need solutions that allow them to place test code behind virtual firewalls, allowing one
of the VMs to act as a test port.
CONCLUSIONS
Cyber threats are one of the greatest risks faced by IT organizations today. While government
organizations are increasingly involved in cyber security, individual IT organizations still have
responsibility for protecting their own assets. Without action, IT organizations of all types risk
becoming victims of expensive and damaging cyber attacks. Cyber threats are here to stay, and
so is cyber security.
IT leaders must identify cyber security threats, lower their probability of occurrence, reduce
their impact and maintain plans for quickly recovering from attacks. To do this, they must
ensure their teams have the proper resources for protecting against security threats. This
includes having an automated test system designed to address all elements of PASS, not just
security alone.
Cyber Security for Virtual and Cloud Environments
SPIRENT WHITE PAPER • 11
