Co4509 Computer Security Answers Assessment Answers

Your report should include:

• A description of how you investigated the security of the system.

– include fully cited information on tools and techniques you used.

• A description of the results obtained.
• A proposal on how to secure the system.

– you should address each of the security issues you find.

Learning Outcomes

1. Propose and justify suitable security for a networked computer system.
2. Use a range of security-related tools.
3. Critically evaluate tools and techniques for system security.
4. Research and report on a security-related topic, using appropriate literature.

Answer:

Introduction

VMware machine is an OS (operating system) and an application environment which is installed on unique software which modifies on dedicated hardware. End-user experience on the virtual machines is the same as their experience on dedicated hardware. Virtualization has completely changed the data center and is one of the basic technologies in cloud computing. Assuming that many companies are keen on resolving virtualization in their private and public clouds, the risk that these companies face risks are the same as the physical server. VMware has set several major vulnerabilities this year, which must be set to its full virtualization production line. In May, VMware issued security education to let the customers know that their virtualization products have five related vulnerabilities (HU et al., 2013). RPC commands include the first two vulnerabilities, where the guest can crash or activate a code on a host VMX process. Because of the third vulnerability, NFS communication can be identified by the problem of underwriting on memory, so that the code can be activated without verification. Reading memory is the fourth and fifth variance of using virtual floppy drives and virtual SCSI controllers. All these problems are resolved by installing the right security patches for each VMware product. This study includes the recommendations for WidgetsInc for the security of VMware virtual machine which Benny Vandergast Inc has provided for testing.

Investigation of the security of the system

VMware Machine is the most used hypervisor in the World Enterprise Data Center, but usually does not implement its best practices, resulting in poor performance, downtime or exposure. During the investigation it has been evaluated that for best practice and security WidgetsInc will learn how to evaluate vSphere infrastructure. There is a need to improve virtual machine CPU and memory size correctly, protect WidgetsInc’s vSphere infrastructure for vSphere distributed source scheduler (DRS), vMotion and VMware Virtual SAN (VSN), SDRS and HA best practices and how to prevent hacking. After this investigation WidgetsInc will be able to analyze any vSphere infrastructure and will be able to immediately recognize what is inappropriate and know how to configure it for optimal performance and security (Jendrosch, 2014). Virtualization is a technology that uses logical environments to avoid hardware physical limitations. Recently, its scope has become widespread. Virtual machine can play the same role as the actual system, because, for a digital forensic, the user activity recorded in a virtual machine is an important element. If WidgetsInc is found on the host's path to a VMware workstation, then they should check the virtual machine and the host system. However, due to lack of understanding of virtual machines, the investigation process is not yet clears (Pektas and Acarman, 2013). Furthermore, due to structural features, it is difficult to check the image of a corrupt virtual machine. Therefore, it is necessary to understand and research the process of investigation and recovery methods on the virtual machine. VMware machine is very safe and a senior national security organization has attempted to implicate the VMware virtual machine for six months (Aswariza, Perdana and Negara, 2017). Finally, they came into force.

VMware Infrastructure includes several of the many addressed security issues in various ways:

• Implement security policies with the VMware infrastructure LUN partition and LUN masking along with the San Secure method.
• Apply secure network features of VLAN tagging increases network security simply by tagging as well as filtering the network traffic on VLAN. Layered network safety policies apply for the virtual machine security at the Ethernet level in such a way that physical servers are not available (Khan, 2017).
• Incorporation with the Microsoft® Active Directory VMware machine system allows WidgetsInc to implement access control based on accessible Microsoft Active Directory verification mechanisms.
• Permissions as well as Custom roles VMware machine system increases security along with flexibility in user-defined roles. WidgetsInc can restrict the access to virtual machines, resource pools, and server's entire inventory by assigning as users of this custom role.
• Resource pool authorization control and representative. VMware machine ensures the distribution of various resources of the company. For example, when top administrators provide resource pools for departmental users, administrators in the department can create and manage all virtual machines in the designated range for resource sets.
• Audit Trials keeps a record of the VMware infrastructure configuration changes and administrators who initiate each configuration change. WidgetsInc can export reports for event tracking (Guster, Abdul and Rice, 2015)
• Session Management with VMware Infrastructure, WidgetsInc can find (if necessary) and close the virtual center user session.

Tools and techniques used

The virtual machine-specific security mechanism must be used to provide fine monitoring of traffic between embedded virtual machine backups in the Hypervisor API, which is opaque to conventional network security measures and controls.

• Update the VMware security policy in order to reflect the new security challenges facing virtualization.
• By using a policy-based key server to encrypt the data accessed by virtual machines that store a separate key from virtual machines and data
• Please note that regulatory issues may require multi-leasing for a separate virtual machine

Verify the origin and integrity of the VM image or any other third parties original template or well again create WidgetsInc own VM drawing.

• Virtualized operating system includes firewalls (Inbound as well as Outbound), Host Intrusion Protection Systems (HIPS), Anti-Virus, Web Application Protection, File Log Monitoring and Integrity Monitoring. It can be made available either by the software of every guest or by utilizing the inline virtual machines combined with a hypervisor-base API such as VMware V Shield (Rehman et al., 2013).
• Clear all backup and failover systems when destroying virtual machine images
• To establish a reporting mechanism for separation of information and destruction of evidence and increase alert for violation of concrete measures

VMware Cloud on Amazon Web Services (AWS) makes it easy to run dedicated, public, as well as hybrid cloud environments applications based on TM VMware. This brings the VMware's industry-class software-defined data center (SDDC) into the software AWS cloud, so widgets can enjoy the advantages of classic virtual machine, while the ability to teach new skills and manage new devices can be avoided. With millions of VMware virtual machines all over the world, Trend Micro gives this exciting new product, using VMware and AWS's partnerships and new search history, Widgets Inc. easily and safely enables its SDDC to expand to AWS. VMware CloudTM provides a powerful tool to save costs and increase functional performance and flexibility through integrated server integration, by applying the architecture layer between physical hardware running the virtualization system and virtualization system (Lanhua, 2016). However, the added functionality represents the Virtualization Layer, and Virtualization Layer is itself a possible attack path for Host Virtual Services. By making the same host system access too many virtual machines, security of this host becomes important. VMware ESX servers are not sensitive for viruses and other issues affecting the normal operating system, due to virtualization based on the lightweight kernel optimized for virtualization. However, the ESX server will not be attacked and WidgetsInc must take proper steps to strengthen it and VMware VirtualCenter Management Server to Avoid Dangerous Activity or Sudden Impairment This article advises on the steps to ensure that WidgetsInc VMware is properly protected from machine environment (Liu et al., 2014).

Establish a privacy policy for the local user account that is created by the VideoCoin user, the service that asks how long the other control user to change the password management can be user active. They help ensure that the password is changed so that the attacker never get access to the ESX server host for an indefinite amount of time if an attacker is retrieved by a network or social engineering. • Password Complexity - This control makes sure that the user has difficulty determining it by the passwords generator. In order to determine the complexity of passwords, a common technique is to use random words and get passwords from them - for example, instead of using words using the first letter of each word (Williams et al., 2014).

Results obtained

To understand the security needs of the virtualized environment, it is important to note that it is worthwhile to compare virtual machines in most cases with a real server. Therefore, the operating system operating in a VMware is also subject to similar security risk as is the physical system. Even though, attacking a virtual machine will only harm the virtual machine and will not host virtual machines virtual machines (Lanhua, 2016). Therefore, it is important to use the same security measures as a virtual server in a virtual machine. Establish anti-virus agents, spyware filters, infiltration detection frameworks, and all other safety measures in virtual machines in virtual infrastructure that can usually be installed on physical server. There is a need to ensure that all security environments are up to date to apply the correct patch, it is particularly important to monitor hibernate VM shutdown because it is easy to ignore. Virtual Machine Troubleshooting Information VMware can be written to a VMware machine system log file stored on VMFS volumes. WidgetsInc can configure virtual machine users as well as process abuse logs, purposely or unintentionally, resulting in large-scale data log files over time, log files can take a large part of the file system space of the ESX Server host, which can pay a hard disk, resulting in the effective rejection of the service may be because the host system no longer runs. There are two ways to solve this potential problem when the log file reaches a certain size first to configure the system to move and to delete the log files. This decision gives WidgetsInc a chance to design the most extreme size of the log document (N and A, 2018). In the wake of achieving this size, the ESX server creates a put away duplicate of the log record and begins another log document. WidgetsInc ought to arrange the server to keep a particular old log documents numbered. At the point when as far as possible is come to, the ESX server naturally erases the most established records. Of course, the ESX server pivots the log document each time a virtual machine is running. In any case, if WidgetsInc utilize a figure-based log record turn, regardless of whether the power is on a virtual machine, the ESX does not pivot the log document without achieving the server measure constrain. As a matter of course, the ESX server oversees six log records. The virtual machine is used specifically to create a drop-in environment that does not threaten the main operating system after WidgetsInc compromise. For example, malware explorers execute malicious code and access suspicious URLs in the virtual machine to monitor their behavior. In order to limit the potential consequences of threatening, the company also runs many applications in the virtual machine. The main aim of the hypervisor is to create a barrier between guest operating systems running the enhanced virtual machine and host operating system hypervisor. This is why virtual machine jailbreak attacks are highly valued by hackers (Khan and Ahmad, 2017).

Proposal to secure the system

For many years, people are focusing on security issues in the virtual environment. Many people have mistakenly believed that the atmosphere is safe because the atmosphere is virtual. Wrong Most virtual environments are prone to similar security problems such as physical environment.

Similarly, people with different camps believe that the introduction of virtualization in the environment has changed the way the security has changed. This is not the case. Of course, it will change everything. A new level of security has been added to the security problem due to the management process, but this is not required because of landslides. According to the addition of other environmental factors, architects and system engineers must properly train new components and then complete their implementation planning phase (Khan and Ahmad, 2017).

Virtualization security is more than just compulsory virtualization hosts. Despite this, many people mistakenly believe that VMware ESXi is more secure. No reason no protection in the room; any process in the hypervisor cannot run only the main object types such as VSwits or VM containers. Most people also believe that VMware ESXi is a device that they do one or two things that recommend enhancing VMware security, but it does not matter how they manage or access it. Instead of making something stronger and more protective, they use a flat network for the virtual network (Ju, Ma and Moon, 2014). This will be essential when using VMsafevApp Secondly, many people leave their management tools behind the firewalls of the Service Console's service console on the ES X host management tool. When they do this, they should open a group of unnecessary ports. Instead, they should place ESX management consoles and vCenter devices on one side of the firewall and prevent access to one protocol, such as encrypted RDPs. This helps administrator’s gain access to virtual machines to gain access to their management tools (Jia et al., 2015). The last common security issue is not to use a network as well as virtualization host. It can be read from 0 day attacks, etc., but will deploying them directly to the production environment; If they make a mistake, they will delete the virtual machine, but they will release the file on disk. The management process may be more secure, but it is in the process of management. With VMsafe and VMDirectPath, VMware can change the attack page in vSphere 4, not the attack in the sixth page. However, for Xen and Hyper-V, they have different attack pages, which are similar to each other and are different from VMware's attack surface. However, there is a direct or indirect contact with a virtual host (Li, 2014).

Virtualized servers and data centers make security and protection more important. Snapshots have become a tool for virtual machine data protection. This approach allows administrators to capture straightforward virtual machine images directly into a single memory at a particular point. Other backup tools such as VMware Consolidated Backup (VCB) provide a more traditional way of workload protection: VCB allows WidgetsInc to back up a VMware guest computer from the command line. While creating a security and protection plan, keep in mind that the same principles apply to virtual machines in physical data structure. Always remember that the ultimate objective of the backup plan is to avoid data loss. With this in mind, WidgetsInc can choose the right tools and methods (and schedules) for WidgetsInc work workloads based on the size of the work and the main features of its data (Chaolong, Hanning and Lili, 2016). Virtual machine is a container where applications and visitor working frameworks run. From outline, all VMware virtual machines are not the same as each other. This seclusion include enables numerous virtual machines to run securely while sharing equipment and guarantees that hardware and the ability to continuously work. Without explicit permission from the ESX system administrator, users with system administrator privileges cannot separate this segregation level to obtain virtual machines on the virtual machine's guest operating system (Aswariza, Perdana and Negara, 2017). Because of virtual machine isolation, if the visitor working framework flops in a virtual machine; other virtual machines on a similar host will keep on working. The disappointment of the visitor working framework has no impact on the accompanying outcomes:

• Users can get to other virtual machines
• Virtual machine efficiently handling ability to access WidgetsInc resources

The working arrangement of other virtual machines isolates each virtual machine from other virtual machines running on similar equipment. Albeit virtual machines share physical assets, (for example, CPU, memory, and contribution and additionally yield gadgets), guest operating systems on virtual machines cannot find anything other than virtual devices available for virtual devices such as virtual device alienation, Because VM kernel physical source and all physical hardware access is interrupted by the use of VM kernel, because the virtual machine isolation level is not borrowed. It will like a physical machine communicates with the network card on the network with other machines, the virtual machine interacts with virtual switches with virtual switches, in which other virtual machines running on a similar host (Gut et al., 2018). There are virtual switches with. What's more, the physical system connector (virtual machine on the host) speaks with the physical system with the physical system (with virtual machines on other ESX has), virtual systems administration is appeared by virtual switches. This element applies to virtual machine forlornness in the system condition:

If virtual machine virtual switches do not share with other virtual machines, they are completely isolated from the virtual network in the host.

In the event that WidgetsInc's virtual machine isn't designed by a physical system connector, the virtual machine is totally separate from any physical system (Bushouse and Reeves, 2018). The Widgets Inc. utilizes comparable security assurance (firewalls, antivirus programming, and so forth.) to spare a virtual machine from assaults, similar to the genuine machine; the virtual machine is ensured as a physical machine. Gadgets can ensure the following virtual machine by setting source reservations and limitations on the host. For example, with the control of available resources available in ESCX, Widgets can relate to virtual machines so that they always get at least 10% of host CPU resources, but more than 20% of virtual machines, resource hardware shared hardware Using excessive and restrictive abusive machines can keep performance safe. For example, the virtual machine (DOES) on the host is unable to attack; The limit of resources on this machine prevents the removal of other virtual machine hardware sources. Similarly, the source reception on each virtual machine determines that all other virtual machines have the necessary resources, which are very much on the demand of virtual machines by the DoS attacks. By default, ESSO fixes source reservations by implementing a distribution algorithm that works equally with host machines and maintains the percentage of resources used by other system components. They provide some natural protection for the default behavior incidents and the service distribution division (DDSS) attack. Widgets will set special resource reservations and limitations to optimize this basic behavior, so that the inequality will be distributed in full virtual machine configuration (Grear, 2014).

References

Aswariza, R., Perdana, D. and Negara, R. (2017). Analisis Throughput Dan Skalabilitas Virtualized Network Function VyOS Pada Hypervisor VMWare ESXi, XEN, DAN KVM. JURNAL INFOTEL, 9(1), p.70.

Bushouse, M. and Reeves, D. (2018). Goalkeeper: Comprehensive process enforcement from the hypervisor. Computers & Security, 73, pp.459-473.

Cardwell, K. (2014). Building virtual pentesting labs for advanced penetration testing. Birmingham, UK: Packt Pub.

Chaolong, J., Hanning, W. and Lili, W. (2016). Study of Smart Transportation Data Center Virtualization Based on VMware vSphere and Parallel Continuous Query Algorithm over Massive Data Streams. Procedia Engineering, 137, pp.719-728.

Customizable Virtual Machine security Analyzer in Cloud Computing Environment. (2014). International Journal of Advance Engineering and Research Development, 1(03).

Guster, D., Abdul, R. and Rice, E. (2015). Mitigating Virtual Machine Denial of Service Attacks from Mobile APPS. Journal of Network and Information Security, 3(2).

Greer, M. (2014). VMware vSphere Security Cookbook. Packt Publishing.

Gu, Z., Saltaformaggio, B., Zhang, X. and Xu, D. (2018). G emini : Guest-transparent honey files via hypervisor-level access redirection. Computers & Security.

HU, Y., XIAO, R., JIANG, J., HAN, J., NI, Y., DU, X. and FANG, L. (2013). Virtual machine memory of real-time monitoring and adjusting on-demand based on Xen virtual machine. Journal of Computer Applications, 33(1), pp.254-257.

Jendrosch, M., Dueck, G., Gracie, C. and Hinkenjann, A. (2014). PC Based Escape Analysis in the Java Virtual Machine. Lecture Notes on Software Engineering, pp.16-20.

Jia, X., Wang, R., Jiang, J., Zhang, S. and Liu, P. (2015). Defending return-oriented programming based on virtualization techniques. Security and Communication Networks, p.n/a-n/a.

Ju, J., Ma, S. and Moon, J. (2014). Proposal of Security Requirements for Storage Virtualization System against Cloud Computing Security Threats. Journal of Security Engineering, 11(6), pp.469-478.

Khan, A. (2017). Virtual machine security. International Journal of Information and Computer Security, 9(1/2), p.49.

Khan, N. and Ahmad, T. (2017). A Deep Study on Security Vulnerabilities in Virtualization at Cloud Computing. International Journal of Computer Applications, 173(1), pp.15-19.

Lanhua, W. (2016). Security Parallel Migration of the Federal Cloud Markov Chain Multi Virtual Machine. International Journal of Security and Its Applications, 10(8), pp.29-38.

Liu, Q., Weng, C., Li, M. and Luo, Y. (2014). An In-VM Measuring Framework for Increasing Virtual Machine Security in Clouds. IEEE Security & Privacy, 8(6), pp.56-62.

Li, C. (2014). Research on the Virtualization Construction of University Data Center Server Based on VMware vSphere. Advanced Materials Research, 1078, pp.375-379.

N, S. and A, U. (2018). Security Vulnerabilities of Virtualization Technique. International Journal of Engineering & Technology, 7(2.24), p.478.

Pekta?, A. and Acarman, T. (2013). A dynamic malware analyzer against virtual machine aware malicious software. Security and Communication Networks, 7(12), pp.2245-2257.

Rehman, A., Alqahtani, S., Altameem, A. and Saba, T. (2013). Virtual machine security challenges: case studies. International Journal of Machine Learning and Cybernetics, 5(5), pp.729-742.

Williams, D., Wei Hu, Davidson, J., Hiser, J., Knight, J. and Nguyen-Tuong, A. (2014). Security through Diversity: Leveraging Virtual Machine Technology. IEEE Security & Privacy Magazine, 7(1), pp.26-33.