"Addressing the Security Challenges of Virtualization" Webcast: Recording and Q&A
Jack Daniel, Tenable customer Russell Butturini, and I recently presented the "Addressing the Security Challenges of Virtualization" webcast. This was part 2 in the “Vulnerabilities Exposed” webcast series, and there will be 2 more sessions delivered before the end of the year.
If you missed the webcast or would like to re-watch it, view the recording.
Q&A
Here are responses to the top questions we received during the webcast.
Will the slides be available for download?
- Yes, click here to view the presentation slides.
If they access the virtualization layer, can they have access to the SAN as well?
- If an attacker were to gain access to the hypervisor level, they would not necessarily have access to the storage where virtual machines live. However, if an attacker gains access to the storage array, they could make copies of the virtual hard drives and gain access to your data.
Does encrypting your VMDKs (Virtual Machine Disks) make any difference in protecting your data in the event of a VM escape attack?
- VMware does have support for native encryption, and this would help defend against attackers after your data in a virtual environment.
PVS may cover some of the App-V surface, but a scenario where that falls apart is when a malicious PDF is downloaded, and they open the PDF which runs virtual Adobe. Reader is not accessing the Internet at that point. Is there anything on the Nessus roadmap that will allow you to enumerate the idle packages that are waiting to be requested so you can fix the problem upstream? They are just exe/dll's on shares, so auditing the static package would be a big win.
- We are exploring many approaches to enhancing our malicious process and malicious content detection capability, but we do not have any specific commitments on the roadmap at this time.
Do you support Virtual Box, Hyper-V, and XenServer?
- See our Nessus 5.0 and Scanning Virtual Machines document for more information.
- Nessus offers support for Oracle VirtualBox (formerly Sun VirtualBox) in the form of remote checks for any platform and local credentialed plugin checks when installed on Microsoft Windows. Since VirtualBox is included in many OS distributions, Nessus also offers a variety of local credentialed checks specific to Debian, FreeBSD, Gentoo, Mandriva, and SuSE.
- Nessus currently offers remote support for Citrix XenServer, specifically several detection plugins for XenServer and associated services. Tenable plans to add support for local, credentialed checks this year, as well as compliance audits that are currently under development.
- Nessus has support for auditing Microsoft Hyper-V technology. Remotely, via API, Nessus can detect and enumerate virtual machines, as well as use several Microsoft Security Bulletin-based plugins to test for known vulnerabilities.
Which version of VMware vSphere and vCenter are supported?
- Supported versions are ESXi 4.x/5.x and vCenter 4.x/5.x. See here for more details.
In the new NIST Cyber Security Framework (draft), a lot of weight is being given to SANS 20 Critical Security Controls (CSCs). When you talk standards, are these controls incorporated?
- Tenable developed a SANS Top 20 dashboard, and we are always updating our audit policies. Click here for more information on Tenable's support of the SANS 20 CSCs.
What kind of throughput can PVS handle?
- PVS has 1-2Gb/s throughput using standard hardware. We are currently developing 10Gb/s support for PVS.
The virtualization of the hardware and OS is still tangible, and one can still enumerate them as though they were physical devices and OSes by way of IP. How is Nessus approaching a rapidly shrinking/centralizing application footprint with application virtualization (re: App-V, Citrix Apps). The application only exists in memory, and on demand, which makes scanning difficult or impossible at the "end node" virtual or physical.
- PVS can help detect vulnerable applications as they communicate on the network. Beyond that, we are exploring ways to integrate with evolving technologies, such as software-defined networking to get better visibility into dynamic environments, but have no specific features on the roadmap at this time.
Tenable Virtualization Resources
- Blog Post: Scanning and Patch Auditing VMware Using Nessus
- Blog Post: Nessus VMware/vSphere vCenter Audits
- Data Sheet: Security Monitoring for the vSphere Infrastructure
- Documentation: Nessus 5.0 and Scanning Virtual Machines
- Whitepaper: Extending Vulnerability Management to Virtualized Infrastructures and Cloud Computing
- Webcast: Managing Vulnerabilities in Virtualized and Cloud-based Deployments
"Vulnerabilities Exposed" Webcast Part 3 – BYOD/Mobile
The next webcast will be held on October 22nd at 2 pm EDT, and we'll discuss how to handle BYOD/mobile threats before they cause loss and disruption. Hope you can join us.
Related Articles
Tenable Capture the Flag 2021: The Results Are In!
March 2, 2021More than 1,500 teams from nearly 140 countries competed in Tenable's first-ever Capture the Flag competition. And the winners are... That’s a wrap on the first Tenable Capture the Flag event! ...
Ready to Test Your Hacking Skills? Join Tenable’s First CTF Competition!
January 20, 2021Tenable launches new Capture the Flag event for the security community, running from February 18–22. Capture the Flag events are a tried and true way of testing your cybersecurity skills, practicing ...
Giving Tuesday at Tenable: A Look at We Care → In Action
December 3, 2019In the spirit of Giving Tuesday, we’re featuring the Multiple Sclerosis Foundation, Tenable’s We Care → In Action global cause for 2019. Here, our own Adrian Morgan, senior marketing operations manage...
Tenable and Thales Collaborate to Provide Cyber Defense Simulations to Better Secure Operational Technology Environments
April 18, 2024The heart of the Welsh Valleys is home to the Thales Ebbw Vale campus, a world-class facility jointly funded by the Welsh government as part of its regeneration program for the region. At the core of the facility is the Cyber Range, a simulation and virtualization platform for training, testing, exercising and R&D. Tenable has joined the lineup of solutions used to run real world simulations in this controlled environment.
Oracle April 2024 Critical Patch Update Addresses 239 CVEs
April 17, 2024Oracle addresses 239 CVEs in its second quarterly update of 2024 with 441 patches, including 38 critical updates.
Strengthening the Nessus Software Supply Chain with SLSA
April 16, 2024You know Tenable as a cybersecurity industry leader whose world-class exposure management products are trusted by our approximately 43,000 customers, including about 60% of the Fortune 500. But sometimes we like to give you a peek behind the curtain to share how we protect our own house against cyberattacks – and that’s what this blog is about. Today we’re sharing our experience adopting the supply-chain security framework SLSA, with the hopes that the lessons we learned will be helpful to you.
- Conferences
- Events
- Nessus
- Passive Network Monitoring
- SecurityCenter
- Virtualization
- Vulnerability Management