How Shielded VMs Protect Your Data

Transcription

1 How Shielded VMs Protect Your Data Jan Marek MVP MCC MCT MCSE MCSD Head of CDM & KPCS CZ

2

3 Traditional Security Services (AD, MSSQL, ShP) runs on physical servers OS secured (access, bitlocker with TPM) Rack secured Cages secured Containers secured Datacenter secured How to achieve that with virtual machines?

4 Virtualized System Security Services runs on virtual machines Hyper-V Secured OS Secured Rack Secured Cages Secured Datacenter Secured Fabric admins can access the data Network Storage Backup Admins = Fabric Admins

5 How to access VMs data? Local Administrator Copy VM VHD(X) Mount VHD(X) Access the data content For example ADDS DC -> bruteforce passwords against the NTDS.DIT Hyper-V Admin Connect over VMConsole and go crazy,

6 How to become domain administrator? Get access as consultant with limited privileges local administrator? Create smart batch file Save the batch file to the Run key Call the customer and request support Customer logs in with domain admin privileges Customer calls the batch file without noticing it

7 10 immutable laws of security Law #1: If a bad guy can persuade you to run his program on your computer, it's not solely your computer anymore. Law #2: If a bad guy can alter the operating system on your computer, it's not your computer anymore. Law #3: If a bad guy has unrestricted physical access to your computer, it's not your computer anymore. Law #4: If you allow a bad guy to run active content in your website, it's not your website any more. Law #5: Weak passwords trump strong security. Law #6: A computer is only as secure as the administrator is trustworthy. Law #7: Encrypted data is only as secure as its decryption key. Law #8: An out-of-date antimalware scanner is only marginally better than no scanner at all. Law #9: Absolute anonymity isn't practically achievable, online or offline. Law #10: Technology is not a panacea.

8 So how to secure the VM Define and configure Guarded Fabric Host itself can t access the VM data or vmwp processes So previously mounted VHD(X) is protected by bitlocker Bitlocker recovery key is stored in vtpm vtpm access key is stored in HGS, not on Hyper-V host Shielded VM is primarly protected by Shielding Data

9 What is the Shielding Data Data File specific for the tenant Contains many secrets owned by tenant Its uploaded to guarded fabric Fabric Admin cant decrypt the data file as it is encrypted by tenant key And then it s injected to the new VM

10 How to access Shielded VM data? Data? Data in VHD(X) are encrypted with bitlocker. Console? VMConsole is disabled. PowerShell Direct? Disabled. Guest Services? Disabled. Btw, how to manage this VM? Only using RDP or with remote management.

11 What if I trust the Fabric Admin? but still want to protect the data at the rest and on the fly? Instead of Shield the VM you can configure it for Encryption Supported mode. You can use VMConsole, PoSh Direct,

12 Existing VM What if I want to protect the existing VM? Security Concern do you really trust the existing VM that you want to Shield or Encrypt? Yes? So can do grandfathering. Convert the existing VM to Shielded.

13 What do I need? Guarded Fabric Windows Server 2016 Datacenter Code Integrity (for Attestation) [HVCI, KMCI, UMCI, Defender, Secure Boot, UEFI, TPM] Virtual Secure Mode (for memory protection) TPMv2 (for secret store, host protection) Host Guardian Service* (for attestation validation and policies) w Key Protection Service w Attestation Service w * Should be 3-node cluster (what about virtualization?) for HA. Why?

14 My host does not have a TPM Shielded VMs can be used in two attestation modes TPM-based AD-based AD-based HGS measures only the group membership of Hyper-V hosts Dedicated AD Forest required for HGS (with one-way trust to hosts forest) TPM-based mode HGS enforces rigorous attestation requirements No dedicated AD Forest required

15 Attestation AD-based attestation Modes Requirements TPM-based attestation 1. Hyper-V host hardware and software requirements? Windows Server 2016 Datacenter Edition No specific hardware requirements beyond what Hyper-V itself needs (SLAT, etc.) Windows Server 2016 Datacenter Edition Hyper-V host hardware must provide: UEFI rev. C or later Secure Boot / Measured Boot TPM v2 2. Host Guardian Service (HGS) hardware and software requirements no differences > Windows Server 2016 Server Core and up The hardware need only be able to run Windows Server 2016 Server Core and up 3. What do we measure & attest to in order to permit Shielded VMs to powered-on or to be live migrated to a new host? 4. What protections does the Shielded VM receive? 5. Which guest Operating Systems can be shielded? 6. Supports both Shielded mode and Encryption supported mode? The Hyper-V host must be a member of a designated/trusted AD group whose SID (security identifier) has been configured on HGS no differences > no differences > Yes The Hyper-V host computer s boot process including that it s using secure, measured boot The host s Operating System and drivers The host s code-integrity policy Various other aspects such as is a debuggers attached -to the host --> NOT permitted A version 2 compatible TPM UEFI firmware with secure, measured boot support Encrypted disks with secure, TPM-backed key-release Encrypted Live Migration traffic Windows 8 and later Windows Server 2012 and later Yes 7. Provide some examples of how a guarded host or a shielded VM might be attacked The AD admin is bribed or blackmailed and adds a compromised Hyper-V host to the trusted group in AD The Hyper-V admin installs malware on a Hyper-V host The HGS admin is bribed or blackmailed and weakens the attestation requirements An attacker compromises the identity of a legitimate HGS admin Hyper-V host firmware or platform attacks that enable the attacker to obtain keying material The HGS admin is bribed or blackmailed and weakens the attestation requirements An attacker compromises the identity of a legitimate HGS admin and weakens the attestation requirements An attacker abuses administrative privileges and manages to obtain guardian (private) keys or transport keys for specific shielded VMs Hyper-V host firmware or platform exploits that enable the attacker to obtain keying material

16 How does it work?

17 Can I infect the VM template? No. VM Templates use the VHD VHD is signed by trusted admin (creator) -> generates VSC This signature is packaged into the shielding data When the VM is being deployed Signature is unpackaged from the shielding data to VSM VHD signature is computed again Recomputed signature is compared with the precomputed signature If it fails, VM deployment fails

18 What is the Shielding Data? Shielding Data File. Contains VSC RDP Certificates Administrator Credentials Unattend answer file

19 Which VM can be Shielded? Generation 2 VM As we need the vtpm Guest OS Windows Server 2012 and later Windows 8 and later Linux VM - only in WS1709 and SCVMM1711 (in preview) What about Microsoft Azure VM? Not supported at this time But you can use Azure Encrypted Disk

20 How to manage Shielded VMs? No way from the Windows Server UI Only for specific steps PowerShell (only?) System Center 2016 Virtual Machine Manager (or 1711 in preview) Windows Azure Pack? Microsoft Azure Stack

21 How to monitor Shielded VMs? Windows Azure Pack? Microsoft Azure Stack System Center 2016 Operations Manager

22 Thank you!