When it comes to cloud security, as I have mentioned before many times in my blog posts and presentations, it is not always the physical servers that need to be protected against the outside attacks but attacks from the inside have also become very critical. With all those different layers of security such as firewalls, IDS and IPS systems protecting the environment from those outside attacks, attackers are now thinking of attacking from the inside by only having a minimum needed access to some resources inside the cloud infrastructure.
This minimum access is usually and most of the time access to a virtual machine whereby the attacker can settle down and try to escalate his/her privilege. In order to secure the access between the virtual machines and to stop the hackers from accessing resources inside a VM from another VM, we need to make use of a firewall system to control the flow of traffic between the VMs. Before I go on with introducing a solution for that, it needs to be mentioned that there are already two ways to stop this kind of attack. The first thing is that there is a number of different filters built inside the Hypervisor in Microsoft Hyper-V and since the Hypervisor mediates access between the VMs, most of the attacks will be prevented. The other thing that is put inside Hyper-V is the use of VLANs and of course this is up to the designer to choose how he/she would make use of them to filter the traffic between different VMs throught the use of VLANs and virtual switches in Hyper-V.
But the one which this article is going to be about is 5nine Security Manager software which is an ant-virus and virtual firewall that helps us to be immune against this kind of attack. It provides a lot of different features:
- Controls Network Traffic – Using simple PowerShell API/scripts or the management application, we can control the flow of the traffic between the VMs and also between the VMs and the external network.
- Security Heartbeat Service – It’s a special kind of service that checks whether the rules are being enforced and if it feels like a VM for instance is compromised, it will stop the VM.
- Anti-Virus and Anti-Malware protection – This type of scan is well-managed that never lets any type of performance degradation occur.
- Bandwidth Throttling – It also includes a VM bandwidth shaper.
- Stateful Packet Inspection.
- Deployment options – 5nine Virtual Firewall can be used with Microsoft System Center Virtual Machine Manager to be deployed on the physical machine before any of the VMs are placed on the physical machine.
- Compliance Audits – It makes the admin able to monitor and audit the network traffic flowing between the VMs any time.
In this post I tried to have an overview on this really good software and soon I will try to have a deeper dive into it.
For the time being, here is the website to have a close look at.