2

I've been catching up on my security podcast backlog, and I've been hearing about cloudburst attacks on virtual machines. While Google returns info about the Black Hat related press releases, I can't find info about how to defend against this attack.

How does one defend against the cloudburst, and similar, attacks?

Mark Henderson
  • 68,823
  • 31
  • 180
  • 259
pcapademic
  • 1,670
  • 1
  • 15
  • 22

3 Answers3

8

It's just a silly name for what is something all seasoned sysadmins know well - an exploit - and we have processes, technology and experience to help us deal with these.

The first google result refers specifically to an old version of VMWare Workstation, if you're exposing Workstation to the outside then you deserve all you've got coming - it's called Workstation for a reason. Later google results point to a very old, and long-since patched, bug in all versions including the ESX server products - these were all patched a very long time ago - and are all old, out of date, versions too.

So "how does one defend against this" - just use server products on servers and patch every month or two - that's all you need to do on top of the usual security measures such as firewalls etc.

Chopper3
  • 101,299
  • 9
  • 108
  • 239
  • 2
    You've got to had it to the guys who thought up the name - it's a great panic inducing sky-is-falling tag. Pity it's just a run of the mill style of exploit - attacking a buggy interface is not a novel style of attack. Now if it was some mechanism that attacked a fundamental concept of virtualization\cloud computing (like Joanna Rutkowska's Blue Pill attack) that would be worthy of the name. – Helvick Feb 07 '10 at 22:50
2

cloudburst attack is more or less a fancy term for "Host code execution vulnerability from a guest operating system."

How do you protect against that? The same way you protect against every products security exploits, with updates/patches.

What does this means if you are using some virtual hosting provider (SaaS, PaaS, etc)? Pick one whose core virtualization technology is well tested. Xen would be a great candidate since it's open source and therefore receives external code reviews.

If you are implementing virtualization in house use the most recent stable version and implement any additional host protections possible, such as chroots, selinux, jails, kernel patches like grsec, etc.

CarpeNoctem
  • 2,437
  • 4
  • 23
  • 32
1

One way is using the help of your hardware. Most machines have something called a TPM or Trusted Platform Module. It is a great place to store secrets like keys as well signatures of the system (attestations) which can mitigate damage. Check out the NSA's answer to this problem.

Defense in depth being a good idea, you should also follow the other advice given here:

Patch regularly and install server software where appropriate. Of course, server software may not be appropriate, and patches and virus scanners can't always save you.

LogicMagic
  • 111
  • 1