Forum Search:
Forum.Brain-Cluster.com: Brain Cluster Technical Forum
Ultimate forum for Technical Discussions

Home » Microsoft » Windows Server » Active Directory » Security of a virtualized domain controller ?
Security of a virtualized domain controller ? [message #368801] Fri, 15 January 2010 04:46 Go to next message
Eric  is currently offline Eric  Netherlands
Messages: 130
Registered: July 2009
Senior Member
Hello,

we would like to virtualize our domain controllers but I would like to
know your opinion and advices in term of security.

Indeed, if someone stole the VMDK file of our domain controllers, he
will have access to the entire directory and would process to an
offline cracking password for example ?

What do you think about the virtualization of domain controllers ?

Thank you

--
Eric
Re: Security of a virtualized domain controller ? [message #368808 is a reply to message #368801] Fri, 15 January 2010 04:53 Go to previous messageGo to next message
meiweb  is currently offline meiweb  Germany
Messages: 2225
Registered: September 2009
Senior Member
Hello Eric,

Even if the DC is a VM, the host where it is running should still be in a
secure place. Of course only Administrators should have access to the VM
hosting machine. On our VMWare environment the access to the VMWare servers
are secured with an own created certificate and not using the defaults. So
you must have physical access to the harddrives to get access to the files.

So i think it is still a secure area needed for the hosting machine and you
should only have people accessing the host that are checked for there security
and that you trust them.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> Hello,
>
> we would like to virtualize our domain controllers but I would like to
> know your opinion and advices in term of security.
>
> Indeed, if someone stole the VMDK file of our domain controllers, he
> will have access to the entire directory and would process to an
> offline cracking password for example ?
>
> What do you think about the virtualization of domain controllers ?
>
> Thank you
>
Re: Security of a virtualized domain controller ? [message #368876 is a reply to message #368801] Fri, 15 January 2010 06:35 Go to previous messageGo to next message
pbbergs  is currently offline pbbergs  United States
Messages: 1024
Registered: July 2009
Senior Member
Your Data Center should be secured. If you have a physical DC that is
accessable, what would stop someone from stealing a disk? The virtual dc is
going to be as secure or insecure as your environment controls it.

--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4
Microsoft's Thrive IT Pro of the Month - June 2009

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup This
posting is provided "AS IS" with no warranties, and confers no rights.

"Eric" <Eric_m@nospam.hotmail.com> wrote in message
news:mn.7afe7da11d88693b.70874@nospam.hotmail.com...
> Hello,
>
> we would like to virtualize our domain controllers but I would like to
> know your opinion and advices in term of security.
>
> Indeed, if someone stole the VMDK file of our domain controllers, he will
> have access to the entire directory and would process to an offline
> cracking password for example ?
>
> What do you think about the virtualization of domain controllers ?
>
> Thank you
>
> --
> Eric
>
>
Re: Security of a virtualized domain controller ? [message #368893 is a reply to message #368876] Fri, 15 January 2010 07:05 Go to previous messageGo to next message
Eric  is currently offline Eric  Netherlands
Messages: 130
Registered: July 2009
Senior Member
thanks both for your answers !

@Meinolf ==> Could you tell me more about your own created certificate
and why it protect the physical access to the harddrives please ?

@Paul ==> We can copy a vmdk file remotely without the need to have a
physical access to the computer no ?

So even if the physical access is ok, an attacker could retrieve the
VMDK file by using an exploit on the Hyper V or ESX server, am I wrong
?

Moreover, it seems to me that it is more easy for admins to copy a
single file that will contain the whole directory and password users
for an offline attack.

> Your Data Center should be secured. If you have a physical DC that is
> accessable, what would stop someone from stealing a disk? The virtual dc is
> going to be as secure or insecure as your environment controls it.
>
> --
> Paul Bergson
> MVP - Directory Services
> MCTS, MCT, MCSE, MCSA, Security+, BS CSci
> 2008, 2003, 2000 (Early Achiever), NT4
> Microsoft's Thrive IT Pro of the Month - June 2009
>
> http://www.pbbergs.com
>
> Please no e-mails, any questions should be posted in the NewsGroup This
> posting is provided "AS IS" with no warranties, and confers no rights.
>
> "Eric" <Eric_m@nospam.hotmail.com> wrote in message
> news:mn.7afe7da11d88693b.70874@nospam.hotmail.com...
>> Hello,
>>
>> we would like to virtualize our domain controllers but I would like to know
>> your opinion and advices in term of security.
>>
>> Indeed, if someone stole the VMDK file of our domain controllers, he will
>> have access to the entire directory and would process to an offline
>> cracking password for example ?
>>
>> What do you think about the virtualization of domain controllers ?
>>
>> Thank you
>>
>> -- Eric
>>
>>

--
Eric
Re: Security of a virtualized domain controller ? [message #368980 is a reply to message #368893] Fri, 15 January 2010 08:53 Go to previous messageGo to next message
pbbergs  is currently offline pbbergs  United States
Messages: 1024
Registered: July 2009
Senior Member
It wouldn't be of value unless it was quiessed. If it has been properly
snapped and you have the credentials to log onto the server, then yes it is
a problem. But, you should have this security configured to protect your
assets.

--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4
Microsoft's Thrive IT Pro of the Month - June 2009

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup This
posting is provided "AS IS" with no warranties, and confers no rights.

"Eric" <Eric_m@nospam.hotmail.com> wrote in message
news:mn.7b897da15ac75dfa.70874@nospam.hotmail.com...
> thanks both for your answers !
>
> @Meinolf ==> Could you tell me more about your own created certificate and
> why it protect the physical access to the harddrives please ?
>
> @Paul ==> We can copy a vmdk file remotely without the need to have a
> physical access to the computer no ?
>
> So even if the physical access is ok, an attacker could retrieve the VMDK
> file by using an exploit on the Hyper V or ESX server, am I wrong ?
>
> Moreover, it seems to me that it is more easy for admins to copy a single
> file that will contain the whole directory and password users for an
> offline attack.
>
>> Your Data Center should be secured. If you have a physical DC that is
>> accessable, what would stop someone from stealing a disk? The virtual dc
>> is going to be as secure or insecure as your environment controls it.
>>
>> --
>> Paul Bergson
>> MVP - Directory Services
>> MCTS, MCT, MCSE, MCSA, Security+, BS CSci
>> 2008, 2003, 2000 (Early Achiever), NT4
>> Microsoft's Thrive IT Pro of the Month - June 2009
>>
>> http://www.pbbergs.com
>>
>> Please no e-mails, any questions should be posted in the NewsGroup This
>> posting is provided "AS IS" with no warranties, and confers no rights.
>>
>> "Eric" <Eric_m@nospam.hotmail.com> wrote in message
>> news:mn.7afe7da11d88693b.70874@nospam.hotmail.com...
>>> Hello,
>>>
>>> we would like to virtualize our domain controllers but I would like to
>>> know your opinion and advices in term of security.
>>>
>>> Indeed, if someone stole the VMDK file of our domain controllers, he
>>> will have access to the entire directory and would process to an offline
>>> cracking password for example ?
>>>
>>> What do you think about the virtualization of domain controllers ?
>>>
>>> Thank you
>>>
>>> -- Eric
>>>
>>>
>
> --
> Eric
>
>
Re: Security of a virtualized domain controller ? [message #369005 is a reply to message #368893] Fri, 15 January 2010 09:11 Go to previous messageGo to next message
Phillip Windell  is currently offline Phillip Windell  United States
Messages: 526
Registered: July 2009
Senior Member
"Eric" <Eric_m@nospam.hotmail.com> wrote in message
news:mn.7b897da15ac75dfa.70874@nospam.hotmail.com...
> thanks both for your answers !
>
> @Meinolf ==> Could you tell me more about your own created certificate and
> why it protect the physical access to the harddrives please ?
>
> @Paul ==> We can copy a vmdk file remotely without the need to have a
> physical access to the computer no ?
>
> So even if the physical access is ok, an attacker could retrieve the VMDK
> file by using an exploit on the Hyper V or ESX server, am I wrong ?

What exploit? What makes you think there is one? This is where I always
say that way too many security decisons (often bad and misguided ones) are
based on VooDoo and Superstiton (figuratively speaking of course). People
get all wrapped up in mystery Hollywood Hackers and Star Trek style attacks
that are either impossible or next to impossible and then loose everything
in a building fire because all the DCs and all the backups were burned up in
the building fire started by someone who doesn't even know how to use a
computer.

If the Hypervisor is deployed properly that cannot happen because the
machine does not even have an address or a "presents" of its own on the LAN
to begin with. The only IP# of the hypervisor machine is the management IP#
which is VLANed off and lives in its own subnet with the only other machine
interacting with it would be the Management Workstation. In the ESXi world
this is called the Management Network. While all the VMs actually run off
of Bridged Nics (virtual-to-physical) that are completely unaddressed on the
physical side.

Now if this is not a hypervisor situation,..like running the regular Hyper-V
over a regular full GUI WIndows Server OS then you simply protect these
files just like you would protect any valuable file. There is no mystery
there.


--
Phillip Windell

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
Re: Security of a virtualized domain controller ? [message #369548 is a reply to message #368893] Sat, 16 January 2010 02:05 Go to previous messageGo to next message
meiweb  is currently offline meiweb  Germany
Messages: 2225
Registered: September 2009
Senior Member
Hello Eric,

The certificate wouldn't protect against physical access, but you are not
able to access the VMWare server what I wrote, that controls the harddisks
for the VMs. By default VMWare server uses a builtin certificate which can
be replaced.

You must be sure the physical access to the hardware, where the VMs are located,
as with "normal" machines.

As your thoughts about exploits are really hypothetical in my opinion, then
you should even not use VMs at all and of course no other software products,
doesn't matter which vendor. Maybe someone is able to get into it. Use the
options delivered with the software to secure them, like NTFS settings and
policies.

And if you don't trust your admins, then even the available security doesn't
help. The most attackers come from inside the company as i heard/read somewhere.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> thanks both for your answers !
>
> @Meinolf ==> Could you tell me more about your own created certificate
> and why it protect the physical access to the harddrives please ?
>
> @Paul ==> We can copy a vmdk file remotely without the need to have a
> physical access to the computer no ?
>
> So even if the physical access is ok, an attacker could retrieve the
> VMDK file by using an exploit on the Hyper V or ESX server, am I wrong
> ?
>
> Moreover, it seems to me that it is more easy for admins to copy a
> single file that will contain the whole directory and password users
> for an offline attack.
>
>> Your Data Center should be secured. If you have a physical DC that
>> is accessable, what would stop someone from stealing a disk? The
>> virtual dc is going to be as secure or insecure as your environment
>> controls it.
>>
>> --
>> Paul Bergson
>> MVP - Directory Services
>> MCTS, MCT, MCSE, MCSA, Security+, BS CSci
>> 2008, 2003, 2000 (Early Achiever), NT4
>> Microsoft's Thrive IT Pro of the Month - June 2009
>> http://www.pbbergs.com
>>
>> Please no e-mails, any questions should be posted in the NewsGroup
>> This posting is provided "AS IS" with no warranties, and confers no
>> rights.
>>
>> "Eric" <Eric_m@nospam.hotmail.com> wrote in message
>> news:mn.7afe7da11d88693b.70874@nospam.hotmail.com...
>>
>>> Hello,
>>>
>>> we would like to virtualize our domain controllers but I would like
>>> to know your opinion and advices in term of security.
>>>
>>> Indeed, if someone stole the VMDK file of our domain controllers, he
>>> will have access to the entire directory and would process to an
>>> offline cracking password for example ?
>>>
>>> What do you think about the virtualization of domain controllers ?
>>>
>>> Thank you
>>>
>>> -- Eric
>>>
Re: Security of a virtualized domain controller ? [message #370361 is a reply to message #368801] Sun, 17 January 2010 12:10 Go to previous messageGo to next message
Jorge Silva  is currently offline Jorge Silva
Messages: 398
Registered: July 2009
Senior Member
Hi
Yes, that's a real security risk/issue. Virtualization has the same concerns
(or more) as you would in physical hardware. 2 Big issues are the access to
the virtualization hosts/and/files within those hosts, and USN rollback
issues if you use snapshoots.
Read the following doc (but you can find mutch more articles about this on
the web)
http://support.microsoft.com/kb/888794
--

I hope that the information above helps you.
Have a Nice day.

Jorge Silva
MVP Directory Services

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.




"Eric" <Eric_m@nospam.hotmail.com> wrote in message
news:mn.7afe7da11d88693b.70874@nospam.hotmail.com...
> Hello,
>
> we would like to virtualize our domain controllers but I would like to
> know your opinion and advices in term of security.
>
> Indeed, if someone stole the VMDK file of our domain controllers, he will
> have access to the entire directory and would process to an offline
> cracking password for example ?
>
> What do you think about the virtualization of domain controllers ?
>
> Thank you
>
> --
> Eric
>
>
Re: Security of a virtualized domain controller ? [message #370690 is a reply to message #370361] Mon, 18 January 2010 03:10 Go to previous messageGo to next message
Eric  is currently offline Eric  Netherlands
Messages: 130
Registered: July 2009
Senior Member
Thank you Jorge (and the others) for your answers !

To my opinion, the ESX is an "additional software layer" that could
potentially has exploits.

Just for Philip and Meinolf, some exploits already exist on ESX
(http://www.vupen.com/english/searchengine.php?keyword=esx).

What I dont like in the idea of virtualizing a domain controller is
that the whole DC is in a single file; and so it is quite easy to copy
this file and work with it offline.

This potential copy can be done by admins (but as you said I have to
trust them), or by remote exploits. But I understand the interesting
arguments of Phillip about the dedicated management interface on the
ESX.

Jorge, it seems that you have the same opinion like me; but do you have
any others links about the real security impact of virtualizing a DC ?
The link you gave me above doesnt really speak about the security
issue.

Thanks !


> Hi
> Yes, that's a real security risk/issue. Virtualization has the same concerns
> (or more) as you would in physical hardware. 2 Big issues are the access to
> the virtualization hosts/and/files within those hosts, and USN rollback
> issues if you use snapshoots.
> Read the following doc (but you can find mutch more articles about this on
> the web)
> http://support.microsoft.com/kb/888794
> --
>
> I hope that the information above helps you.
> Have a Nice day.
>
> Jorge Silva
> MVP Directory Services
>
> Please no e-mails, any questions should be posted in the NewsGroup
> This posting is provided "AS IS" with no warranties, and confers no rights.
>
>
>
>
> "Eric" <Eric_m@nospam.hotmail.com> wrote in message
> news:mn.7afe7da11d88693b.70874@nospam.hotmail.com...
>> Hello,
>>
>> we would like to virtualize our domain controllers but I would like to know
>> your opinion and advices in term of security.
>>
>> Indeed, if someone stole the VMDK file of our domain controllers, he will
>> have access to the entire directory and would process to an offline
>> cracking password for example ?
>>
>> What do you think about the virtualization of domain controllers ?
>>
>> Thank you
>>
>> -- Eric
>>
>>

--
Eric
Re: Security of a virtualized domain controller ? [message #370767 is a reply to message #370690] Mon, 18 January 2010 06:38 Go to previous messageGo to next message
florian  is currently offline florian  Switzerland
Messages: 484
Registered: July 2009
Senior Member
Eric,

Eric wrote:
> To my opinion, the ESX is an "additional software layer" that could
> potentially has exploits.
>
> Just for Philip and Meinolf, some exploits already exist on ESX
> (http://www.vupen.com/english/searchengine.php?keyword=esx).

Yeah, you have to rely on the virtualization solution and the VM-Host
and their security as well as their availablilty. If they can be
compromised (either by hacking them or DoS'ing them), you gonna have a
problem there. You surely don't want to make your VM host a single point
of failure.

> What I dont like in the idea of virtualizing a domain controller is that
> the whole DC is in a single file; and so it is quite easy to copy this
> file and work with it offline.
>
> This potential copy can be done by admins (but as you said I have to
> trust them), or by remote exploits. But I understand the interesting
> arguments of Phillip about the dedicated management interface on the ESX.

I've seen people split administration of VMs and the involved services
among different teams. The service team is responsible for the VM itself
(file team for their file server VM, AD team for their VM-DCs). The
Virtualization team would plan capacity/create VM-Hosts and manage them
but would only have limited access to VMs and the storage team would
manage VHDs and their security. That could be as easy as managing ACLs
on the VMs, depending on what other virtualization features you want to use.

Cheers,
Florian
Re: Security of a virtualized domain controller ? [message #371585 is a reply to message #370690] Tue, 19 January 2010 05:50 Go to previous message
Jorge Silva  is currently offline Jorge Silva
Messages: 398
Registered: July 2009
Senior Member
Hi Eric,

- Yes, ESX has some know security issues, but careful, the Hyper-V is not
perfect as well :)

- In our environment, we have both (ESX and Hyper-V, and others...)
virtualization platforms, these are used to control a couple of thousands
VMs. One of the main concerns that we have are related with the physical
access to the Virtualization Hosts - This MUST BE CONTROLLED closely
(security cameras, Datacenters with access control and security Guys that
monitor 24/24 those access in/and/out of the datacenters). The second step
is to monitor the hosts, not only at software level (like disk space, or
event errors, etc...) but at HARDWARE level, you don't want to allow anyone
that is NOT authorized to access to these physical hosts and remove some hot
plug disk (without your knowledge) to use it some were else (copy data,
etc..), if you've SAN, NAS, etc, these rules apply as well (but of course in
SANs, etc.. things are not so easy :)). At last, the access to the hosts,
and also the Networks were the hosts are connected (this can be a big
challenge because normally the physical hosts are connected to many
different vLans which, in some scenarios can represent security issues -
Fiber links are the best here, but the costs are different as well).

- Regarding to documentation, you can find lots of info at MS web site and
their recommendations.

--

I hope that the information above helps you.
Have a Nice day.

Jorge Silva
MVP Directory Services

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.




"Eric" <Eric_m@nospam.hotmail.com> wrote in message
news:mn.929e7da19082143a.70874@nospam.hotmail.com...
> Thank you Jorge (and the others) for your answers !
>
> To my opinion, the ESX is an "additional software layer" that could
> potentially has exploits.
>
> Just for Philip and Meinolf, some exploits already exist on ESX
> (http://www.vupen.com/english/searchengine.php?keyword=esx).
>
> What I dont like in the idea of virtualizing a domain controller is that
> the whole DC is in a single file; and so it is quite easy to copy this
> file and work with it offline.
>
> This potential copy can be done by admins (but as you said I have to trust
> them), or by remote exploits. But I understand the interesting arguments
> of Phillip about the dedicated management interface on the ESX.
>
> Jorge, it seems that you have the same opinion like me; but do you have
> any others links about the real security impact of virtualizing a DC ? The
> link you gave me above doesnt really speak about the security issue.
>
> Thanks !
>
>
>> Hi
>> Yes, that's a real security risk/issue. Virtualization has the same
>> concerns (or more) as you would in physical hardware. 2 Big issues are
>> the access to the virtualization hosts/and/files within those hosts, and
>> USN rollback issues if you use snapshoots.
>> Read the following doc (but you can find mutch more articles about this
>> on the web)
>> http://support.microsoft.com/kb/888794
>> --
>>
>> I hope that the information above helps you.
>> Have a Nice day.
>>
>> Jorge Silva
>> MVP Directory Services
>>
>> Please no e-mails, any questions should be posted in the NewsGroup
>> This posting is provided "AS IS" with no warranties, and confers no
>> rights.
>>
>>
>>
>>
>> "Eric" <Eric_m@nospam.hotmail.com> wrote in message
>> news:mn.7afe7da11d88693b.70874@nospam.hotmail.com...
>>> Hello,
>>>
>>> we would like to virtualize our domain controllers but I would like to
>>> know your opinion and advices in term of security.
>>>
>>> Indeed, if someone stole the VMDK file of our domain controllers, he
>>> will have access to the entire directory and would process to an offline
>>> cracking password for example ?
>>>
>>> What do you think about the virtualization of domain controllers ?
>>>
>>> Thank you
>>>
>>> -- Eric
>>>
>>>
>
> --
> Eric
>
>
Previous Topic:Rename 2003sp2 DC
Next Topic:how to add secondary DC to network ?
Goto Forum:
  


Current Time: Tue Jan 23 16:31:12 MST 2018

Total time taken to generate the page: 0.16737 seconds
.:: Contact :: Home ::Sitemap::.

Powered by: FUDforum 3.0.0RC2.
Copyright ©2001-2009 FUDforum Bulletin Board Software