How VMware Can Help Secure Your Data Center Against WannaCry, Petya & Co

The cases of cyber-criminality seem to be coming in a constant stream. But why is it so easy for hackers to target so many companies? Which protective mechanisms are available? In this article, We shed some light on security for the area of virtualization and show what VMware has to offer in that respect. We also provides tips on how to avoid a false sense of security.

Recent years have seen some substantial changes in the area of security. One of the biggest is the new focus among hackers and other shady figures on commercial interests. It is no longer a question of completing hacks or “virtual break-ins” to prove one’s own skills or to bring systems to their knees. Like 90s bank robbers, the hacker groups are now marauding through the Internet and trawling the IPs of companies to “monetize” their nefarious crafts.

In an age of bitcoin and dark net, it is relatively easy to exchange wire transfers and money after successful blackmail. But like in conventional crimes, the likelihood of recovering one’s property is relatively insubstantial, even after payment.

Known as ransomware , the dangerous Trojans and worms WannaCry and Petya are the most recent cases of a criminal conspiracy. Once the system has been accessed (by infected e-mail or via other vulnerabilities), the data is encrypted to block out the users. They are instructed that the only way to regain access is by entering a decryption code that will be provided after payment of a bitcoin ransom. It is hardly necessary to mention that you can wait a long time for your decryption code after transferring the bitcoin. This alone clearly demonstrates the purely commercial interests, unlike previous attacks like the ILOVEYOU computer worm.

In the first generation of WannaCry, not even the blackmailers themselves (as confirmed by decrypted sections of the source code) were able to assign payments to particular encryptions. In other words: The blackmailers were not in a position to provide the correct code for decryption in each case. So the data was irretrievably lost from the beginning!

Private cloud implementations with standard data centers were particularly vulnerable to these attacks, due partly to their physical and organizational structure. What’s more, many companies still have too much red tape, insufficient IT budgets and an adequate strategic focus. While this may no longer apply to shrewd and modern SDDC (Software Defined Data Center) and to public or hybrid cloud implementations, they are still vulnerable to a number of traps.

I still come across customers who operate data centers without complex admin passwords, active antivirus programs on all systems or dedicated responsibilities for security-relevant issues. This is grossly negligent. RAID level and virtualization, which have confined hardware crashes to the annals of history, give us a false and dangerous sense of security!

Three of the most frequent problems:

1. The host systems are no longer patched, as there are no acute bugs.
2. Backups are not monitored correctly, as error messages are not received.
3. The various virus scanners and levels are not checked, as it would be too laborious.

That’s even without mentioning additional options like active system reporting using tools (e.g. VMware vRealize Operations Manager) or security audits (possibly a penetration test). It’s almost like saying: “As long as the car keeps driving, I won’t take it in for inspection or roadworthiness tests.”

That is, broadly speaking, a possible way of doing things, but only if I use the car exclusively to drive on my property and am not bothered or financially burdened by defects. But I will need to address the issues of service and maintenance as matters of urgency the minute the systems are business-relevant or even business-critical, and I participate actively in traffic – whether it is by keeping an Internet connection or, as in the example above, by driving on public roads.

One example of passive protection is to shield the data center from unauthorized access, e.g. by using code cards to open the server racks. In contrast, active protection draws on firewall systems, virus scanners and suchlike. While passive protection is usually installed and should, of course, be checked in regular intervals, active protection requires a more detailed consideration.

As a rule, current data centers, server farms, SDDCs and cloud environments require multiple levels of security. An external firewall and virus scanners on the PCs became insufficient a long time ago.

1. The first order of business is to thwart any kind of attack in its inception.
2. But the “second line of defense” is the most important obstacle if an attacker does manage to make inroads. Micro-segmenting of the network is an effective example here.
3. Last but not least: Absolute security is not always possible. That’s why defined protocols, enshrined in disaster recovery solutions or emergency concepts, are imperative and must be available for worst-case scenarios.

VMware offers a broad portfolio for the secure operation of a modern SDDC implementation and can use technical resources to respond variably to challenges.

• VMware vSphere. The leading hypervisor for the highly available operation of your IT environment. An unstoppable force for safe and modern administration of your data center when combined with VMware Operations Management.
• You can use VMware vRealize Operations to orchestrate and standardize system deployment, allowing you to respond quickly and dynamically to change and provide new systems on short notice.
• VMware is the leading virtualization solution for network applications. It only takes a few minutes to create new network components like load balancers, VPN clients, routers and firewalls etc. Convert your network from a stronghold with just one or two protective zones into a veritable fortress. A card reader is installed upstream from every server or server group, eliminating unwelcome guests even if they are legally present in the network – your fortress.

Interesting side note: While writing this article, I was surprised by the report that the largest terminal at the port of Los Angeles was forced to temporarily shut down. This was due to a massive, successful Petya cyberattack on the MAERSK shipping company, which transports cargo containers throughout the world. (Source: CBS Los Angeles).

These tips will prevent a false sense of security

• Structure your IT strategically to suit the other business lines in your group.
• Apply the principles of predictive planning, especially in your IT budget. CAPEX and OPEX should not be unfamiliar terms.
• Always keep your data center, SDDC and server farm up-to-date.
• Use standardization and orchestration to increase the quality of your infrastructure.
• Take the next step towards modern security infrastructure that pushes the boundaries of classic virus scanner and firewall methodologies.
• Check your infrastructure regularly. Bring in external providers when necessary.
• Conduct regular dry runs of your action plans and emergency concepts and adapt them any time you change your infrastructure.