The Legacy Dilemma: Trading off Security for Agility
Deploying and managing legacy three-tier infrastructure is time-consuming, complex and expensive especially when it involves keeping the environment secure. When robust security becomes operationally expensive to maintain, IT teams trade off security for agility, either compromising on security measures to meet deadlines or missing on SLAs and dealing with dissatisfied business users. Poor security measures result in systems on the network exposed to malware, viruses, and attacks. Systems that have not been patched or hardened are easy targets for attackers looking for an entry point.
Security Considerations in Deploying and Managing Infrastructure
When buying an infrastructure platform, it is important to consider how easy the platform is to operate from a security point of view. Once deployed, the platform must provide security processes and capabilities that are efficient, comprehensive and holistic, covering the entire infrastructure stack including management functionality. Such a platform meets the security requirements of the most rigorous government environments but is simple enough to fit within constrained IT budgets.
- Efficient security processes: For security to truly become invisible, the processes for maintaining security needs to become efficient and automated. For example, it should be easy to verify if the deployed platform meets the recommended security baseline. Also, the upgrade process for all system software needs to become non-disruptive and effortless so that IT teams don’t need to put off doing regular updates or planning downtime. Friction has to be reduced or eliminated through automation to enable IT teams to deploy securely and manage infrastructure.
- Defense in depth: The defense in depth methodology discussed in the last blog creates barriers and keeps intruders from gaining access to critical infrastructure. Defense in depth is about implementing several layers of security measures that work in concert to increase the security of the system as a whole. The security measures must cover known industry certifications and meet high governance standards.
- Control plane security: It’s highly important to pay as much attention to security in the control plane as in the rest of the infrastructure stack. Built-in capabilities need to prevent unauthorized access to the management platform, especially when it provides powerful capabilities. If an intrusion occurs, it’s important to protect the logs from tampering, limit malicious or inadvertent access, and continually reset to a known security baseline.
Nutanix Makes Efficient Security Possible
When deploying infrastructure and continually protecting it from inadvertent or malicious changes, a great place to start is the security guidelines based on US government standards, in particular, ones by the Defense Information Systems Agency (DISA). DISA has created a methodology called the Security Technical Implementation Guide, or STIG, that standardizes secure installation and maintenance of computer software and hardware.
STIGs lock down IT environments and reduce security vulnerabilities in infrastructure once it is deployed. One of the challenges with STIGs is that traditionally, using STIGs to secure an environment is a manual process that is highly time-consuming and prone to operator error. Because of this, only the most security conscious IT shops follow the required process.
Nutanix has created custom STIGs that are based on the guidelines outlined by DISA to keep the enterprise cloud platform within compliance and reduce attack surfaces. Nutanix includes five STIGs (AHV, AOS, Prism Web Server, Prism Reverse Proxy, and JRE STIGs) that collectively check over 800 security entities covering storage, virtualization and management.
To make the STIGs usable by all organizations, the STIGs are provided in machine-readable XCCDF.xml format in addition to the human-readable PDF format. This allows organizations to use tools that can read STIGs and automatically validate the security baseline of a deployment, reducing the accreditation time required to stay within compliance from months to days.
Nutanix also has a built-in capability called Security Configuration Management Automation (SCMA) that monitors the deployment periodically for any unknown or unauthorized changes to configurations, and can self-heal from any deviation to remain in compliance. For example, automatically protecting permissions on log files is just one of several vulnerabilities that Nutanix checks for to ensure their safety.
If for any reason the permissions on log files were changed, either maliciously or inadvertently, the Nutanix system will revert the changes back to the secure baseline. This simplifies the maintenance of security on an ongoing basis for all organizations.
Defense in Depth Security with Minimal Effort
Nutanix recognizes that there is no “silver bullet” when it comes to securing infrastructure. The solution builds upon the Security Development Lifecycle (SecDL) and hardened platform discussed in the previous blog. Several comprehensive processes are in place to ease deployment and management for IT teams. Nutanix systems meet a broad set of certifications and standards requirements to ensure compliance with the strictest standards.
For example, Nutanix has worked on Common Criteria certification which is validated by external third party vendors. This ensures that Nutanix meets the security requirements it claims. Walking through a certification process is a time consuming and expensive proposition especially if the vendor has the product expertise. Nutanix moves the heavy lifting away from the customer and meets the high bar set by security certifications and standards, allowing customers to focus on driving business value.
This is the best type of security because adding applications can be done quickly, knowing that the infrastructure has already been hardened and meets certain technical regulatory requirements. The entire goal of a defense in depth methodology is to reduce the attack surface but Nutanix takes it many steps forward by making it invisible to IT teams.
Secure Full-Stack Management Capabilities with Prism
Nutanix Prism is the unified management platform that allows administrators to manage the entire infrastructure stack, from storage to built-in virtualization. Prism is an intuitive, easy to use interface that delivers simplicity without compromising on security. Prism has been hardened using the same security principles as the rest of the Nutanix infrastructure stack. A couple of features in Prism ensure that only properly credentialed administrators have access to the system – two-factor authentication and cluster lockdown.
Two-factor Authentication: Two-factor authentication requires client certificates along with username and password, and also has the ability to leverage Common Access Cards (CAC) typically found in government agencies. Common Access Cards utilize certificates and PINs to gain access to a system
Cluster Lockdown: Cluster lockdown provides an administrator the ability to disable username/password shell logins and leverage non-repudiated SSH (Secure Socket Shell) keys. When these keys are handed out, it’s easier to track changes within logs and pinpoint who made the change and at what time.
Prism provides an easy one-click operation to install certificates in addition to configuring username and password authentication. Communications between Prism and the administrator’s computer are securely encrypted using certificates. Encryption protocols are typically over SSL (Secure Socket Layer) or TLS (Transport Layer Security). By default, Prism utilizes the TLS protocol with an asymmetric public key infrastructure (PKI) system.
This system uses two keys, a public key and a private key to encrypt/decrypt communications. When the administrator requests an HTTPS connection to Prism, it returns a certificate to the administrator’s browser. The certificate contains a public key which starts the secure connection and the private key is used to decrypt the connection. Certificates are automatically checked and validated prior to being accepted. In order to meet the high security standards of NIST SP800-131a compliance, the requirements of the RFC 6460 for NSA Suite B, and to supply the optimal performance for encryption, the certificate import process validates that the correct signature algorithm is used for a given key/certificate pair.
This way, administrators don’t accidentally install an invalid certificate. This is one of several ways Nutanix makes it easier to deploy and manage infrastructure. To further lock down access to Prism, utilizing cluster lockdown is quick and easy, again through a one-click operation.
In this blog, we’ve seen how the Nutanix enterprise cloud platform incorporates a number of automation capabilities and features to efficiently secure a deployment of the platform and reduce the attack surface further using automation and management platform lockdown. In the next blog, we will look at how a world-class support organization continually watches for new threats and vulnerabilities to quickly provide patches and ensure ongoing security.
Click here to take a deeper dive into security.
This post is authored by Rohit Goyal, Product Marketing Manager at Nutanix