Avatar of sunhux
sunhux
 asked on

how to verify cloud VM can't support AV & relevance of AV/patching on cloud VM

We are moving some of our apps/systems to the cloud.
However, some vendors for the cloud projects came back to
say that the OS is a stripped down Linux which is hardened
& that it's not applicable to install/run AV.

In view of high profile attacks and audit requirements, I
loathe to raise exemption/deviation even if the cloud VM
is not accessible to public (ie firewalled to our corporate
only).  I noticed that AWS & another vendor that uses VM
on WIndows guest offers AV

Q1:
Is there a quick/easy way for me to verify that the 'strip-
down Linux OS' the vendor uses in the cloud truly could
not support AV?  Guess by running 'uname -a' is not
enough.  Or is there a script for me to verify?
Or can I verify by checking what are the past patches
they had been applying?  If it's all RedHat/Rhel patches
then, it's just simply a hardened RHEL which should
support many AV

Q2:
What are the usual audit requirements for AV for a custom
Linux VM in the cloud?  Don't really need an AV under what
criteria?

Q3:
If it's truly a stripped-down Linux say based on CentOS or
FreeBSD, can I assess the patch requirements based on
CentOS & FreeBSD?  I recall when running a VA scan
against a PABX that's based on RHEL, all vulnerabilities
for RHEL are applicable & the PABX vendor produces
the patches though they are behind RedHat by a few
months in coming out with the patches.

This reminds me of IOT, many of which are appliances
that customizes their OS from Linuxes (eg: CentOS,
RHEL, Ubuntu) & FreeBSD.
VirtualizationAnti-Virus AppsCloud ComputingNetwork SecuritySecurity

Avatar of undefined
Last Comment
sunhux

8/22/2022 - Mon
David Johnson, CD

Stay away from something you can't verify.  The truly paranoid can use their own O/S.. Myself I'd only go with the bigger cloud providers.
sunhux

ASKER
Btw, this vendor is sending SMS from the application hosted in the cloud,
so how can 'data in transit' be encrypted?  We can use TLSv1.2 for https
(data in transit) but how about SMS?
sunhux

ASKER
What if it's an appliance OS in the VM?

Thing is how to verify what the vendor says:
if it's truly that 'stripped-down' (or appliance)
or it's only a hardened OS that could still
support AV.
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck
sunhux

ASKER
Just a last question, ie rephrasing:
what are the files  that must be present for an AV to work on Linux?
sunhux

ASKER
http://www.commzgate.com/page/cloud-features
The above is the service  I'm exploring/considering;  seems
like their on-prem are appliances
sunhux

ASKER
https://community.spiceworks.com/topic/374999-antivirus-on-the-vm-host-or-client-or-both

Or even for appliance VM (ie VMs running stripped-down Linux), agentless AV is the way
to go ie we don't install AV agent in the guest OS but at hypervisor layer?    Is this how
AWS is doing it?
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
sunhux

ASKER
Have to assess on a case by case basis.

AWS offers agentless AV
ASKER CERTIFIED SOLUTION
sunhux

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.