sunhux
asked on
how to verify cloud VM can't support AV & relevance of AV/patching on cloud VM
We are moving some of our apps/systems to the cloud.
However, some vendors for the cloud projects came back to
say that the OS is a stripped down Linux which is hardened
& that it's not applicable to install/run AV.
In view of high profile attacks and audit requirements, I
loathe to raise exemption/deviation even if the cloud VM
is not accessible to public (ie firewalled to our corporate
only). I noticed that AWS & another vendor that uses VM
on WIndows guest offers AV
Q1:
Is there a quick/easy way for me to verify that the 'strip-
down Linux OS' the vendor uses in the cloud truly could
not support AV? Guess by running 'uname -a' is not
enough. Or is there a script for me to verify?
Or can I verify by checking what are the past patches
they had been applying? If it's all RedHat/Rhel patches
then, it's just simply a hardened RHEL which should
support many AV
Q2:
What are the usual audit requirements for AV for a custom
Linux VM in the cloud? Don't really need an AV under what
criteria?
Q3:
If it's truly a stripped-down Linux say based on CentOS or
FreeBSD, can I assess the patch requirements based on
CentOS & FreeBSD? I recall when running a VA scan
against a PABX that's based on RHEL, all vulnerabilities
for RHEL are applicable & the PABX vendor produces
the patches though they are behind RedHat by a few
months in coming out with the patches.
This reminds me of IOT, many of which are appliances
that customizes their OS from Linuxes (eg: CentOS,
RHEL, Ubuntu) & FreeBSD.
However, some vendors for the cloud projects came back to
say that the OS is a stripped down Linux which is hardened
& that it's not applicable to install/run AV.
In view of high profile attacks and audit requirements, I
loathe to raise exemption/deviation even if the cloud VM
is not accessible to public (ie firewalled to our corporate
only). I noticed that AWS & another vendor that uses VM
on WIndows guest offers AV
Q1:
Is there a quick/easy way for me to verify that the 'strip-
down Linux OS' the vendor uses in the cloud truly could
not support AV? Guess by running 'uname -a' is not
enough. Or is there a script for me to verify?
Or can I verify by checking what are the past patches
they had been applying? If it's all RedHat/Rhel patches
then, it's just simply a hardened RHEL which should
support many AV
Q2:
What are the usual audit requirements for AV for a custom
Linux VM in the cloud? Don't really need an AV under what
criteria?
Q3:
If it's truly a stripped-down Linux say based on CentOS or
FreeBSD, can I assess the patch requirements based on
CentOS & FreeBSD? I recall when running a VA scan
against a PABX that's based on RHEL, all vulnerabilities
for RHEL are applicable & the PABX vendor produces
the patches though they are behind RedHat by a few
months in coming out with the patches.
This reminds me of IOT, many of which are appliances
that customizes their OS from Linuxes (eg: CentOS,
RHEL, Ubuntu) & FreeBSD.
Stay away from something you can't verify. The truly paranoid can use their own O/S.. Myself I'd only go with the bigger cloud providers.
ASKER
Btw, this vendor is sending SMS from the application hosted in the cloud,
so how can 'data in transit' be encrypted? We can use TLSv1.2 for https
(data in transit) but how about SMS?
so how can 'data in transit' be encrypted? We can use TLSv1.2 for https
(data in transit) but how about SMS?
ASKER
What if it's an appliance OS in the VM?
Thing is how to verify what the vendor says:
if it's truly that 'stripped-down' (or appliance)
or it's only a hardened OS that could still
support AV.
Thing is how to verify what the vendor says:
if it's truly that 'stripped-down' (or appliance)
or it's only a hardened OS that could still
support AV.
ASKER
Just a last question, ie rephrasing:
what are the files that must be present for an AV to work on Linux?
what are the files that must be present for an AV to work on Linux?
ASKER
http://www.commzgate.com/page/cloud-features
The above is the service I'm exploring/considering; seems
like their on-prem are appliances
The above is the service I'm exploring/considering; seems
like their on-prem are appliances
ASKER
https://community.spiceworks.com/topic/374999-antivirus-on-the-vm-host-or-client-or-both
Or even for appliance VM (ie VMs running stripped-down Linux), agentless AV is the way
to go ie we don't install AV agent in the guest OS but at hypervisor layer? Is this how
AWS is doing it?
Or even for appliance VM (ie VMs running stripped-down Linux), agentless AV is the way
to go ie we don't install AV agent in the guest OS but at hypervisor layer? Is this how
AWS is doing it?
ASKER
Have to assess on a case by case basis.
AWS offers agentless AV
AWS offers agentless AV
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.