Exploring Layer 2 Network Security in Virtualized Environments

DerbyCon 4.0 - Family Rootz

Presented by: Ronny L. Bull, Dr. Jeanna N. Matthews
Date: Saturday September 27, 2014
Time: 17:00 - 17:50
Location: Track 3

Cloud service providers offer their customers the ability to access virtual private servers hosted within multi-tenant environments. Typically these virtual machines are connected to the physical network via a virtualized network within the host environment. This could be as simple as a bridged interface connected to multiple virtual interfaces attached to each virtual machine- or it could entail the usage of a virtual switch to provide more robust networking features such as VLANs- QoS- and monitoring. All client virtual machines are essentially connected to a virtual version of a physical networking device. In this talk- we explore whether Layer 2 network attacks that work on physical switches apply to their virtualized counterparts by discussing the results of a systematic study performed across four major hypervisor environments with seven different virtual networking configurations. In this preliminary research each environment was evaluated by utilizing a malicious virtual machine to run a MAC flooding attack along with Wireshark in order to verify if it was possible to eavesdrop on other client traffic passing over the same virtual network. It was concluded that out of the four virtual switch implementations tested Open vSwitch proves to be the most vulnerable to MAC flooding allowing for an attacker to capture a co-resident virtual machine's network traffic.

Ronny L. Bull

Dr. Jeanna N. Matthews


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats