The data center should have hardware and virtualization protections at the component level. Virtual private cloud (VPC) protection is a fundamental protection in public cloud consumption as well as a key attribute of security groups. Hardware-based tools that include Trusted Platform Modules also feature in the suite of logical and physical data center security.
Best Practices
Implement the following best practice recommendations to secure host servers within cloud environments:
- Secure change authority: A change control system, enacted through a change control board, authorizes the build process after reviewing patch testing results, vendor recommendations and complete regression testing of applications relying upon the build.
- Secure build: To implement fully, follow the specific recommendations of the operating system vendor to securely deploy their operating system.
- Secure initial configuration: This may mean many different things depending on several variables such as OS vendor, operating environment, business requirements, regulatory requirements, risk assessment, and risk appetite, as well as workload(s) to be hosted on the system.
Basic Input/Output System (BIOS)
NIST SP 800-147B addresses basic input/output system (BIOS) protection guidelines for servers. Threats related to a host system BIOS may be apparent through multiple vectors that include physically connected devices (e.g., USB/external drives), traditional guest operating system applications, and virtualization management tools.
The guidelines in this document apply to BIOS firmware stored in the BIOS flash memory, including the BIOS code, the cryptographic keys that are part of the Root of Trust for Update (RTU), and static BIOS data.
Each functional component of the RTU may be considered a Root of Trust for the specific function:
- The verification component is responsible for verifying a digitally signed BIOS image to determine if control should be passed to the image. This component has a trusted execution path since it is entered from a known good state of the machine. The verification component can be used to extend trusted execution to code in unprotected memory locations. The verification component verifies the BIOS image, and if the verification is successful, it then passes control to the image. If the verification fails, then the verification component returns to the trusted execution path and does not pass control to the image.
- The recovery component is responsible for initiating a return of the system to a known good state.
- The integrity component is responsible for maintaining the integrity of a BIOS image. This may include engaging hardware- and firmware-based locking mechanisms to prevent unauthorized modification of the image. It also prevents race/logic conditions from unauthorized modification of a BIOS image.
- The update component is responsible for performing a secure update of the RTU and maintaining the integrity of the RTU.
The security guidelines in this publication do not attempt to prevent installation of an inauthentic BIOS through the supply chain, by physical replacement of the BIOS chip, or through secure local update procedures.
Security guidelines are specified for four system BIOS security features:
- Authenticated BIOS update mechanisms, where digital signatures prevent the execution of BIOS update images that are not authentic.
- An optional secure local update mechanism, which requires that an administrator be physically present at the machine to install BIOS images without signature verification.
- Firmware integrity protections, to prevent unintended or malicious modification of the BIOS outside the authenticated BIOS update process.
- Nonbypassability features, to ensure that there are no mechanisms that allow the main processor or any other system component to bypass the BIOS protections.
Trusted Platform Module (TPM)
ISO/IEC 11889-1:2015 describes the architecture of Trusted Platform Modules (TPMs) as generally enabling trust in computing platforms by employing security and privacy techniques using cryptography.
The TPM comprises of:
- Processor
- RAM
- ROM
- Flash memory
The cryptographic subsystem (e.g., elliptic curve cryptography [ECC], elliptic curve Diffie–Hellman [ECDH], and symmetric session key algorithms) implements the TPM’s cryptographic functions and includes operations such as:
- Hash functions
- Asymmetric encryption and decryption
- Asymmetric signing and signature verification
- Symmetric encryption and decryption
- Symmetric signing such as hash-based message authentication code (HMAC) and signature verification
- Key generation
The TPM must maintain a state that is separate from the system that it reports. TPMs are implemented directly or indirectly on physical systems and are implemented as single-chip components. The TPM has interactions with the host system through three Roots of Trust (which can be externally authenticated by means of a CA):
- Root of Trust for Measurement: First set of instructions executed when a new chain of trust is established
- Root of Trust for Storage: The TPM memory is shielded from access by any entity other than the TPM
- Root of Trust for Reporting: Typically, a digitally signed digest of the contents of selected values within a TPM