7.10. VM Virtual Patch¶
Note
- VM Virtual Patch uses a signature-based defense against the targeted attack traffic.
- VM Virtual Patch does not affect the performance of applications.
- VM Virtual Patch does not fix issues at the software code level, but provides temporary security measures. So please apply the regular security patches provided by each application vendor for long-term measures.
7.10.1. Available Features¶
Feature | Overview |
VM Virtual Patch | A feature that detects or protects against (blocks) attack traffic directed against vulnerabilities. |
Recommended scan | A feature that scans Virtual Machine system information, checks whether there are vulnerabilities, and automatically applies VM Virtual Patch corresponding to those vulnerabilities. |
7.10.2. VM Virtual Patch Feature¶
Mode | Overview |
Detection | Attack traffic is detected.
However, traffic is not blocked even though attack traffic is detected.
|
Prevention | Attack traffic is detected.
Traffic is blocked when attack traffic is detected.
|
Note
- The method for detecting attack packets is described below.The contents of packets that use kernel-mode drivers that are bound to L2/Data Link Layer are checked. Matching is carried out based on protocol violations and signature. Packets matching the pattern are identified as attack traffic targeting the vulnerabilities, and protective action is taken.
- If NTT Communications judges it necessary, we will notify you via Email etc. of detection status and defense (block) status.
7.10.3. Recommended Scan Feature¶
Item | Details |
Hourly | Specifies “X minute every hour.” |
Daily | Specifies either “Every Day,” “Weekdays,” or “Every X Days.” |
Weekly | Specifies either “Y day of each week” or “Y day of every Xth weeks.” |
Monthly | Specifies either “The Xth of each month” or “Y day of the Xth week of each month.” |
Note
- VM Virtual Patch is effective against vulnerabilities in Guest OS and general applications (such as apache) that are already installed.
- If you have applied a regular patch, the VM Virtual Patch will be canceled during the recommended scan.
* X represents a number. Xth represents an ordinal number. Yday represents the name of each day of a week.
7.10.4. Important Points¶
Virtual Machine System RequirementsItem | Overview |
Memory Capacity | 512 MB or greater |
Disk Capacity | 1 GB or greater |
OS | The OSs listed in “Supported OS List of VM Anti-Virus, VM Virtual Patch, and VM Firewall” of the available OSs in Enterprise Cloud |
Important
- When using Linux OS, it is necessary to confirm the kernel version.
- Please set IPv6 to ON or OFF correctly on Guest OS when using VM Virtual Patch.
Important
You cannot use the VM Virtual Patch at the same time as other anti-virus software than VM Anti-Virus. Before installing VM Virtual Patch agent software, always make sure to uninstall other virus protection software.
Do not upload agents by mounting ISO image files or CD/DVD drives, when uploading it to the VMs.
For the virtual server on which the agent software is installed, time needs to be synchronized by using NTP, etc. If the time is not synchronized, activation of the agent software may fail.
The port 4118 port is used as the standby port for the agent software. This port number cannot be changed so that be sure to confirm that the same number is not used in other application in the virtual server where agent software is installed.
- The network interface stops while installing the agent software and it takes a few seconds to restore. New request is generated while using DHCP so that different IP address may be assigned to the recovered connection. See the following Web site for details.
Note
- We ask you to install the agent software on the Virtual Machine.
- It is necessary to log in to the target host as the administrator when installing the agent software.
OS | Default Install Location |
Windows | C:\Program Files\Trend Micro\Deep Security Agent |
Linux | System files:/opt/ds_agent, /var/opt/ds_agent
Startup scripts:/etc/init.d/ds_agent, /etc/init.d/ds_filter
Communication channel between user and kernel mode components:/dev/dsa, /dev/dsa_ssl, /proc/driver/dsa
|
Note
- You can change where it is installed. Also, the install location might change due to agent software version updates, etc.
- Please set the routing from the Virtual Machine to vFirewall/Integrated Network Appliance using either of the following methods.
- Set the Virtual Machine default gateway to vFirewall/Integrated Network Appliance
- Set vFirewall/Integrated Network Appliance as the static route gateway for communication addressed to the Manager administered by NTT Communications
- If the Virtual Machine that uses VM Virtual Patch is connected to a Server Segment that is not directly connected to vFirewall/Integrated Network Appliance, additional Server Segment is required to directly connect the vFirewall/Integrated Network Appliance and the Virtual Machine.
We ask you to assume responsibility for monitoring agent software (checking to make sure it is activated at all times).
Traffic below is blocked in any mode settings.
TCP connections over 100,000
UDP connections over 100,000
- Unusual traffic which is not based on RFC or suspected to be inaccurate.No IP headerSource IP and Destination IP are the sameText which is not available for URIUsing character “/” over 100Using ”../../” above routeAnd there will be blocking resulting from the shortage of compute resource.
If the number of types of applications to be linked with applicable rules exceeds 8 (transmission/reception separately), rules cannot be updated. Therefore, the latest rule cannot be applied in this agent software so it is impossible to respond to new threat. Please consider application of official security patches provided by each application vendor (execution of full-scale response).
- If you use a Private Catalog to create a template of the Virtual Machine image and store it, please do it before installing the VM Virtual Patch agent software.If a template is created and saved from the Virtual Machine image of a Virtual Machine where VM Virtual Patch agent software is installed, or installation and activation (registration to the Manager administered by NTT Communications) is complete, when a Virtual Machine is created using that template, VM Virtual Patch can no longer be used with the Virtual Machine used for creating the template and the newly-built Virtual Machine. The same applies when used for image backup.
VM Virtual Patch does not guarantee that the provided VM Virtual Patch feature has integrity or accuracy, or is suitable for your use. Furthermore, the suitability of the signatures (algorithms that judge the degree of danger and attack traffic) provided by the developers or distributors of the devices making up the VM Virtual Patch feature is not guaranteed.
The following information might be provided to the developers or distributors of the devices making up the VM Virtual Patch feature.
- Configuration information obtained from providing VM Virtual Patch
- Information obtained from controlling VM Virtual Patch, etc.
We cannot guarantee recovery from failures that might occur due to incompatibility between the VM Virtual Patch feature and your environment, or failures that occur due to your operations other than those specified by NTT Communications.
There may be times when the customer’s environment is affected by maintenance services. An advance notice will be sent when there are possible effects to the customer’s environment. This is not applied when we judge the maintenance work urgent to continue service.
Note for Enterprise Cloud 2.0 Host based Security user, if you have inquiry about that menu, please use ticket system in Enterprise Cloud 2.0.