2.11. VM Virtual Patch


2.11.1. Overview

VM-Virtual Patch is a service that detects and/or protects the VM from attacks on vulnerabilities. For OS and application vulnerabilities, it is a service that provides signatures that provide solutions equivalent to the security patches provided by application vendors.

2.11.2. Features

The following features are available for VM Virtual Patch.
Feature Overview
VM Virtual Patch A feature that detects or protects against (blocks) attack traffic directed against vulnerabilities.
Recommended Scan A feature that scans VM system information, checks whether there are vulnerabilities, and automatically applies VM Virtual Patch corresponding to those vulnerabilities.

2.11.2.1. VM Virtual Patch

You can select “Detection” mode or “Prevention” mode.
Mode Overview
Detection
Attack traffic is detected.
However, traffic is not blocked even though attack traffic is detected.
Prevention
Attack traffic is detected.
Traffic is blocked when attack traffic is detected.

Virtual Patching is a feature to verify packets contents by using kernel mode driver bound to Layer 2 (data link layer) and matches them to the patterns of protocol violation and signature. It identifies and/or prevents the packets matching the pattern as packets attacking vulnerabilities.

2.11.3. Restrictions

Restrictions relating to OS and resources

- The following table shows the system requirements of software agent. Availability of service providing also depends on supported OS of Enterprise Cloud itself and kernel version of Linux OS. You should ask the availability of them to NTT Com Group.
Items Requirements
Memory size Minimum Value: 512 MB
Disk size Minimum Value: 1GB
OS Windows Windows 8 (32bit/64bit)
Windows server 2012 (64bit)
Windows 7 (32bit/64bit)
Windows server 2008 R2 (64bit)
Windows Server 2008 (32bit/64bit)
Windows Vista (32bit/64bit)
Windows Server 2003 SP1 (32bit/64bit) with patch “Windows Server 2003 Scalable Networking Pack”
Windows XP (32bit/64bit)
Linux Red Hat 5 (32bit/64bit)
Red Hat 6 (32bit/64bit)
CentOS 5 (32bit/64bit)
CentOS 6 (32bit/64bit)
SuSE 10 (32bit/64bit)
SuSE 11 (32bit/64bit)
Ubuntu 10.04 LTS (64bit)
Ubuntu 12.04 LTS (64bit)

Restrictions relating to agent installation

  • You are responsible for the installation of agents to their VMs.
  • You cannot use other antivirus software than VM Anti-Virus together with this service. Make sure to uninstall other antivirus software before using this service.
  • Do not upload agents by mounting ISO image files or CD/DVD drives when uploading it to the VMs.
Restrictions relating to network configuration

  • When the target VM is in a segment which is not directly connected to the vFW/INA, an additional server segment is required to directly connect the vFW/INA and the VM.
Other restrictions

  • You need to apply the legitimate security patches provided by each application vendor for the fundamental solutions because virtual patches are not software code corrections, but temporary measures.
  • You are responsible for activation confirmation (constant monitoring) of agents.
  • Please set IPv6 to ON or OFF correctly when using VM Anti-Virus.
  • Please use a VM without this service installed for Create Template feature of Private Catalog menu. If a template is created from a VM where the agent is installed or installation and activation is completed, when a VM is replicated from that template, this service will no longer be available for the newly replicated VM and the VM used for creating that template. The same applies when used for image backup.
  • VM Virtual Patch does not guarantee that the provided VM Virtual Patch feature has integrity or accuracy, or is suitable for your use. Furthermore, the suitability of the signatures (algorithms that judge the degree of danger and attack traffic) provided by the developers or distributors of the devices making up the VM Virtual Patch feature is not guaranteed.
  • The following information might be provided to the developers or distributors of the devices making up the VM Virtual Patch feature.
    • Configuration information obtained from providing VM Virtual Patch
    • Information obtained from controlling VM Virtual Patch, etc.
  • We cannot guarantee recovery from failures that might occur due to incompatibility between the VM Virtual Patch feature and your environment, or failures that occur due to your operations other than those specified by NTT Com group.