What the hell is "E-Waste" and why should I care?

E-waste is the mountain of detritus produced by retired, defunked, broken, and disposed-of electronic equipment. It exists in the tons, thousands of tons, and millions of tons and it is comprised of the computers, monitors, keyboards and mice (and every other electronic device you can think of) that gets cast aside. If you live in the United States then all of that electronic trash that you crammed into a garbage pail to be collected by your local waste management company was likely separated from your regular trash and placed in a great heap. That great heap was eventually sold (or even “donated”) to a country like China, India, or one of many in Africa who will receive electronic trash and “recycle” it.

In most, if not all, cases the “recycling” of our electronic trash is a highly toxic, harmful affair that damages human beings and the ground they live on. Computers are comprised of a number of hazardous, and yet valuable, components. Firstly, lead, tin, and copper are salvageable from discarded computers and are of considerable value to those who “recycle” e-waste. Many estimates put the average amount of lead, for example, contained within a singe server grade computer at 7 pounds. Each and every of the hundreds of thousands of discarded computers in the world contain some amount of lead, a notorious toxin that has been banned in almost every Western country because of it potential harm to human neurologic systems.

To some lesser degree, but oddly enough more valuable, trace amounts of gold and platinum are present in every computer ever built. Along with trace amounts of gold and platinum there are equally trace amounts of mercury, cadmium, and cesium. Gold and platinum are of clear value, and their extraction is self explanatory, but, unfortunately, the same techniques used to loose the gold from its hiding places on a circuit board also frees mercury, cadmium, and cesium; three incredibly toxic substances banned in one form or another throughout the world.



The techniques deployed by offshore “recyclers” are predictably rudimentary. Every bit of metal (like lead and tin) is removed with a pair of pliers and a hammer. The remaining plastics that have copper, gold, and platinum hidden within them are simply lit on fire. Gasoline will suffice to cause the metals to heat to a point that they liquefy and pool beneath the fire. Of course batteries, and other components, containing toxic material are melted causing them to release their contents. In some cases volatile compounds rise into the air while other (less volitile compounds) simply drip down along with the remaining metals and are promptly discarded by the “recyclers.”

In any case the resultant environmental harm is incalculable. Immediate effects are visited upon the recyclers themselves who suffer, according to a single Medecins Sans Frontieres report, alarmingly high rates of cancer, sterility and birth defects. Secondarily the soil, water, and air immediately surrounding these “recycling” centers is incredibly toxic and again results in incredibly high rates of cancer and birth defects. Lastly, are the least tangible the effects of volatile compounds being released into the atmosphere. No research has been done to uncover how far these gasses might drift and what damage they are doing to air quality and the environment where they land.



The simplest thing we can do to stop this is to take our discarded electronic equipment to a certified e-waste recycler. In the state of California the Department of Waste Management maintains a list of certified recyclers. Luckily for Californians our state has adopted legislation making it illegal to offshore e-waste. The European Union, as well, has enacted laws that prevent off-shoring of e-waste. The United States, though, is woefully remiss in e-waste legislation. Some congressional resolutions do exist but we are far from having any enforcement teeth to prevent e-waste off-shoring.

There are a few things you can do to help congress make the right choices. House Resolutions 425 and 320 are stuck in committee. Both of these pieces of legislation would go a long way toward preventing the harm to human life and the planet caused by offshore e-waste “recyclers.” Email, call, or write your congressman or woman and tell them you are concerned about e-waste. Or simply talk to your friends at your next dinner party about his problem. Awareness is probably 90% of the battle (which we can win by talking about it).

Cap and Trade

Primer:
Cap and trade is a fairly simple concept and is based upon the idea that carbon emissions can be traded. The first step is to establish a baseline for carbon emissions for every industry that is a major contributor to greenhouse gasses.

Energy companies are a fairly good example and in particular we might consider coal fired energy plants. A federal regulating agency (yet to be named or formed) would be tasked with establishing some normative level of emissions for all carbon emitters (that number could be based on an average of all emissions from all energy plants nation wide or it could be just the average for coal fired energy plants as in the example above). In any case a bench mark is established.

Because the benchmark is based upon an average, my particular coal fired energy plant might do better or worse then the established benchmark. If I am better than the benchmark then this constitutes a credit. If I am worse than the benchmark then I may suffer a penalty. Penalties often take the form of increased taxes (although they don't have to). If my coal fired energy plant is looking at a penalty, I may be able to reduce or eliminate that penalty by purchasing a carbon credit from the aforementioned coal plant that was beating the benchmark. Basically, that's it; a cap on emissions and trading credits.

What I think is the best aspect of this system is that the federal regulating agency can constantly move the benchmark down to encourage industry to more greatly reduce carbon emissions. Cap and Trade then creates it own incentive program for reducing CO2 (and other greenhouse gases) and makes it possible for the Obama administration to reach it stated goal of 80% reduction in carbon emissions by 2020. Another way to look at this is that carbon credits will become incredibly valuable assets that savvy industry leaders will take advantage of. In my mind this is a total windfall revenue stream; by reducing emissions in my business, I can then capture revenue from third parties without any additional effort. Yeah I'll take that deal.

So you know what would be super awesome? If we could all get in on this deal. Well as it turns out we just might be able to. The Chicago Climate Exchange provides a mechanism, like the New York Stock Exchange, where carbon can be traded. Admittedly, it’s a purely voluntary experiment at the moment, but the possibilities are inciting (to say the least). If you are a major greenhouse gas contributor then your seat on the Chicago Climate Exchange is assured, for the
rest of us there are a variety of ways to contribute. Enterprise businesses can certainly take steps to reduce their carbon consumption and trade that reduction on the exchange. And individuals can purchase carbon offsets for personal trading.

With any luck the Obama administration will tie the cap and trade proposal to the Chicago Climate Exchange (or some other similar entity) and all of us will not only be able to participate but we may in fact see real economic benefit.

Green IT Legislation

Federal:
The Federal government is just starting to take notice of electronic waste issues. By and large these initiatives seek to either better regulate electronic waste through the EPA or create tax incentives to encourage recycling. House Resolution 1165 establishes the National Computer Recycling Act that requires the EPA to administer a fee program to assist electronics manufactures in recovering electronic waste (not unlike glass bottle redemption programs).

The most current e-waste legislation was proposed in January 2005, HR 425 the National Computer Recycling Act, basically a grant and fee program to encourage recycling. HR 320 the Tax Incentives to Encourage Recycling Act (TIER) encourages manufactures of electronic equipment to provide recycling resources for their customers.

These initiatives have more or less been stuck in committees on Capital Hill over the past four years. But, the times appear to be changing (roughly over the past 100 days). On April 17 2009 the EPA declared greenhouse gases harmful to humans and is in the process of regulating these environmentally damaging substances. No one yet knows what this will mean in terms of enforcement or regulation exactly; nonetheless it is a significant step toward meaningful environmental protections.

Additionally, Representative Henry Waxman's Cap and Trade bill is gaining momentum in the House and heavily favored by the president. Albeit, the president has turned his attention to health care initiatives, but no one would believe that some form of this bill will not pass within the next 3 years.


State:
The leaders in electronic waste legislation among the states are California, Maine, Maryland, and Washington. With the Electronic Waste Recycling act, California became the first state to impose an advance recovery fee (ARF) on the sale of electronic products, as well as, strictly controling the disposal of electronic equipment. Presently, it is illegal for Californians to dispose of regulated electronic equipment in landfills. All e-waste must be disposed of by a California authorized recycling center.

There is similar legislation in Maine, Maryland, and Washington.

Simple landfill bans that prohibit disposal of e-waste in landfills have been passed in Arkansas, Hawaii, Maine, Massachusetts, Minnesota, and North Carolina.

International:
International legislation is far more toothsome than our own. Among international governments, the European Union (EU) is far and away the leader in strictly addressing the issue of e-waste. More specifically, there are two directives that control e-waste; the Waste Electrical and Electronic Equipment (WEEE) Directive and the Restriction of Hazardous Substances (RoHS) Directive.

Security Concerns with Virtual Networks

The host OS is far and away the biggest concern. If the host OS can be compromised then the attackers owns every virtual machine on the box. In some ways this compounds the problem of a security breach. In the physical computing world a single compromised box means losing control over the services and application on that box. Admittedly that one compromised box can be used as a reflector to attack every other machine on the network, but the scope of the compromise is less in comparison to a virtual host that has been compromised. This is pretty obvious if I can compromise a box hosting 8,10, 100 virtual machines than the scope of the compromise is magnified that many times.

• Mitigating factors are pretty obvious as well. Diligent patching, firewall protection, and security policy enforcement.

Denials of service attacks are also magnified. If an attacker can direct a denial of service attack against the host OS then all hosted virtual machines will suffer. So rather than just your web server going down because of a DoS everything hosted on your virtual platform goes down as the result of a targeted DoS.

• Mitigating factors are the same as physical machines; deploy a reliable firewall.

Directly attacking the virtual platform itself is of considerable concern as well. Although the leading vendors of virtualization platforms have assured their users that compromise through direct attack is impossible (or nearly so). I have heard that claim too many times, from too many other software vendors, to believe it. As with any software solution security of this kind comes primarily from the developers who actually wrote the code and the architecture itself. Both of these sources are far too fallible to trust completely.

• Mitigating factors are to first have a firewall between your virtualization host and un-trusted sources that has the ability to identify common exploits like buffer overruns and malformed packets without a particular signature. And keep your virtualization platform patched diligently.

Security Benefits of Virtualized Networks

There are some non-obvious benefits of using virtual networks that can greatly impact the architecture utilized to secure virtual networks.

• No node or route discovery protocols. There is a two fold benefit to this behavior. First information about network access is intrinsic to the creation of the virtual network, therefore no need to use discovery protocols. Secondly, there is no reason to allow hosts to modify this information read only copies are all that is necessary.
• No Dynamic Trunking. By not supporting this feature virtual networks provide a protection against mis-configuration and exploitation. This prevents an external 3rd party (of any kind) modifying vLAN trunking and potentially corrupting the virtual instantiation itself or the supporting virtual switches by rewriting the truck structures.
• No Native vLAN. This is a very similar behavior to preventing Dynamic Trunks. Native vLANs provide a mechanism through which untagged packets are assigned to a default (or native) vLAN. This prevents a malicious host from dropping untagged packet on a virtual segment allowing those packets to arrive at an unintended destination.
• Virtual Switches do not share physical NICs. Primarily this prevents leaking of information from one switch (or vLAN) to another.

Virualization Basics

OK these are very broad brush strokes but they should establish a general baseline from which to proceed. In the most basic virtual machines are comprised of a processor, memory, network access card, and file storage just like their physical counterparts. The primary difference being that although a virtual machine may believe it is the exclusive device on a given set of resources it actually shares those resources among one or more other devices (including the host operating system).

The first step in accomplishing this is to immolate processor resources. Processor resources can be provided by binding a software CPU socket to an individual processing thread. The single thread then appears like a processor to the virtual machine. Process threads can run in isolation such that private information cannot be leaked and a crash in one thread does not affect other threads.

Memory allocation is somewhat similar. The virtualization platform begins by reserving a chunk of protected memory space. It then divides up that space among the hosted virtual machines. The underlying virtualization platform remaps memory address space for each virtual machine so that each machine thinks it has its own native memory. What’s great about this strategy is that protected memory space acts as a sand box so any execution errors inside it cannot bring down the host machine. Furthermore by remapping memory addresses virtual machines have no mechanism to gain illegal access to a companion virtual machine or the host operating system.

Network access is achieved by creating virtual network adapters within the virtual machine and mapping those virtual adapters to the physical network interface card via layer 2 protocols that support bridging and vLAN tagging. These protocols can be used to provide either tighly integrated high speed connectivity between the virtual NIC and the physical NIC (in the case of bridging) or vLAN tags can be used to create isolation between the virtual NIC and the host.

Lastly, (ok there is a lot more to it than this) disk space must be provided. I think many of us intuitively grasp how this works. The virtualization platform creates a file and maps that file to a drive interface. Host operating system file permission schemes insure that one virtual machine cannot access another virtual machine’s drive.

Virtual Security...?

Many companies are moving to virtualized server resources for a variety of reasons. Foremost cost savings drive the decision to virtualize servers. Clearly a reduction in energy consumption is the most apparent and valuable benefit of virtualization. Additionally, server virtualization reduces the server footprint within the data center, simplifies provisioning, and streamlines business continuity strategies. With all that going on server virtualization seems like a panacea, a promised land that solves the largest operational issues facing IT departments. Unfortunately the panacea has forces acting upon it, like plate tectonics security threats can drive cracks into virtual networks and eventually break the promised land.

Virtual networks are, puns aside, virtually identical to physical networks. In the same way that physical networks carry information over segmented networks, virtual networks carry information over virtual networks. A reasonable analog to describe virtual networks is vLAN (802.1Q) technology. Effectively virtual platforms rely on creating multiple virtual networks derived from a single interface. This technology is very well established and runs on probably every firewall and switch in your network. Different vendors of virtual platforms use proprietary mojo to do this efficiently but essentially all virtual networks conform to vLAN standards.



vLAN technology provides an incredibly effective method of creating segmentation and isolation of networks easily. But, none of us would consider vLAN segmented networks secure by themselves. Almost always on physical networks we require that some mechanism be put in place between segmented networks to prevent security breeches. These mechanisms can take many forms including Intrusion Prevention (IPS) and firewalls. Regardless of the security mechanism, I think everyone feels that these measures are just commonsense.

Virtual networks oddly seem to have escaped this basic application of security commonsense. I am not exactly sure why we suddenly feel safe once our formerly segmented networks are collapsed onto a single platform. Even if we provide segmentation between the application services running within virtual machines there is no mechanism to secure those applications. Just like physical networks virtual networks are only useful when they provide access to resources that your users or customers need. And as soon as you provide useful resources to your users or customers you immediately open those services to attack.

The simplest example is a website running on a virtual machine. Even though that webserver is running in an isolated segment nothing prevents a malicious user from attacking the webserver. Clearly a virtualized network segment will not prevent defacement of the site, cross site scripting, buffer overrun attacks, or any of the myriad other assaults websites are frequently subjected to. The only way to prevent attack on this webserver, or any other application service for that matter, is to utilize a security device to analyze the application layer traffic. Your firewall or IPS is the only mechanism that will thwart attacks on physical or virtual networks.

Clearly virtual networks need security but as it turns out its not as easy as just plunking a firewall down on the physical network and expecting it to handle all the security for your virtual network. The most obvious problem with this scheme is that traffic between isolated virtual segments will have to exit the virtual network through the physical interface, proceed to the firewall via the nearest switch, have its traffic analyzed and then have all that traffic returned to the virtual application. Wow! That's allot of round trips for your application services traffic. In most cases bandwidth consumption will be doubled via this architectural proposal.

The next problem with this scheme is that the benefits of virtualization, outlined above, can be seriously and negatively impacted. Suppose for example the same webserver described above is moved by a systems administrator for maintenance. Normally a virtual machine can be moved from one virtual location to another without effecting service to the end user. Now that you have an exit trip to a firewall, how is that traffic going to find its way back again to an application server that may no longer reside on that same machine (or even that same part of the world for that matter). Mid session traffic that appears to be coming from a new IP will quite rightly be dropped. Without a firewall that integrates with your virtual platform most, if not all, of the virtualization benefits will be sacrificed for security.

The next issue facing virtualization solutions is the problem of directly attacking the network virtualization mechanisms themselves. It would be short sided in the extreme to believe that network virtualization technology is somehow immune from direct attack. If, as in the example above, the firewall is located externally and on the physical network there is almost no hope of preventing this type if attack. The primary issue is that code executing at the application layer of a virtual machine might be used to compromise the virtual platform itself. If this happens the compromised virtual machine has full access to every virtual application being hosted by the virtualization platform. Simply put if an attacker owns the virtualization platform there is no longer a round trip to the external firewall. All data from every virtual machine can simply be exported via the compromised machine.


In my mind physical security measures are not effective within virtual networks. Virtual networks must be protected by a fully integrated virtual appliance that not only fully supports virtualization benefits but also protects the virtual platform itself from attack. It is not sufficient to simply locate an external physical firewall and route traffic through it. Not only is this scheme costly in terms of the shear volume of unnecessary duplicate traffic but it is ineffective. If a virtual machine is able to compromise the virtualization platform external firewalls are rendered useless.

It only make sense to deploy a fully certified virtual security appliance within your virtual networks. In the same way that physical networks use physical security appliances to prevent attacks, virtual networks require virtual security solutions that run on the virtualization platform to not only protect the applications hosted there but also to protect the virtual platform itself.