New security issues raised by server virtualization

Embotics – This is part two of a three part article that looks at the impact of server virtualization on datacenter management, security and compliance. Part one looked at the differences between physical and virtual servers, and the impact of this on the datacenter. This article will look at the new security issues.

Many organizations are relying on the IT policies, processes and toolsets established in the “pre-virtual” datacenter to manage and protect virtual servers, which makes sense. However, virtualized environments do face the same operational threats and risks as traditional servers. But, there are also some specific security implications that must be considered.

New Operating System

The virtualization layer (or hypervisor), is effectively another operating system in the data center – the first in a long time that brings configuration and patching issues.

The good news is that hypervisors tend to carry a much smaller footprint than a traditional operating system with a correspondingly lower potential for security holes. And you will not find a hypervisor surfing the Internet and downloading code. But at the same time it is still relatively immature product, and vulnerabilities are continually found. These vulnerabilities are usually quickly fixed, but should be monitored and tracked.

The maturity of hypervisor technology also shows in its vetting and certificating infrastructure. Plug-ins and add-ons, for the most part, do not go through the testing and certification processes that we see on standard OS’s which can be problematic.

New Target in the Datacenter

Given its access to multiple Virtual Machines (VMs), the hypervisor is an obvious target for attackers, which if compromised could potentially provide access to a range of servers rather than a single “physical” server. And, you only have to look at the buzz coming out of the Black Hat conferences to understand how much of a target the hypervisor represents.

In 2005, the Homeland Security awarded research firm Intelguardians a $1.2 million contract to investigate whether virtualization products could be compromised. Intelguardians found that they could.

Intrahost threats

A successful guest breakout (where someone breaks out of the guest OS into the hypervisor), would result in an attacker gain access to all traffic from the virtual machines. (Intelguardians demonstrated just such an incursion at the SANSFire show last year). This was an attack in a lab, but you can bet these researchers are not the only ones in this race.

Referred to as “Hyperjacking”, an attack like this would lead to a compromised platform, allowing full access to all hosted guests. Malicious software could also disguise its presence from traditional security tools that reside in software layers above the hypervisor.

While from a pragmatic point of view, we have not yet heard of a working prototype or found a virus in the wild that attacks the hypervisor yet; - the writing is on the wall and it is only a matter of time before we do.

Existing Security Tools

The traffic inside the host (from VM to VM) effectively occurs on a “private LAN”, meaning that traditional network security tools cannot see it, making it impossible to inspect or protect traffic inside this “dead zone.”

Also, many types of security and monitoring tools need to know what they are protecting and where it is in order to be effective - the mobility of VMS can be problematic here.

Other security technologies like IDS, IPS, Data Leak Prevention and Malware Prevention also can be impacted. The constant change enabled by virtualization can place dynamic demands on any “static” types of security solutions, in even small virtualized infrastructures.

Bottom line: Some of your security infrastructures will not work well in a virtualized environment. And a security product that does not work well to all intents and practices does not work at all.

Increased Risk of Sprawl

With virtualization we are now dealing with environments where traditional control systems and processes does not work very well, where IT staff is having to plug the gaps with manual process and tracking, and where new VMs can be deployed in minutes. This means a much higher risk of sprawl in the virtual world than in the physical.

In working with customers we have found that most organizations with reasonable control systems will still have around 30 percent of the VMs in their environment that are unnecessary or obsolete, but it takes an audit to figure out which ones and where they are.

Sprawl is not only expensive (it can easily consume the original savings generated through server consolidation), but it is also risky. If you cannot account for all the VMs in your environment, or if you cannot track them properly, then you end up with potential holes in your security blanket.

Sprawl also increases complexity. Running more VMs in the environment than you need make it

  • More difficult to spot the dangers
  • More difficult to maintain configurations, and
  • More difficult to troubleshoot

Worse, this is a self perpetuating cycle. The more out of control you get, the more you have to fill in with manual process…the more manual the process, the greater risk for error and the less time to control…and, the more out of control you get, the worse it becomes.

The final article in the series looks at both data center impacts and security impacts and introduces best practices for the management and control of this critical infrastructure.

Part 1: Differences between physical and virtual servers and what this means for the data center

Part 2: New security issues raised by server virtualization

Part 3: Best practices for controlling and managing virtual machines

Related:
ITWorld DealPost: The best in tech deals and discounts.
  
Shop Tech Products at Amazon