As advent of virtualization has added dynamic direction to business, it also has opened up various security challenges for organizations. This article takes a look at those challenges and attempts to provide preventive measurements.
Security of Virtualized environment needs to be looked as a new area and a formal plan needs to be created to address new set of issues. Without securing Virtualized environment, one risks a lot of information that can affect the whole infrastructure. There is a need for a structured methodology to ensure that security across all layers is effectively addressed by implementing a layered security approach for running Virtual Machines.
Security Challenges in Virtualization
To best understand the security issues in a virtualized environment, we will take a layered approach to security.
Figure:-
At the very bottom layer, we need to address Host based security. If the security of the physical host gets compromised, it affects all the VM’s (Virtual Machines) running on the host and hence becomes a single point of failure for all the VM’s. Next, we need to consider the VM security issues. The approach for securing virtual machines is not the same as securing the host or any operating system. A compromised virtual machine will break the physical host, which could result into access into all other VM’s. Hosting multiple guests on a single physical host, introduces the possibility of guest-to-guest attacks after a VM is compromised. The Virtual Machine monitor can become a point of attack from within VM’s if security parameters are not tightened. A security hole or bug in the Virtual Machine monitor can cause unexpected termination or an abort of the VM which is going to affect every instance running on the system. A software tight loop or memory leak kind of issues in monitors will end up in resources being exhausted and may require a reboot of the host which causes downtime to all the VM’s.
The next layer requires securing communication between the VM’s. Maintaining firewall rules in between the VM’s become difficult, especially for static rules. If a rule is constructed over IP addresses that are virtual and running over two VM's hosted on the same hardware, it becomes quite difficult to have it effectively applied. The concept of DMZ and security perimeter is hard to implement, when you have different servers (Web+App+Database) in a virtualized environment on the same blade. Today’s virtualization engines do not have the ability to logically intercept and block the communication within every VM instance running on the same host in a very secure manner.
Maintaining separation of privileges and duties in between VM’s is much more difficult. Allowing admin access for any VM would give the ability to get into the physical host environment. Lack of appropriate access control may result in shutting down or rebooting the host machine or a VM. File system and Network level configuration access should be restricted within VM’s. Protection against DoS (Denial of Service) attacks should be handled to ensure that one VM does not end up using all the physical resources. Memory and CPU usage should be authorized and managed for every VM. For application specific deployment, usage of application based filtering and firewalling should be mandatory. Emulated hardware on VM’s is also attack prone and it is easy to escalate privilege and compromise a system based on the hardware security flaws. Running default host services can also attract attackers because most of the common services have security flaws and unnecessary services can cause a system compromise. Most of the default host configurations run with relaxed security parameters and very few deployments use operating system security levels effectively.
On top of all the new issues, application specific vulnerabilities can still affect the whole environment. A buffer overrun in one application codebase can cause privileged access to other VM memory area if not controlled properly. Safeguarding passwords and encryption keys might also be a challenge if VM’s are sharing memory. This will become a big issue if there is lack of access control policies within VM’s. Replay attacks are easier to perform in virtual environments with given support for undo/redo operations and snapshots. One-time passwords that leverage time synchronization may not be as secure as they are considered today. An attacker could identify the authentication operation, note the OTP used, revert to a snapshot prior to the submission, and replay the entire event successfully.
Another important aspect is to update the security policies and procedures to account for virtualization. As VM’s use the same physical data storage, memory and peripheral hardware such as network interface controllers, the security requirements and policies need to be rewritten to allow these resources to be shared in an expected way. The existing core security tools like firewalls, intrusion detection systems (IDS) and intrusion prevention systems (IPS) are not designed to support virtualized environments. These tools would not work for protecting the communication in between VM’s. In terms of scalability, it becomes an issue when single physical interface serves traffic for multiple VM’s. This would result in multi fold traffic increase and the existing security infrastructure may not be ready to handle the load.
Software upgrades and patch application become more challenging in a virtualized environment and needs to be done across VM’s. Bringing up a new VM on an existing host will always have the challenges of maintaining the same security level. Configuration management is a much harder challenge when there are five VM instances running on a host emulating five different operating systems. The basic issues start with deploying different anti-virus solutions for the operating systems hosted in the VM instances. The configuration management guidelines need to be rewritten for being effective in virtualized environment. Beyond the soft points, physical security is another challenge with VMs because stealing a VM does not require moving the physical system. Without making any damage to original VM and hardware, complete image can be copied into a USB drive, resulting in a security breach.
Conclusion
Securing virtual environment is a matter of serious attention and it requires a thorough understanding of your virtual infrastructure. Proactive preventive measurements obviously can keep your organization in a safe side but a continuous review of policy and situation is another point to remember.
—By: Ratnesh Sharma, Director, Product Management and Marketing, Citrix R&D, India |
