InfoSecurity India's First Magazine on Comprehensive IT Security
Menu Bar
InfoSecurity Nov 2009
Anniversary Special
Virtualization Security:
Emerging Challenges and Trends

The global industry is turning towards virtual computing. But security is still not been addressed in a sincere mode. This article unveils the security challenges of virtual computing environment and also discusses emerging trend in this space.

Virtualization has provided tremendous benefits to organizations and is rapidly becoming a mainstream platform for deployment of production applications in the data center. At the same time, the new paradigm of application management driven by encapsulation, portability and flexibility requires new platform security architecture that combines features of platform, OS, and distributed application security. The sheer size of virtual infrastructure deployments necessitates a high degree of policy-driven automation as well as integration with existing enterprise IT systems, especially in the area of user management and directory services.

Vendors have been positioning their solutions by focusing on potential virtualization vulnerabilities. Yet that’s not what enterprises care most about. In fact, the overwhelming response to the vendor vulnerability message is “so what’s the big deal?” Instead, what’s top of mind for enterprise IT practitioners is compliance, yet most Virtualization Security vendors aren’t articulating the ways in which their products can help enterprises address compliance concerns. What’s not top of mind – and should be - is that virtualization makes the strong perimeter defense obsolete.

Virtualization introduces new challenges for Enterprises to monitor and secure virtual networks. Because virtual machine-to-virtual machine (VM2VM) communications inside a physical server cannot be seen by traditional network and security devices, this complicates problem identification and resolution, potentially erasing the cost-savings associated with virtual environments.

Why Virtualization Security?

As customers deploy more business-critical applications on virtual infrastructure, securing those applications and the associated sensitive and valuable data becomes a larger concern. This involves protecting virtual infrastructure against the same sort of security threats that plagued traditional IT infrastructure. In addition, securing virtual infrastructure presents some new, unique challenges that did not previously exist.

With traditional IT infrastructure, organizations typically identify risk and potential vulnerability to threats from a wide range of sources that may affect confidentiality, integrity, or availability at the system, network, and application level. IT administrators have at their disposal a number of different tools to address these issues, such as detecting and addressing potential vulnerabilities of different infrastructure components, checking for specific types of file activity or download, and monitoring systems for other unusual behavior or unauthorized access. In most cases, Administrators can use the same or similar methods and tools with virtual infrastructure as they use with traditional physical infrastructure.

Here are a couple of examples:

  • Application servers – for example, if one uses antivirus, host IPS or IDS solutions to detect or prevent problems on a system where an enterprise application runs, those same solutions should be installed if the application runs in a virtual machine.

  • Local Area Network (Virtual Network) – for example, if a LAN segment between two physical servers requires a firewall, once the servers are virtualized, the virtual servers would also require a firewall on the virtual network.

Understanding in Depth…….

Virtual infrastructure opens up several new possibilities of security issues unique to the virtualization platform itself. Here are some of the moves, adds and changes brought about by virtualization that raise new security concerns:

  • Physical access is not so physical any more and the data center perimeter may be less clearly defined – changes that previously required physical access to servers can be made over the network once the environment is virtualized. Ease of deploying and managing virtual machines can actually benefit some aspects of security by enabling encapsulation and isolation of the components that previously co-existed. At the same time this flexibility and portability needs to be properly managed and controls tightly enforced.

  • Deployment of new servers, cloning of drives, and booting machines from an alternative location all previously required physical access to the data center with authorization tightly enforced by security measures such as card keys or physical rack keys. The same operations can now be performed via virtual infrastructure clients running on laptops that are outside of the data center. As a result, virtual “hardware” components of the virtual machines may be at risk and less secure than hardware of physical application servers.

  • Sensitive data is hosted within virtual machines – as enterprises move mission-critical applications to virtual infrastructure, sensitive data is also moved into virtual machines that are more portable and IT managers may have less control of servers or locations where virtual machines run.

  • Configuration flexibility and rate of adds, moves and change is increasing – the flexibility of virtualization plus increased number of infrastructure administrators provides more opportunities for potential intrusion and access. There are generally a lot more changes made to virtual infrastructure than physical IT infrastructure, because it is a lot easier to make changes, all of which increases security risks. Also, if environments deploy Storage Area Networks (SANs), taking advantage of virtual machine portability requires SAN security to be relaxed (masking and zoning specifically) to allow virtual server farms to have access to a pool of LUNs.

  • Larger impacts for successful exploits – with many virtual machines running on each virtualized server (and all the associated applications, operating system, configuration, and data), a security breach or compromise of for example, a single VMware ESX server may compromise a significantly greater number of virtual servers, applications, and data.

Base Line…..

As popularity and adoption of virtualization grows, the introduction of virtual infrastructure as a new platform brings out the threat of new vulnerabilities similar to the attacks, threats, and vulnerabilities that traditional infrastructure encounter. At the same time the number of users who have access and need to manage virtual systems is increasing, leading to the need for systematic management of access and security in virtual infrastructure.

—By: 'InfoSecurity' Bureau.


Home   |   Current Issue   |   Archives   |   Subscription   |   Advertisement   |   Contacts

© 2006-07 'InfoSecurity' magazine. All rights reserved.
Website designed, developed and maintained by Fanatic Media