—By: Ratnesh Sharma, Director — Global Product Management and Marketing, Citrix.

While Virtualization has become point of concentration for IT industry across the globe, at the same time, security issues of virtualization has not been attended seriously. Author has discussed security issues and challenges of a virtual environment in this article to provide broader picture.

Virtualization has become a hot technology because of its ability to reduce cost by optimizing the existing infrastructure. The flexibility provided by a virtualized environment makes it easy to implement and deploy- but at the same time exposing the application to new security threats across the stack.

Security issues in a virtualized environment are more complex, across multiple layers and are not the same as security issues seen in regular operating systems or applications. On the other hand, virtualization technology in existing security products and tools can help identify and resolve threats more easily in virtualized server and application farms. This article will cover both aspects of the discussion.

Security Issues in Virtualization
To best understand the security issues in a virtualized environment, we will take a layered approach to security.

Figure

At the very bottom layer, we need to address Host based security. If the security of the physical host gets compromised, it affects all the VM’s (Virtual Machines) running on the host and hence becomes a single point of failure for all the VM’s. Next, we need to consider the VM security issues. The approach for securing virtual machines is not the same as securing the host or any operating system. A compromised virtual machine will break the physical host, which could result into access into all other VM’s. The Virtual Machine monitor can become a point of attack from within VM’s if security parameters are not tightened. A security hole or bug in the Virtual Machine monitor can cause unexpected termination or an abort of the VM which is going to affect every instance running on the system. A software tight loop or memory leak kind of issues in monitors will end up in resources being exhausted and may require a reboot of the host which causes downtime to all the VM’s.

The next layer requires securing communication between the VM’s. Maintaining firewall rules in between the VM’s become difficult especially for the static ones. If a rule is constructed over IP addresses that are virtual and running over two VM's hosted on the same hardware then it becomes quite difficult to have it effectively applied. The concept of DMZ and security perimeter is hard to implement, once you have different servers (Web+App+Database) in a virtualized environment on the same blade. Today’s virtualization engines do not have the ability to logically intercept and block the communication within every VM instance running on the same host in a very secure manner.

Maintaining separation of privileges and duties in between VM’s is much tougher. Allowing admin access for any VM would give the ability to get into the physical host environment. Lack of appropriate access control may result in shutting down or rebooting the host machine or a VM. File system and Network level configuration access should be restricted within VM’s. Protection against DoS (Denial of Service) attacks should be handled to ensure that one VM does not end up in using all the physical resources. Memory and CPU usage should be authorized and managed for every VM. For application specific deployment, usage of application based filtering and firewalling should be mandatory. Emulated hardware on VM’s is also attack prone and it is easy to escalate privilege and compromise a system based on the hardware security flaws. Running default host services can also attract attackers because most of the common services have security flaws and unnecessary services can cause a system compromise. Most of the default host configurations run with relaxed security parameters and very few deployments use operating system security levels effectively.
On top of all the new issues, application specific vulnerabilities can still affect the whole environment. A buffer overrun in one application codebase can cause privileged access to other VM memory area if not controlled properly. Safeguarding passwords and encryption keys might also be a challenge if VM’s are sharing memory. This will become a big issue if there is lack of access control policies within VM’s.

Another important aspect is to update the security policies and procedures to account for virtualization. As VM’s use the same physical data storage, memory and peripheral hardware such as network interface controllers, the security requirements and policies need to be rewritten to allow these resources to be shared in an expected way. The existing core security tools like firewalls, intrusion detection systems (IDS) and intrusion prevention systems (IPS) are not designed to support virtualized environments. These tools would not work for protecting the communication in between VM’s. In terms of scalability, it becomes an issue when single physical interface serves traffic for multiple VM’s. This would result in multi fold traffic increase and the existing security infrastructure may not be ready to handle the load.
Software upgrades and patch application become more challenging in a virtualized environment and needs to be done across VM’s. Bringing up a new VM on an existing host will always have the challenges of maintaining the same security level. Configuration management is a much harder challenge when there are five VM instances running on a host emulating five different operating systems. The basic issues start with deploying different anti-virus solutions for the operating systems hosted in the VM instances. The configuration management guidelines need to be rewritten for being effective in virtualized environment.

Using Virtualization in Security Arena

Other aspect of the discussion is to be able to leverage virtualization in security technologies. Security is an important area where virtualization technology can be leveraged by isolating traffic for different VM’s and providing fast disaster recovery solutions. It also helps security researchers in saving costs by conducting their work in a virtualized environment.
There are two ways to implement virtualization in security products. The first is the ability to take a single physical Firewall/IDS/IPS/VPN and partition it into multiple virtual Firewalls/IDS/IPS/VPN to serve different VM’s with different nature of traffic. One host having multiple VM’s would not be served by single firewall because the need of the application can be different. Thus, having virtualized firewalls serving individual VM’s can have application specific policies and controls. This will help in isolating malware traffic and identifying the real request/responses for different VM’s. Virtualization helps running different applications on the same blade and hence the need for powerful application firewalls that can cater to ‘N’ number of application instances.

Another aspect of security virtualization is the need to have different security products and technologies working together on a single host. This is going to help significantly in reducing the cost of hosting different protection mechanisms. Having different products working as individual instances in a single host also helps in reducing unnecessary packet flow in the network. Virtualization of security solutions is more effective in utilizing existing resources better, cutting down on capital, and increasing operational efficiency.

Currently security virtualization is mainly focused on firewalls solutions but areas like intrusion detection, intrusion prevention and SSL-VPNs can be virtualized to route and scan specific traffic. Virtualization of SSL-VPNs ensures that depending on the profile, a mobile user he can be directed to the intranet of a specific division instead of putting up multiple devices to route the user. Similarly, depending on the traffic, firewalls can be scaled up or down and filtering can happen for different profiles in a single box. Today technologically advanced products give a package of security technologies like SSL-VPN, Application Firewall, Content Filtering, DoS/DDoS protection and Content Rewrite. All these technologies are applied from the same control point and thus are much cost effective and easy to manage.

Security researchers are also benefited by the way virtualization helps in setting up malware analysis systems or honeynets. It becomes quite efficient to bring up a honeynet by deploying multiple honeypots in the VM instances. This helps in saving costs and doing faster analysis and management.

Conclusion

Securing a virtualized environment is an absolute necessity today and there is a need for a structured methodology to ensure that security across all layers is effectively addressed by implementing a layered security approach for running Virtual Machines.

Using virtualization within security technologies is the future for security products. The benefits and flexibility provided by virtualized security solutions will be a key vendor differentiator in the highly competitive security landscape.