Virtualisation seems like the solution to managing IT systems, but what are its faults?
- Article 18 of 33
- SC Magazine, October 2009
In a complex security world, virtualisation seems to be a brilliant solution. But the VM path is strewn with pitfalls, says Rob Buckley
Page 1 | Page 2 | Page 3 | Page 4 | Page 5 | Page 6 | All 6 Pages
Virtual networking also offers simpler security, says Trevor Dearing, head of enterprise marketing at Juniper, one of the leaders in virtualised networking: “Traditionally, you build barriers such as firewalls and IPS devices. Now you don't have to build multiple barriers and multiple policies, since we've built a more powerful device that can collapse multiple virtual networks into that device, which contains a firewall and IPS. You can then create security zones and define policy from the bottom of the stack up.”
But virtualisation also brings fresh security worries. If server consolidation converts ten real servers into one real server hosting ten virtual servers, that reduces ten points of failure to just one.
The hypervisor itself also becomes a possible avenue of attack. Flaws do occur in the software. Market leaders VMware and Microsoft have had their hypervisor security circumvented: exploits allowing an attacker to escape from the virtualised environment and run code directly on the host, in Microsoft's case.
However, Fredrik Sjöstedt, director, EMEA product marketing at VMware, says the hypervisor presents a very small target for hackers and that there are more obvious areas to consider. “If you look at the size of the code base, the attack angle on the code presents minimal surfaces. We have Q&A systems and nothing goes out without passing through private and public beta programs.”
Less obvious sources of risk are the admin tools, typically web browser-based and, says Rendell, vulnerable to attacks such as cross-site scripting. In theory, there's the possibility a malicious virtual machine could be hooked up to the stack and used instead of the real version. And there's an equally theoretical exploit wherein a rootkit could be installed on the boot sector and the VM hypervisor gets loaded as a guest environment.
These vulnerabilities, when they are real rather than theoretical, are relatively rare, and hard to exploit. Direct access to the server or storage system is, however, something that affords an attacker greater opportunities. If apps were once running on 50 separate servers and are now running in 50 virtual servers on a single physical server, it's far easier to steal all the data than it once was. In virtualised environments where a single ‘image' file corresponds to an entire guest operating system's hard drive, it is easier to make a copy of data and take it away for later use.
Floris van den Dool, head of security for EMEA and Latin America at Accenture, says the ease of deployment of VMs means it is simpler to make mistakes and overlook the requirements of security. “If you do it wrong, there's a big impact. It's easier to make a mistake and overlook vulnerabilities.”
He recommends the use of ‘secure templates' to reduce the risk of user error. “These are almost like scripts that you run,” he says. The templates provide the same security configurations to each of the machines and reduce the amount of configuration needed. “To really get the benefits of virtualisation, you need to automate it as much as possible.” Van den Dool also recommends reducing access to the management console to the minimum. “VMs go back to the old mainframe days and the controls we used to have. Access to the console needs to be restricted and access logged in files.”
Security templates that encapsulate security-team processes also help overcome that dread problem: too many requests, not enough time. Peter Wilkins, technical director at desktop virtualisation consultancy Centralis, says, “When you're under pressure, it's easy for corners to be cut”. By sticking with proper processes, going through proper testing, it's easier to avoid problems.
Most hypervisor vendors have guides to best practice, but standard ITIL, PCI DSS and ISO/IEC 27000 guidelines offer similar protection, says Simon Godfrey of CA, particularly when it comes to access management: “Managing privilege, the principle is that everyone should have the least privileges appropriate. ITIL's focus is around access management.” Depending on the size and scale of the organisation, there is a variety of duties that could and should be separated into separate teams. Access to the hypervisor itself should be “super, super, super user-restricted, with a sole or dual-person access”, says Godfrey.
Page 1 | Page 2 | Page 3 | Page 4 | Page 5 | Page 6 | All 6 Pages