Virtualisation may have proved its mettle in terms of
lowering costs and improving efficiency, but fail to consider the
security implications and you could be putting your business at
considerable risk.
Media coverage of the security threats of
virtualisation have largely focused on the potential for
malware to compromise the hypervisor, or virtual machine monitor
(VMM).
Since this is the base component that oversees all your
virtual machines (VMs), if it is compromised an attacker could
gain root-level access to all your systems with potentially
disastrous consequences.
Ian Pratt, vice-president of advanced products at Citrix and
original architect of the open source Xen virtualisation project,
admits it's a cause for concern.
"There's concern about anything that can penetrate the
hypervisor, because there's a good chance it will then penetrate
other VMs," he says.
Hypervisor threat hyped?
Yet although successful attacks on the hypervisor are possible -
and hackers have previously demonstrated working bug exploits in
Xen, VMware, Microsoft Virtual Machine and other systems -
suppliers are hot on tracking developments and plugging holes
quickly.
As long as you keep everything patched and up to date, the risks
are minimal. To date there have been no major reported attacks of
this nature on organisations.
Pratt and most independent experts believe the hypervisor threat
has been overplayed.
He says: "Any hypervisor contains a lot less code than a typical
operating system. The core of Xen - the bit you need to worry about
having bugs in - is only about 75,000 lines of code, compared with
millions for an OS. So it's a simpler problem than securing Windows
or Linux, and if you make sensible engineering decisions you can do
a good job of minimising the risks.
"For example, XenServer's core hypervisor runs from read-only
flash memory, meaning it can't be overwritten permanently."
Looking ahead, servers such as HP's will soon start shipping
with trusted platform module (TPM) chips that support virtual
environments, which means organisations can ensure when they boot
up that no code has been tampered with.
'Twin towers' scenario
Richard Jacobs, chief technology officer at security vendor
Sophos, says: "There is a hypothetical risk to the hypervisor, but
in the general scheme of securing virtual environments, it's at the
bottom of the list of what people need to worry about."
Jon Collins, managing director of analyst Freeform Dynamics,
agrees. "It's the Twin Towers scenario - disaster may well strike
at some point and no one knows what the consequences might be.
"But from a security perspective, organisations should be
concerned about other threats. For instance, I'd be more worried
about people such as rogue administrators abusing the ability to
create VMs," says Collins.
"It's security's dirty secret that the biggest threat comes from
inside organisations."
Floris van den Dool, head of security for EMEA and Latin America
at Accenture, notes another possibility is security holes entering
the system due to poor configuration of VMs.
"Given the ease of deployment of a new VM configuration,
security errors are more likely," he explains. "For VMs we
recommend the use of secure templates wherever possible rather than
deploying from scratch."
The bottom line
But the real key to minimising the security risks of
virtualisation is to take the holistic view. A virtualised
environment introduces new layers that could be subject to attack
and all must be securely configured and managed.
"Vulnerability and patch management needs to be addressed at
multiple layers," says van den Dool.
Dwayne Malancon, vice-president of corporate and business
development at configuration control specialist Tripwire, adds: "By
combining complete virtual system visibility with a policy-based
approach to configuration an organisation can rapidly assess
whether or not an implementation is conforming to standards."
VM security tips
- Appreciate the architectural differences of a virtual
environment and adapt security policies accordingly.
- Ensure all virtual machines are fully patched and secured on an
ongoing basis (including dormant ones) Ð consider automated tools
or managed services to ensure this happens.
- Apply intrusion detection and antivirus software to all
physical and virtual layers
- Avoid ‘VM sprawl’ Ð enforce policies to ensure VM creation is
closely monitored and machines are decommissioned after use.
- Use secure templates for the creation of new VMs.