Virtualisation has become an unstoppable trend in IT, promising not only better use of resources, but also ease of management, lower costs, more flexible systems and even smaller electricity bills.
But cramming multiple virtual machines onto a single physical server comes at a risk. If attackers can penetrate the software that orchestrates the whole virtual environment – the hypervisor, or virtual machine monitor – they can take control of every virtual machine under its control, and all the data stored on them.
Hypervisors are written to be robust and secure, but, like any other piece of software, they will inevitably contain vulnerabilities, which, if discovered by an attacker, could be exploited.
The key to hypervisor security, therefore, is to monitor events within the virtual environment, so any unusual behaviour can be flagged early.
For his MSc thesis at Royal Holloway University of London (RHUL), Fotios Tsifountidis, under the supervision of lecturer Geraint Price, set out to explore the different approaches organisations can use to monitor virtual environments – such as host-based or network-based intrusion protection systems.
In an article now published on SearchSecurity.co.UK, they outline the benefits and disadvantages of the two approaches, and propose a middle way for securing virtual machines that combines benefits of both, called virtual machine introspection.
If your company is deploying virtual systems, this article is essential reading.
The feature is one of five SearchSecurity.co.UK is publishing this year in collaboration with RHUL.
This was first published in May 2011