Virtualisation could invite devastating attacks, warns ISACA

Here's an artist's impression of what the end of the world could looklike, if cyber terrorists exploit the weaknesses of virtualisation The world's IT infrastructure could be taken out by a three pronged attack on an insecure virtual framework, warns a new white paper by security experts ISACA. &quo

attack.jpg

Here's an artist's impression of what the end of the world could looklike, if cyber terrorists exploit the weaknesses of virtualisation

The world's IT infrastructure could be taken out by a three pronged attack on an insecure virtual framework, warns a new white paper by security experts ISACA.
"Virtualization: Benefits and Challenges" outlines how the forces of cyber evil could combine to attack a trio of weak points in virtualised environments. The paper predicts that three hacksmen of the apocalypse could attack the virtualisation structure, virtualisation features and exploit the lack of compliance and management.
In the doomsday scenario, hyperjacking and virtual machine (VM) jumping could be rife. Though hyperjacking is a theoretical attack scenario, it has earned significant attention because of the major damage that could be caused when the theoretical and virtual combine.
"When virtual meets theoretical, you'd better shut away your intangibles," said one terrified security manager.
In the nightmare to come even features like VM migration and virtual networking functions will not be safe. Meanwhile, plague and pestilence will rot away at the framework of compliance and management. The number and types of VM can easily get out of hand and we could witness VM sprawl. Dormant VMs will make it a challenge to get accurate results from vulnerability assessments, patching and auditing.
To combat these risks, ISACA called on security managers to harden their hypervisors, get physical with virtual segments and start using transport encryption - before it's too late.
 "Virtualisation has become a more common practice," said report author Ramsés Gallego. But they must consider the security risks and governance considerations.

This was last published in December 2010

MicroScope+

Content

Find more MicroScope+ content and other member only offers, here.

Read more on Threat Management Solutions and Services

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

ComputerWeekly

SearchITChannel

Close