The virtualisation threat

Virtualisation may have proved its mettle in terms of lowering costs and improving efficiency, but fail to consider the security implications and you could...

Virtualisation may have proved its mettle in terms of lowering costs and improving efficiency, but fail to consider the security implications and you could be putting your business at considerable risk.

Media coverage of the security threats of virtualisation have largely focused on the potential for malware to compromise the hypervisor, or virtual machine monitor (VMM).

Since this is the base component that oversees all your virtual machines (VMs), if it is compromised an attacker could gain root-level access to all your systems with potentially disastrous consequences.

Ian Pratt, vice-president of advanced products at Citrix and original architect of the open source Xen virtualisation project, admits it's a cause for concern.

"There's concern about anything that can penetrate the hypervisor, because there's a good chance it will then penetrate other VMs," he says.

Hypervisor threat hyped?

Yet although successful attacks on the hypervisor are possible - and hackers have previously demonstrated working bug exploits in Xen, VMware, Microsoft Virtual Machine and other systems - suppliers are hot on tracking developments and plugging holes quickly.

As long as you keep everything patched and up to date, the risks are minimal. To date there have been no major reported attacks of this nature on organisations.

Pratt and most independent experts believe the hypervisor threat has been overplayed.

He says: "Any hypervisor contains a lot less code than a typical operating system. The core of Xen - the bit you need to worry about having bugs in - is only about 75,000 lines of code, compared with millions for an OS. So it's a simpler problem than securing Windows or Linux, and if you make sensible engineering decisions you can do a good job of minimising the risks.

"For example, XenServer's core hypervisor runs from read-only flash memory, meaning it can't be overwritten permanently."

Looking ahead, servers such as HP's will soon start shipping with trusted platform module (TPM) chips that support virtual environments, which means organisations can ensure when they boot up that no code has been tampered with.

'Twin towers' scenario

Richard Jacobs, chief technology officer at security vendor Sophos, says: "There is a hypothetical risk to the hypervisor, but in the general scheme of securing virtual environments, it's at the bottom of the list of what people need to worry about."

Jon Collins, managing director of analyst Freeform Dynamics, agrees. "It's the Twin Towers scenario - disaster may well strike at some point and no one knows what the consequences might be.

"But from a security perspective, organisations should be concerned about other threats. For instance, I'd be more worried about people such as rogue administrators abusing the ability to create VMs," says Collins.

"It's security's dirty secret that the biggest threat comes from inside organisations."

Floris van den Dool, head of security for EMEA and Latin America at Accenture, notes another possibility is security holes entering the system due to poor configuration of VMs.

"Given the ease of deployment of a new VM configuration, security errors are more likely," he explains. "For VMs we recommend the use of secure templates wherever possible rather than deploying from scratch."

The bottom line

But the real key to minimising the security risks of virtualisation is to take the holistic view. A virtualised environment introduces new layers that could be subject to attack and all must be securely configured and managed.

"Vulnerability and patch management needs to be addressed at multiple layers," says van den Dool.

Dwayne Malancon, vice-president of corporate and business development at configuration control specialist Tripwire, adds: "By combining complete virtual system visibility with a policy-based approach to configuration an organisation can rapidly assess whether or not an implementation is conforming to standards."

VM security tips

  • Appreciate the architectural differences of a virtual environment and adapt security policies accordingly.
  • Ensure all virtual machines are fully patched and secured on an ongoing basis (including dormant ones) Ð consider automated tools or managed services to ensure this happens.
  • Apply intrusion detection and antivirus software to all physical and virtual layers
  • Avoid ‘VM sprawl’ Ð enforce policies to ensure VM creation is closely monitored and machines are decommissioned after use.
  • Use secure templates for the creation of new VMs.

Read more on Hackers and cybercrime prevention