Don't let dormant virtual machines threaten data centre security

Virtual machine security issues can arise when dormant, unsecured VMs are powered back on. To avoid security risks in the data centre, admins must carefully track and manage all VMs in the network.

Despite the benefits companies can reap from virtualising their data centres, virtualisation can do more harm than good if you fail to consider the potential risks. When managing a highly virtualised environment, one important consideration is that every virtual machine (VM) -- particularly dormant VMs -- must be tracked and secured to avoid attacks.

VMs can quickly eat into your disk space, and powering back on a dormant VM can leave a huge hole in the network's security, according to Serguei Beloussov, chief executive of virtualisation vendor Parallels. If dormant VMs are brought back online without receiving patches or anti-malware updates, it makes them vulnerable to security threats.

Beloussov suggests two main ways to prevent dormant VMs from becoming a security issue. First, management best practices should ensure that virtual machines are correctly decommissioned and monitored after use. An alternative approach is to virtualise at the OS level, where a patch can be applied across all VMs at once to reduce the risk of exposure to security threats.

"Either way, there is a clear need for education around virtualisation and security within a department," Beloussov said.

Traditional virtualisation security tools don't cut it
Attacks on dormant VMs are still relatively uncommon due to the recent uptake of virtualization on x86 platforms, but there are several tools on the market that can help protect virtual environments against such attacks.

Microsoft's Windows Server 2008 has a built-in Network Access Protection feature that allows admins to restrict network access from devices that don't pass compliance checks. There are also many third-party tools that offer protection, including Vizioncore's vControl, a VM management product, and McAfee's VirusScan Enterprise anti-virus software.

New threats and vulnerabilities are bound to emerge due to the intricacy of virtual environments, but security tools for physical environments don't offer the necessary level of protection -- virtual servers have a unique set of requirements compared with physical servers.

Despite the fact that virtual security tools are still relatively immature, Jon Collins, service director at analyst firm Freeform Dynamics, said the fear of VM sprawl should be reason enough for IT managers to keep up to date with what's on their networks.

"A more dynamic server requires more dynamic tools and management," Collins said. "Sometimes poor management of a network is not down to the IT manager, but down to the tools -- these will come with the maturity of the market, though."

Rik Ferguson, a senior security adviser at Trend Micro, agreed that software for a physical environment is not suitable for the virtual world and would leave the network open to numerous problems, including issues with traffic between VMs, malicious code and unprotected dormant machines.

"Many are deploying security software for their VMs that they should be using in a physical world. They think it works to the same level of performance in a virtual world, but it does not.

"The wrong software in a virtual environment puts a heavy load on the operating system. Malware is very important in a virtual environment, because it is hard to keep track of VMs. Also, standard products cannot scan dormant machines, but VMware can," Ferguson added.

He advised IT managers to install antivirus software in case a VM is left on but undetected.

Simon Ashford, technical specialist at NetIQ, said the virtual environment should provide the same -- if not greater -- levels of performance, availability and security as the physical environment.

"Stringent planning and careful phasing are essential to project success -- to fail to plan is to plan to fail," Ashford said.

Kayleigh Bateman is the site editor for SearchVirtualDataCentre.co.uk.

Read more on Virtualisation management strategy

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

  • How do I size a UPS unit?

    Your data center UPS sizing needs are dependent on a variety of factors. Develop configurations and determine the estimated UPS ...

  • How to enhance FTP server security

    If you still use FTP servers in your organization, use IP address whitelists, login restrictions and data encryption -- and just ...

  • 3 ways to approach cloud bursting

    With different cloud bursting techniques and tools from Amazon, Zerto, VMware and Oracle, admins can bolster cloud connections ...

SearchDataManagement

Close