Virtualisation: friend or foe? [Day One: How safe is it?]

Virtualisation slashes costs, makes management easier, unshackles software configurations from hardware. And it is being embraced around the world. But is it secure? In this three-part series, Patrick Gray explores the security implications of this important new technology.

Everyone agrees that Virtualisation will be a big part of future data centres.

But no-one yet knows whether the technique will enhance or degrade security.

Some claim the Virtualisation's impact will be neutral.

But others aren't quite sure and say that at the very least they say it will change the rules of the game.

The doubters' concerns are fuelled by the fact that multiple virtual machines running on one piece of hardware could drastically increase an attack surface if the underlying virtualisation engine fails to handle VM separation properly.

VMWare's co-founder and Chief Scientist Mendel Rosenblum says the code responsible for separating VMs from each other weighs in at about 100,000 lines of code. He says that it may not be perfect, but with such a relatively small amount of code responsible for this vital function, the chance of it being absolutely riddled with holes is relatively small.

"The thing you try to guarantee is that if you got in one virtual machine it shouldn't affect anything else on the box," he says. "We have a lot of confidence in the isolation, but it's still software... hopefully it's a simple enough... system that you don't have any bug in it that would cause someone to subvert it."

That may not be an entirely comfortable response for Australian users, who are already adopting shared machines in impressive numbers. Local hosting company WebCentral, for example, recently invested heavily in the technology and plans to virtualise all customer machines.

Even customers who had previously rented whole servers will instead run virtual machines on a single piece of hardware. The efficiency gain in such a scenario is out the window, but uptime is still improved. WebCentral will offer 99.9% SLAs for virtualized customers, compared to 99.5% for customers who stick with hardware-dependant configurations. In the case of a hardware fault, the virtual machine can be transferred to spare hardware, without any configuration changes.

Other customers, who may not want to spend big on their hosting solution, can choose to share hardware with 20 or 50 other customers. And this is where it gets interesting.

Are those customers at increased risk when sharing hardware? Your virtual machine may be secure, but there could be 49 others with potential problems outside of your control. If one of those VMs is compromised, could an attacker propagate their assault through the VMWare software and take over your virtual machine as well? If VMWare's code is secure, then no. If it's buggy, then yes.

It's still early days, and while such a scenario could be a nightmare, security experts remain upbeat about Virtualisation concepts.

Ken Pfeil, a security consultant and co author of Hack Proofing Your Network and Stealing the Network -- How to Own The Box, sees the upside of using virtual machines. "VMs are extremely useful for patch management and testing. If you need to reduce your attack surface, you're adding 100k (lines) of code ... to add to this complexity. (It's) not a factor that can be considered insignificant, nor by the same token overly complex," he says. "The network behavioral inconsistencies are also of note here. Some are desirable, some are not. "

Security guru and Black Hat's Resident Technologist, Dominique Brezinski, says the Virtualisation layer may even be a good place to catch attacks. "Well, the VM can be used as a low-level monitor for behavioral analysis of the system image running on top of it," he says. "If the VM is robust against subversion by the virtualized environment, than it provides a robust place to detect otherwise difficult or undetectable kernel modifications."

Read more on Security policy and user awareness

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.