Virtualisation has established itself as the next significant dimensional change in enterprise computing. The cost benefit it offers by consolidating underutilised computing resources makes it a critical initiative for IT directors who are instructed to ‘do more with less’. Estimates are that the server virtualisation software market will be worth USD $6.2 billion by the year 2013 and that over 50% of all servers will be virtualised by 2012.
With the rising popularity of virtualisation, heated debates regarding security and compliance have surfaced. The key participants in these debates are, not surprisingly, virtualisation vendors and security providers. Virtualisation vendors claim that isolation functions into their own dedicated environments increases security while security providers counter argue that virtualisation introduces new points of attack and increases vulnerability through recognised virtualisation issues like virtual machine sprawl. It is not possible to agree entirely with either side as they are both true at some levels. As with any new technology, in order to achieve a secure implementation, existing practices and policies need to be augmented with a clear understanding of how virtualisation works.
Your Virtual Machines Aren’t So Invisible After All
On the face of it, VMs appear to be hidden on a virtual network behind or inside physical hardware though Network Address Translation (NAT). This instigates the belief they do not need the same security measures as a physical machine simply because they are invisible to the outside world. However, it needs to be understood that every VM has its own IP address and has a communication port to interact with the outside world leaving it open to the same vulnerabilities and threats as a separate physical machine.
Plain virtualisation isn’t a security measure by itself. This rule holds well for another similar credence that VMs are somehow hidden behind the host operating system or the hypervisor. Even if the VMs are 'hidden' behind Network Address Translation (NAT), and not directly reachable, their basic operation is to offer a service such as e-mail, Web or a database, which is forwarded to them through that protective layer. Those services can still be attacked through the hypervisor.
Application attacks, particularly to Web applications, are an increasingly common attack vector. Simply put, VMs must comply with and maintain the same level of security as the physical system on the network and a virtualised application is as vulnerable to exploit as a non virtual one.
VMSprawl Gives your Security Staff a New Issue to Deal With
Due to the constant stream of communication between virtual machines in a virtualised environment, monitoring and analyzing data traffic becomes an exponentially tough job for people responsible of security. The complexity of this issue magnifies as the number of virtual machines increase.
It doesn’t help when an IT manager decides to launch various individual VMs for each trivial application. This is a classic VMsprawl condition and has the potential to introduce even higher levels of risk to the organisation and further degrade network performance.
Deploying virtualisation requires additional security monitoring of the administration activities, the virtualisation management interface, and access to the virtual machine logs, messages and events. Much of this data will also need to be retained for security investigations and compliance reporting. Effective monitoring and reporting across a virtual environment can be tricky as virtual resources and their associated security and compliance data migrate between physical systems and potentially disappear all together.
Security monitoring and reporting can be achieved by first performing an inventory of the security and compliance data your physical and virtual resources generate, including the location (memory, file system, network port) and the best way to access that data. Often times, accessing the logs and messages from a virtualised environment can be tricky, since most virtualisation vendors haven’t designed very robust, scalable APIs or data forwarding mechanisms.
Capturing data in near real time is important given the migration and volatility of virtual resources and data. Once the data sources and collection mechanisms are identified, you will need to deploy a security event management and reporting solution to correlate the different types of events and technologies in your virtual stack (applications, operating system, network, storage, access control).
It is recommended not to deploy security monitoring and reporting solutions as part of the virtualised environment, sine administrators have the ability to remove traces of their own activity. Once your data is consolidated, the logs, events and message can be correlated to provide actionable alerts, enable comprehensive security investigations, speed troubleshooting of complex problems and archived to meet compliance retention and reporting requirements
Restricting Hypervisor Access
The introduction of a hypervisor requires additional management software. This raises security concerns because the management software grants administrative access to multiple VMs.
Imagine an instance where 50 hosts live on a single server and you understand how a hypervisor attack could have extremely serious ramifications. To address this issue, establish role based access controls for individual VMs through the physical access controls that have been established before virtualisation.
Additionally, establish network based firewall controls to limit network access to administrative interfaces. Severely restrict the number of administrators that have console/root level access to the host operating system. This access, as well as all administrative activities, must be logged to a centralised log management server similar to the security monitoring measures listed above. In addition to access controls, utilise encryption and monitoring software to avoid sniffing of administrator credentials and to monitor abuse of administrator privileges.
Virtualisation has changed the way we think about computing infrastructure. Now virtualisation security has to be rethought as well. An information-centric approach to persistently protecting the data itself is the only way to really benefit from virtualisation and keep data truly secure.