All virtualization platforms are not the same. As you move to adopt virtual infrastructure solutions to reduce costs and improve IT operations, make sure you understand the security implications of virtualization technology and the platform you choose. VMware offers the most robust and secure virtualization platform available. Let us help you:
- Separate fact from fiction when it comes to virtualization and IT security
- Understand the most significant ways in which virtualization affects security
- Find resources as well as the latest news on virtualization security
What Changes with Virtualization
To better understand how virtualization affects datacenter security, you need to understand what changes as you move from an all-physical infrastructure to one that is partly or totally virtualized. By grasping these differences, and then addressing them using the core principles of information security, you will have a good understanding of where to focus efforts around securing virtualization.
Introduction of a new management layer
Virtualization software, like all other infrastructure software, requires the ability to manage the components of the solution. This occurs through a management interface which connect together virtualization hosts, management servers, IP-based storage, and ancillary services such as authentication and monitoring. Since there is isolation between the virtual machines and the hypervisor’s interfaces, the most important step in securing a virtual deployment is to design and implement a strict separation for the management layer from any other network traffic. This greatest reduces the possibility of any attacks on a virtual machine affecting the virtualization layer or any other virtual machine.
Switches and Servers combined into one device
With VMware vSphere, not only can you create multiple VMs on a single host but also virtual networks as well. This is implemented using software layer-2 virtual switches with enterprise-class features such as VLANs and hardware NIC teaming for availability and performance. Virtual networking provides a tremendous amount of flexibility and cost-savings. You can create a switch with as many ports as you need—and you can create a large number of switches. However, there are several aspects of virtual networking that affect security:
- Lack of intra-server network visibility: Traditional network-based security tools rely upon access to the traffic traversing physical switches, typically through a hardware appliance. When the switch is virtual, new solutions must be employed that access virtual networking traffic, by running in a virtual appliance for example.
- No separation-by-default of administration: In a non-virtual infrastructure at a large enterprise, the server team is distinct from the network team, which might be distinct from the security team. With virtualization, a single administrative interface controls both virtual machines and virtual networks and the separation must be re-introduced through the proper definition of roles and privileges.
- Elevated risk of misconfiguration: The fact that it is possible to have more than one virtual switch on a host also represents a significant change. Now, instead of requiring you to physically unplug a network cable from one switch and insert into another, you can change the virtual switch of a VM with a simple drop-down menu. This flexibility of course brings about tremendous efficiencies, but it also elevates the risk of misconfiguration. This must be mitigated through familiar techniques such as strong change controls and meticulous log and event monitoring.
In addition to benefits of virtual switches, virtualization also lets you see a full view of the topology of an application or service. This opens the door for tools which can look at a service in its entirety from end to end, for easier monitoring and management. Such control is not always possible in the physical world, or it is very rigid since it relies upon all components being fixed in one place.
Ease of hardware consolidation
The ability to provision VMs quickly enables unprecedented IT responsiveness. But it also means you might quickly have a proliferation of systems with unknown configurations. This can be a big issue for large environments with hundreds or thousands of VMs. You can avoid this by setting up automated means to:
- Keep track of the configuration of the hosts, VMs, and other VMware Infrastructure objects, such as clusters, resource pools, folders, etc.
- Regularly audit event logs for suspicious or unexpected activity.
- Manage the lifecycle of virtual machines and build in an approval process for better IT governance
- Virtual Machine mobility: The mobility of VMs provides a tremendous boost to service levels. With VMotion, you can move VMs with greater resource demands to more lightly-loaded server; DRS makes this load balancing automatic. However, most current security approaches assume that a server is located at a fixed location. For example, network-based security appliances that do stateful packet inspection look at traffic on a specific port for a particular server. This model breaks when you have VMs that can migrate across different physical servers, so new solutions must be employed which are compatible with this paradigm.
- Virtual Machine Encapsulation: Because a VM is encapsulated in a handful of files, making copies of them becomes quite easy. This enables standardization, and also much easier high availability and disaster recovery. However, many security tools, such as Antivirus and Patch Management, require that the server be up and running in order to push out updates, and hence this method not work for VMs that are turned off but may come online again in the future. New approaches can address this issue, such as offline patching with VMware vCenter Update Manager, or in the future, VMsafe-based host protection without any host-based agents.
Virtualization Security Myths
With the value of virtualization becoming so evident in people's minds, there is an ever-increasing amount being written about it, some of which is misleading or just plain wrong. Here are some of the more popularized myths and misconceptions, and the real story on them.
The supposed threat embodied by Blue Pill is that one could create a piece of malware that also was a Virtual Machine Monitor. If the VMM could take over the host Operating System, then it could potentially hide a virus from that virtual machine by remaining within the VMM. The reality is that the very infection technique to which the creator alludes can be used to discover and disarm the exploit.
Information Leakage with VMotion
Some reports have claimed that, because it is possible to read information off a virtual machine that is in motion from one host to another, this represents a vulnerability. This misperception arises from ignoring the fact that virtualization inherently involves a management layer which sits underneath the production virtual machines. The most basic security best practices dictate that this management layer operate in a dedicated, isolated environment. Only by violating this fundamental rule would an environment open itself up to this kind of problems.