Virtualization decouples the operating system from the physical hardware platform and the applications that run on it. As a result, organizations can achieve greater Information Technology resource utilization and flexibility. Virtualization allows multiple virtual machines often with heterogeneous OSs to run in isolation side by side on the same physical system. Virtualization has been gaining immense popularity in all organizations for its data centre consolidation, improved asset utilization and control. Data centres today use virtualization techniques to perform abstraction of the physical hardware, create large aggregated pools of logical resources consisting of CPUs, memory, disks, file storage, applications and, networking, and offer those resources to users or customers in the form of agile, scalable and, consolidated virtual machines. Although the industry can realize several benefits as they adopt and implement the virtualization solutions, threats and risks are also associated with the solutions.
- VM Sprawl - Virtual servers can be created in a very less time. This feature makes it easy to deploy short-term testing VM systems and end up leaving them unmanaged. These types of VMs created on-the-fly might not be managed, patched or configured properly. This single unmanaged VM that is exposed might be compromised and becomes a point of vulnerability in the environment. This is a major risk to an organization that has adapted with virtual technology but lagging with putting policies in place for managing it properly including changes and configuration management practices.
- Lack of Traffic Visibility - The use of virtual switches for porting traffic to a separate promiscuous or network monitoring sensor is still the exception in some environments, and many virtual networks have quite a bit of internal traffic that is not monitored adequately by external security and network tools. Also, the traffic between guest VM and the underlying hypervisor platform often goes unexamined, leading to a number of potential security risks.
Malware based threat
- VMware Malware - Once an application is compromised, various worms and malicious code are capable of determining if they are running on a virtual environment or a physical host by analyzing the memory and hardware attributes, memory locations, and process and function behavior. When these malware variants detect that they are running within a virtual environment, they often refuse to run or behave differently than they would on a physical host leading a significant effect on the whole architecture.
Important security elements
The following is a list of the most important elements to be evaluated to produce the maximum VM security:
- Network Isolation - In order to safely consolidate servers, this may not be a concern within a small organizational unit, but it becomes increasingly important when workloads from users of different trust levels share the hardware of the same base host. Security personnel must concentrate to make the VM isolated in order to provide leakage security between the host and the VM.
- Patch Management - VMs running on a highly dynamic environment adds to the complexity of patch management as it takes a few minutes to change its state and moving from one base physical system to another.
- Mobility - For performance tuning, very often VMs needs to migrate to different physical hosts. It adds to the flexibility and, cost savings, and leads to serious security concerns that the administrator needs to be aware of.
- VM Network Traffic - The inter-VM traffic is highly vulnerable as it is invisible to the traditional network monitoring tool. This traffic should be properly protected with additional layers of defence running within the virtual infrastructure.
- Integration of Functioning Duties - After implementation of the VM, the traditional operational duties of the server administrator and the network administrator are integrated into a single unit that leads to creating and maintaining the least privilege policy.
Authored by M Sofily
TCS Enterprise Security and Risk Management