In a virtual infrastructure, physical servers are resources that can be pooled together, while service offerings -- those that end users interact with -- are converted into virtual machines (VMs). The existence of resource pools and virtual service offerings (VSOs) alters the way administrators look at data center security.
Virtual security: Understand the risks
Beyond transforming the data center, virtual infrastructures create their own security issues. New threats crop up and new ways to deal with them are required. But how will server virtualization affect your current security practices? Experts at the Center for Internet Security, a nonprofit organization that creates benchmarks for operating systems, network devices and other applications, tried to answer this question by creating the virtual machine security benchmark report, which identifies several potential virtualization security threats. Still, as more organizations deploy virtualization, even more threats appear.
To ensure that you've taken a well-rounded approach to securing your virtual infrastructure, consider these other issues.
- Organizations use server virtualization most often to consolidate physical machines – converting them into VMs. When doing so, be careful if you're placing systems with different security contexts on the same hose, and use caution when hosting multiple OSes within VMs on the same host.
- Virtual machines with different security contexts can compromise secure systems if they're incorrectly configured. Make sure that the virtual network adapters connecting VMs of each given security context are tied to specific physical network adapters in the host server. Don't tie machines with different security contexts to a single physical adapter because that can cause secure data communications to leak to unsecure networks.
- Machines with different OSes may support different levels of patches and updates -- one machine may not be protected from a particular vulnerability while others are protected. The vulnerable machine could compromise other machines.
- When you run VMs on a host, it's possible to share the clipboard between VMs and the host. Shared clipboards support data transfers between the VMs and the host, but they also enable malicious programs to "piggyback" with data on the clipboard and infect other VMs or the host itself. This usually occurs when you use a software hypervisor that runs as a program on top of an existing OS. Some software hypervisors are VMware Workstation, Sun xVM VirtualBox, Microsoft Virtual Server and Microsoft Virtual PC. Running a hardware hypervisor -- one that runs directly on top of the hardware -- can mitigate this. Hardware hypervisors include Microsoft Hyper-V, VMware vSphere, Oracle Virtual Iron or Citrix XenServer.
- Some host servers log keystrokes and screen activities from within their VMs. You can control this behavior -- host virtual machine logging -- through the virtual infrastructure management interface. If you choose to log virtual machine activity, then make sure your host log files are thoroughly secured at all times.
- Programs within VMs can "escape" and affect the host, so ensure that server virtualization security includes proper firewalls and malicious software-protection programs, such as antivirus and anti-malware programs. Be sure that all signatures and patches are up to date as well.
- Hosts can monitor VMs; VMs can monitor other VMs; VMs can also monitor host servers. In all cases, the monitoring logs and databases must always be secured. You must also control access to all monitoring data and management interfaces.
- Virtual machines can also deny service on the host. All VMs running on a given host share resources. One VM can go out of control and grab all available resources on the host, denying service to other VMs. To avoid this issue, implement proper resource throttling on all VMs.
- Protect VMs -- especially highly secured ones -- from uncontrolled external modifications. The ideal way to do this is to ensure that files making up VMs are digitally signed.
- Protect communications with the hypervisor at all times because hypervisors contain vital information such as privileged account names and passwords. Most virtual infrastructures support the use of the Secure Sockets Layer (SSL) in all management communications with hypervisors, but the feature is not always installed by default. Make sure you implement it to protect yourself from potential management communications issues.
- VMs are just a set of files in a folder, but the files can contain quite a bit of sensitive information. Make sure all of the files that make up a virtual machine are contained within the same folder. Some hypervisors do not store VM files such as configuration, virtual disks, snapshot files, in-memory contents and so on in the same folder by default. Keeping these files together makes it easier to track and monitor them for unauthorized access or theft.
Danielle Ruest and Nelson Ruest are IT experts focused on continuous service availability and infrastructure optimization. They are authors of multiple books, including Virtualization: A Beginner's Guide and Windows Server 2008, The Complete Reference for McGraw-Hill Osborne. Contact them at email@example.com.
This was first published in November 2009