The benefits of server virtualization are well documented, but hypervisor security vulnerabilities don’t seem to garner the same attention. If you’re careless or naive, a nefarious
More on virtualization and hypervisor security vulnerabilities
Top 10 ways virtualization threatens security
Virtualization security: How vulnerable is your hypervisor?
Virtual security: Developing a plan and procedures
More organizations are turning to virtualization to lower costs and increase agility but at the expense of virtualization and hypervisor security. Gartner Inc. predicts that 60% of virtualized servers will be less secure than the physical servers that they replace through 2012. One of the main problems is, the tools and best practices for securing a physical infrastructure don’t necessarily extend to a virtual environment.
Hypervisors -- including VMware ESXi, Microsoft Hyper-V, Xen and KVM -- open up new points of attack through the addition of more code. And an attack could lead to various, unfavorable outcomes, such as a hacker compromising one or more virtual machines (VMs) as well as the host server or underlying hardware. And there are a variety of ways an intruder can exploit virtualization and hypervisor security vulnerabilities to carry out an attack: Some are inherent to the nature of virtualization, and others are carelessly created by IT pros.
Migrations involving hosts with differing security levels
At any time, you can move one or more workloads between virtual hosts with the same or differing security levels, using a migration tool such as VMware vMotion. When migrating VMs, the target virtual server should have compatible security levels and policies.
IT administrators should be careful when mixing guest operating systems with hugely different security classifications, unless there are controls preventing a compromise. When using a migration tool, you should deploy checks for security compatibilities between the source host and the target server. (This type of issue becomes even more problematic when workloads are moved between cloud environments.)
Invisible virtual machine traffic
Many network security tools for traditional, physical infrastructures do not work in virtual environments. They may examine traffic between servers over physical, network connections but they generally lack visibility into VM traffic that can allow virtualization attacks to spread.
After all, VM traffic within a host never leaves the server to run over a physical network, which causes a problems for IT shops that are unaccustomed to virtualization and hypervisor security. For example, a networking staff cannot monitor multi-tier applications located on multiple virtual servers within a single host. As a result, a compromised virtual machine can compromise other virtual servers within the same host.
To address these issues, IT organizations are turning to new network management and security products, such as Catbird Network Inc.’s vSecurity, Reflex System LLC’s Virtual Management Centre and Altor Network’s Virtual Firewall.
Some experts believe that an intruder could take advantage of the relationship between a guest operating system running in a virtual server and the underlying hypervisor. For example, a virtual server’s guest operating system can perform lower-level system calls to the hypervisor, sometimes referred to as hypercalls. The hypervisor frequently doesn’t check the hypercalls to ensure that they were invoked by the guest operating system or an application running in the virtual server.
As a result, if an attack comes through a guest operating system, then it may get out of the virtual server and compromise other components, including the virtual host, hypervisor, other virtual servers or other hosts.
A November 2010 IBM security report analyzed virtualization and hypervisor security vulnerability disclosures over the past decade from Citrix Systems, IBM, Microsoft, Oracle, Red Hat and VMware. It indicates that 35% of the security vulnerabilities allow an intruder to escape from a guest virtual server to affect other virtual servers or the hypervisor, and 15% of the vulnerabilities affect a guest virtual machine without affecting the hypervisor or host operating system.
Another issue that IT pros should guard against is unauthorized copying of VMs. Because hypervisors store virtual machines as files, it’s possible to copy and run virtual servers on other physical machines. Intruders can copy a virtual server over a network or to a portable storage media and access the VM’s contents on their own server. Because the hacker is stealing a copy of the virtual server, the VM may not show any indication of an intrusion.
These are just some of the ways that unscrupulous individuals can gain unauthorized access to your virtual environment. In part two of this series on virtualization and hypervisor security, we cover ways to shore up your defenses.
This was first published in March 2012