IT security is facing a bit of a paradox. On one hand, the sheer number of security-related regulations that network administrators must comply with is unprecedented. On the other hand, the industry is only just beginning to understand the security implications associated with virtualization. So what should virtual data centers do to address
Before delving into virtualization security, let’s start out by taking a look at the hypervisor, which is used by virtualization platforms such as VMware ESX and Microsoft’s Hyper-V. There are a lot of myths surrounding the ability to exploit the hypervisor.
One virtualization security myth is that it is possible for an attacker to compromise the hypervisor and then take control of the virtual machines (VMs) that are running on top of it. A similar myth is that an attacker may be able to use a weakness in a VM to break out of it -- known as an escape attack -- and seize control over the rest of the VMs running on the server. Although it is plausible that such attacks could eventually become a reality (there are certainly enough hackers working on them), no such attack methods exist today.
There have been several proof-of-concept attacks in recent years that were designed to install a thin hypervisor as a rootkit and then force the host OS into a VM. The idea was that the rootkit would be able to intercept all communications between the server’s OS and the hardware. The good news is that the success of such proof-of-concept exploits is questionable.
At the moment there are no credible hypervisor attacks. But because that could change tomorrow, it is important to carefully consider virtualization security and apply any patches that your virtualization platform vendor makes available.
Avoid Type 2 hypervisors
Choosing the right hypervisor for your infrastructure is key to virtualization security. There are two primary types of hypervisors in use today -- Type 1 and Type 2. A Type 1 hypervisor is installed onto the server hardware at the bare-metal level. Type 2 hypervisors are installed on top of a normal server operating system.
There are some advantages to using a Type 2 hypervisor -- especially when it comes to performing server maintenance -- but you are better off using a Type 1 hypervisor if your primary concern is virtualization security.
Experience has shown that the operating systems used beneath Type 2 hypervisors are often neglected, which can make them vulnerable to attack. In fact, I have seen real-world situations in which the underlying Windows operating systems beneath Type 2 hypervisors were not even domain members because all of the domain controllers had been virtualized, and the parent OS was required to boot before the domain controllers could be booted.
Even if your organization does not ignore its parent operating systems, it has long been accepted that one of the best ways to improve virtualization security is to reduce the attack surface. Type 1 hypervisors are much smaller than Type 2 hypervisors and, consequently, have a smaller attack surface. As an added bonus, Type 1 hypervisors also tend to perform better than their Type 2 counterparts because resources are not being consumed by a bloated parent operating system.
So when it comes to virtualization security, one of the most important considerations is your hypervisor. Now that you know some of the myths about hypervisor attack methods, you can prepare for the virtualization security vulnerabilities that do exist for your infrastructure.
This was first published in February 2011