The Virtualization Challenge, Part 5: Virtualization and Security
Guest "break-out" attacks -- where the bad guys break out of a guest virtual machine to attack the hypervisor and gain control of the host -- are a looming threat, according to David M. Lynch, vice president of marketing at Embotics. "The only question is, when, not if, a viable attack will occur."
Part 1 of this five-part series defines virtualization; Part 2 takes a look at the business drivers for virtualization; and Part 3 examines the challenges enterprises face when they virtualize their IT environment. Part 4 covers implementing and maintaining a virtualized system. This final installment focuses on security in the virtualized environment.
The concept of virtualization is so relatively new that there's a lot of uncertainty as to just how and where to implement security.
"The debate goes back and forth; like any technology, you can argue that virtualization makes things more secure or less secure," Kevin Epstein, vice president of products for Scalent Systems, told TechNewsWorld.
While there certainly are security issues, it's not clear whether they are greater or lesser in extent than existing security issues. "Some argue it makes things more secure from the hardware point of view because you're moving things around so no one knows where your virtual environment is and you can set up traps to see who tries to access it from outside; others say it's less secure because you have to give more physical access to storage and network servers," Epstein said.
Dazed and Confused
That bewilderment is rampant throughout the industry. "In my interactions with customers, everyone's still not sure whether virtual environments are more or less secure than physical environments, and why," John Humphreys, vice president of virtualization research for IDC, told TechNewsWorld. "Nobody has that one figured out, including security vendors, Microsoft, virtualization vendors and their customers."
For example, one of his clients said he was taking his lead from the National Security Agency and not worrying about security.
The NSA runs its applications commingled on the same physical server because it believes the virtual machines are isolated enough that an attacker cannot penetrate one virtual machine from another.
"My client said, 'If that's good enough for the NSA, it's good enough for me,'" Humphreys said. "I think it's still early days, and issues around security are still to be considered."
Guard Against the Wolves
Still, security breaches are possible with virtualization: "Any time you have a layer, it can be exploited, and there are lots of devious people out there," Gordon Jackson, DataSynapse's virtualization evangelist, told TechNewsWorld.
He's not alone in his view: "The hypervisor represents a much riper target than, say, a single physical server, and there are folks out there busy trying to produce the first successful hypervisor attack," David M. Lynch, vice president of marketing at Embotics, which offers application life cycle management for the virtualized environment, told TechNewsWorld.
Guest "break-out" attacks, where the bad guys break out of a guest virtual machine to attack the hypervisor and gain control of the host, are also being tried, Lynch said, adding that "the only question is, when, not if, a viable attack will occur?"
Many analysts believe there will be such an attack this year, Lynch added.
It's All a Trade-Off
So, does it make sense to virtualize, then?
Virtualization "is always a trade-off and usually a trade-off against utility," Lynch said. "It's a risk-benefit analysis that every organization has to go through."
Currently, the benefit of server virtualization "far outweighs" the potential risk, he added.
That's what one client of IDC's Humphreys thinks. That client has 2,000 servers and a Layer 2 network spread across two data centers two miles apart.
While this is "a no-no from the security aspect, they wanted all 2,000 virtual machines to be able to move from one center to another, so they gave up some security for flexibility," Humphreys said. With their current setup, "any of their virtual machines can be housed on any physical machine, and if one physical machine is nearing capacity, they can move the virtual machine off it."
The Problem With Mobility
That kind of flexibility is a fine thing, but enterprises could run afoul of regulators. Regulatory compliance issues, such as the Sarbanes-Oxley Act, require enterprises to have security policies in place that specify where applications can run and what other applications they can run with, Lynch said.
Then, there is the credit card companies' Payment Card Industry (PCI) standard, which requires enterprises to "track and monitor every connection to the PCI server at the network level," Hezi Moore, founder, president and chief technology officer of Reflex Security, told TechNewsWorld. "How do you do that in a virtual environment?"
The virtual machine is mobile, can be cloned easily and doesn't have the identity that comes with a physical server, enterprises must ensure that any organizational placement policies are maintained and can be audited. "It's not enough to maintain the policies, you have to prove that to the auditing groups," Lynch said.
The life of a virtual machine can range from minutes to years, depending on how long it is in use, and that further complicates security, he noted.
Organizations implementing server virtualization must have a means to uniquely identify each virtual machine and ensure that its placement anywhere in the enterprise is governed by policies, Lynch added.
Securing Virtual Machines
It's not enough to just secure the gateways to your network when you have virtual machines in the environment.
"You need to secure your network inside and out with a layered approach," Moore said.
"For example, TJ Maxx had great security on their gateways, but 45 million credit cards were stolen from their network because they didn't have security and visibility inside their network," Moore added.
Like Lynch, he pointed to the mobility of virtual machines as being a major problem. For example, a virtual server in a testing environment without any security may become infected without anyone knowing. If that server is then decommissioned, and later pulled up and installed in a production environment, "you have just infected your production system," Moore said.
To prevent this problem, IT management needs to see what's going on inside the virtual machine. Moore's company provides a device "that runs in the virtual environment and can see all the traffic between virtual machines and also the traffic going in and out of the virtual machines and also between virtual machines," he said. "The idea is to provide the user visibility inside the virtual environment so he can control it."
Virtual Security Costs Less
The low cost of security in the virtual environment means enterprises can make their IT environment much more secure.
"You'll need to spend maybe (US) $100,000 on virtualized systems in your data center to get the same level of security that would cost you maybe $2 million," Moore said. Also, deploying full security on physical servers in a data center requires "lots of downtime, server racking and hardware deployment" while "you can do the same thing with virtualized servers in a fraction of the time," Moore added.
The increased speed and lower cost mean "people can now afford to deploy full security, which was too expensive before," Moore said. "The return on investment is incredible."