Affordable network storage has driven server virtualization adoption over the past few years, and most organizations today have a virtual machine (VM) somewhere in their environment. According to market intelligence provider IDC, virtualization growth rose year over year from 46 percent in 2007 to 54 percent in 2008.Virtualization offers many benefits including scalability, flexibility, rapid deployment of new servers, cost savings, as well as energy efficiency. With all these immediate benefits, it is no surprise that virtualization is quickly transforming the IT landscape. However, in the rush to capitalize on these benefits, some organizations may have overlooked the ramifications a virtualized environment has on a company's security posture. Most of us are used to securing individual machines that we can see and feel, but a virtualized environment is hidden in layers of code. As a result, it presents the security administrator with new challenges that are not obvious at first glance.
To better illustrate this point, let's start with a basic definition — what exactly is virtualization? Virtualization is the technology that allows the creation of virtual networking and computing resources on a single physical piece of hardware. These virtual resources all share the resources of a single physical host. This is made possible by adding an additional hypervisor (also known as a VM monitor) layer to the host server. The hypervisor allows multiple operating systems to concurrently run on the host computer.Prior to virtualization, servers typically had 1:1 software-to-hardware mapping, meaning one operating system or application would run on one hardware server. For larger deployments, this often meant hundreds to thousands of physical servers running in a data center environment. It takes substantial hardware, energy, deployment and management costs to run such an environment. In addition to that, these servers were on average running at only five to 10 percent capacity, resulting in a huge waste of resources. With virtualization, organizations were able to run 10 or more virtual servers on a single host. What once was a 1:1 ratio now becomes 10:1 or even 20:1. It is not difficult to see the immediate and long-term benefits that virtualization brings.
This much most of us know already. The issue is that these fantastic benefits have blinded some IT departments to virtualization's potential risks. As with any new IT infrastructure technology, virtualization does bring new threats and security concerns. In fact, in October 2007, Gartner vice president Neil MacDonald predicted that through 2009, 60 percent of production VMs will be less secure than their physical counterparts. I'd be willing to bet this prediction has very much come true. There are simply too many new avenues that creative criminals are able to exploit.
The top security threats surrounding virtualization include:
- VM sprawl – VMs are so easy to create that it sometimes leads to VM sprawl. VM sprawl is the phenomenon of VMs increasing in an environment over time to the point where the infrastructure becomes less than optimal due to forgotten VMs with no real function taking away from the pool of shared resources. VMs, like traditional systems, need to be properly patched and managed. Failure to do so can lead to huge security holes within the network.One can thus appreciate how VM sprawl leads to a less secure network – most Microsoft-based operating systems are patched regularly because Microsoft typically releases patches on “Patch Tuesdays” and most laptops and desktops are used daily. However, a forgotten VM that has been left dormant for weeks, if not months, will be seriously out-of-date with respect to patches, which increases the organization's vulnerability footprint and reduces the organization's security preparedness.
- Virtualization specific attacks – Virtualization opens up a new vector for potential attackers to exploit. There have been real world examples of compromised VMs being used to attack other VMs on the same host, or even gain access to the host machine itself through the exploitation of memory space of devices shared by both the host and guest machines. Attacks on the hypervisor itself can potentially compromise all the VMs running above it.
- Traditional threats – Legacy viruses, trojans, rookits, keyloggers and other malware can all do substantial damage to a VM and its host. Additionally, an infected VM can carry out attacks against other VMs as well as other physical servers on the network.
- Anti-virus software must be deployed on each VM and especially on the host system.
- Access rights need to be clearly defined for each virtual resource.
- An AV and anti-malware security solutions should be deployed at the network gateway. This is particularly imperative for VMs, which may have been the result of sprawl and not had an operating system or AV software update for weeks or months.
- Network intrusion prevention systems can thwart non-malware based attacks such as SQL injections.
- Anti-spam and web filtering will prevent users from being exposed to malware carried through web and email.