This article can also be found in the Premium Editorial Download "Information Security magazine: CISO survival guide: 18 of the best security tips."
Download it now to read this article plus other related content.
Security is a Virtual Reality
The same best practices that apply to a physical infrastructure apply to a virtual one as well. by Neil Roiter
Virtualization is changing the face of corporate IT, reducing the number of physical servers, saving space and cutting energy costs. Its flexibility and ease of deployment enables companies to respond rapidly to new business initiatives and requirements. Gartner predicts more than 4 million virtual machines will be deployed by 2009.
Does this change the security environment? Yes and no.
"The baseline is that virtual infrastructure is quite similar to physical infrastructure in terms of security," says Patrick Lin, VMware's director of product management for data center platform products. "It doesn't absolve you of following good security practices."
Virtualization, in fact, improves security practices in some respects. It's easy to create and deploy "gold" master server images, both for new deployments and for restoring compromised servers to a good state. It's ideal for testing patches on multiple configurations without additional hardware or exposing production systems.
That also means security managers must remember that, as in a physical network, one compromised server can affect others. Each guest server must be protected.
"People sometimes assume that virtual machines are isolated from each other; the user interfaces of these tools seem to imply isolation," says Ed Skoudis, founder of security consultancy Intelguardians.
"From a security perspective, generally, users in virtualized environments are still using the same tools in each guest" that they are for physical servers, says Simon Crosby, CTO of XenSource. "No one has gotten to the point in which the hypervisor offers security to multiple guests. That's still coming."
The shadow factor is the risk--mostly theoretical, at least for now--that the hypervisor itself can be exploited and controlled through some vulnerability and used to subvert the guest VMs.
"We advise people to assume the ability of an attacker to jump from guest to host to guest is a possibility, and to architect virtualization accordingly," Skoudis says.
The biggest risk, perhaps, comes from the adage that complexity breeds insecurity.
IT security staff used to associating security practices with boxes and wired networks have to be alert to changes. Virtual servers are easily and transparently moved to maximize bandwidth and computing resources; dormant high-availability servers need up-to-date patches and configurations.
The danger is acute if business-critical, high-security VMs occupy the same physical box as less secure servers. Best practice requires that enterprises group like servers from a security perspective.
This was first published in July 2007