Virtualisation and security - the risks explored

While server virtualisation increases operational efficiencies and management flexibility, and reduces total cost of ownership, it can also increase security risks.

According to Gartner, 60 percent of virtual machines (VM) will be less secure than their physical counterparts through 2009. The security challenges include:

IP address dependency: In a virtualised environment, IP addresses often change as VMs are created, retired or migrated from one physical host to another, causing problems in traditional protection mechanisms.

Virtual machine sprawl: VMs are easily created from previously existing images, often introducing a large number of VMs that are not properly maintained or are based on images with known vulnerabilities. Successful attacks on vulnerable VMs can serve as a launch pad to attack other virtual machines.
Inability to monitor intra-host traffic: Server virtualisation introduces the concept of a "soft switch" to allow VMs to communicate with each other inside a single host. Special tools are required to monitor and protect these communications, and options are limited.

Silo approach to security policy: Unfortunately, many security vendors take a silo approach to security, recommending different solutions with different management requirements for each. Neil MacDonald, an analyst at Gartner, in a recent interview with Network World said, "Most security problems in the virtual world will be introduced through misadministration, mismanagement or just plain old mistakes. The fact that we

use different tools in the physical world than the virtual world compounds that problem."
Given the challenges that must be addressed to realise the benefits of server virtualisation, a new approach is needed, a cross-platform solution that can secure both virtual and physical environments. Cross-platform virtual security tools can help organisations impose dynamic security policies across data centres and eliminate the trade-off between the benefits of virtualisation and maintenance of strong security.

Management consoles for cross-platform virtual security tools should be able to be deployed anywhere on the network and should offer delegated authority to maximize flexibility. They typically write detailed log data to syslog and Windows events log, and that eases the job of integrating the tools with existing management controls. Eliminating the IP address dependency of security policy, cross-platform virtual security ensures policies are enforced regardless of the location or platform of the machine. Security administrators can eliminate operating expenses associated with rules changes. In fact, policy is enforced and persistent in a variety of situations, including:

- When physical servers and endpoints are moved to different locations on the network.

- Physical servers and endpoints are converted to VMs.

- VMs - live or cold - migrate from one physical host to another.

Cross-platform virtual security places physical machines and VMs into logical security zones and protects against VM sprawl by ensuring rogue VMs are not members and cannot communicate with security zones of which they are not a member. In fact, they don't even see them. By strictly controlling access to each zone, the attack surface area for compromised VMs is greatly reduced.

The cross-platform approach is typically based on a distributed, peer-to-peer architecture that allows scalability to hundreds of thousands of instances. Policy management is completed en masse, updating some or all endpoint policies with just a few mouse clicks.

Other benefits include:

- Eliminates the management complexities caused by a silo approach to data centre security, protecting hosts through a single console.

- Satisfies regulatory compliance without reconfiguring the network.

- Eliminates operational costs associated with firewalls and virtual LANs.

- Leverages a distributed architecture to eliminate bottlenecks and single points of failure.

When evaluating a cross-platform virtual security solution, consider these requirements:

- Cross-platform support (virtual and physical): The ideal solution will support x86 operating systems common in virtualised environments as well as other common and less-common architectures, such as Solaris, AIX, HP-UX, RedHat, Windows and IP-based non-server devices.

- Not dependent on IP addresses: The ideal solution should enforce security policy regardless of the IP address of the computer, ensuring policy persistence in the event of migration or physical movement.

- Isolation of VMs on the same physical host: To protect VMs from vulnerabilities introduced with VM sprawl, the ideal solution should be capable of isolating VMs from other VMs on the same physical hosts.

- Scales easily: To support growth without introducing bottlenecks, seek solutions that operate on a distributed architecture.

- Selective encryption: Look for a solution that offers selective encryption based on policy, rather than an all-or-nothing approach to maximise performance/protection.

- Centralised management: To take advantage of management efficiencies, seek a solution that provides a single point of security management.

- Host-based implementation: To achieve the most granularity and mobility with regard to security policy, seek a solution that enforces policy at the host.