Security concerns cloud virtualization deployments
Network World - Virtual servers are prone to the same attacks as those that plague physical servers. They're also vulnerable to new threats that exploit weaknesses in hypervisor technology, experts warn.
Server virtualization makes it possible to run multiple applications and operating systems on fewer hardware resources, and it lets users quickly provision new resources based on demand. But the features that enable such flexible computing cause network and security managers to wonder whether a security threat in a virtualized environment could spread to the entire network.
"I am holding off on server virtualization, because I have already been hearing about security issues with the hypervisor," says Craig Bush, network administrator at Exactech Inc. in Gainesville, Fla. "One server being breached doesn't take down our entire network, but if it is possible for a hypervisor to do that, I'll just wait until the security angle is more played out before I jump into virtualization."
Here we address four of the top concerns about securing virtual environments and attempt to discern the hype from reality.
1. Virtual-machine escapes could propagate security problems
IT managers worry that security attacks designed to exploit a hypervisor could infect virtual machines that reside on the same physical host, in what is known as a "virtual-machine escape."
If a virtual machine is able to "escape" the isolated environment in which it resides and interact with the parent hypervisor, industry experts say it's possible an attacker could gain access to the hypervisor, which controls other virtual machines, and avoid security controls designed to protect the virtual machine.
"The Holy Grail of security in the virtual world is to bounce out of the [virtual machine] and take control," said Pete Lindstrom, an analyst at Midvale, Utah-based Burton Group, speaking during a recent webcast on virtualization security.
But while there have been documented attempts to execute a virtual-machine escape, some observers point out that a security disaster related to such an event has yet to be proved.
"To my knowledge, there has never been a hack that has allowed a security problem to propagate from one virtual host to another by way of the hypervisor technology," says Steve Ross, a consultant at Catapult Systems Inc., which is helping logistics provider Transplace Inc. in Plano, Texas, deploy and maintain its VMware virtual environments.
"It could happen, and the attacker or breach could hop" from virtual machine to virtual machine, "but I have yet to see it as a functional exploit out there today," adds Tim Antonowicz, a systems engineer at Bowdoin College in Brunswick, Maine.
Antonowicz, who uses VMware Inc.'s ESX to virtualize servers, says he tries to thwart such problems by sequestering virtual machines in resource clusters, depending on the sensitivity level of the applications or data the virtual machine is housing. "You have to segregate machines in that manner to heighten security," he says.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- HP HAVEn: See the big picture in Big Data HP HAVEn is the industry's first comprehensive, scalable, open, and secure platform for Big Data. Enterprises are drowning in a sea of data...
- Axeda Platform Technical Overview This paper summarizes the major features of an IoT platform and explains how they simplify and speed the process of developing and deploying...
- ROI Benefits from Automating Application Delivery Solutions One of the key tenets of a modern data center is the ability to leverage technologies that enable automation in order to accelerate...
- Video moves into IT's sweet spot Moving onto shared IT infrastructure, as well as mobile devices, video technology is finding its way into a wide range of organizations and...
- What Is The Cloud Doing To Your Data Center? In this webcast, we'll look at ways you can distill cloud computing down to principles that you can apply to how you manage...
- Unbox Your Load Balancer Your applications are getting more distributed, virtualized and pushed into the cloud today. But as the world progresses to multi-cloud deployments and sophisticated... All Infrastructure Management White Papers | Webcasts