The scary side of virtualization

After pushing forward with server virtualization, some IT executives are rethinking the security implications

1 2 3 4 5 6 Page 2
Page 2 of 6

Hypervisor hassles

Could someone hijack a hypervisor within a business's virtual infrastructure and use it to compromise all of the virtual servers residing on top of it -- as one CIO feared? Could an attacker breach one virtual server and use it as a platform to attack another virtual server, such as a payment card processing application residing on the same hardware -- without the administrator ever knowing about it?

Scary scenarios persist despite the fact that there have been no known attacks against virtual infrastructure, says Eric Baize, RSA Security's senior director for secure infrastructure.

Nonetheless, many IT security professionals are concerned. To date, The Info Pro has surveyed 96 security professionals for the 2010 installment of its annual Information Security Study, and 28% of those respondents have said that they are "very" or "extremely" concerned with security in a virtualized environment.

Worries about an attack that could compromise a hypervisor rose after Joanna Rutkowska's famous Blue Pill hypervisor malware rootkit demonstration at a Black Hat conference in 2006.

Since then, however, the industry has moved forward with hardware technologies to ensure the integrity of hypervisors, such as Intel Corp.'s Virtualization Technology for Directed I/O (known as VT-d). "Today, most of [Intel's] Core i5 and i7 processors have those technologies" and virtualization software providers have moved to support those features, says Rutkowska, founder and CEO of Invisible Things Lab, an IT security research firm.

Even VT-d doesn't really protect the integrity of the hypervisor, "but the Intel TXT extensions are designed to provide dynamic root of trust measurements, and this capability is in newer Intel processors," says Neil MacDonald, an analyst at Gartner Inc.

Rutkowska herself doubts that anyone will actually use a Blue Pill-type of rootkit to compromise virtual machines. "The bad guys don't really have any incentive to use such sophisticated rootkits," she says, especially since better-known rootkit technology from the '90s still works well for attacking traditional operating systems.

"People are wringing their hands over theoretical scenarios rather than ones that have been documented to be a problem," Trussell says.

But virtualization does present risks if best practices are not followed and adapted to a virtual infrastructure. The hypervisor must be patched just like any other operating system to plug security holes, says KC Condit, senior director of information security at Rent-a-Center. "VMware has issued nine significant security advisories already this year, and XenServer has also issued a number of security fixes," he says.

1 2 3 4 5 6 Page 2
Page 2 of 6
7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon