The scary side of virtualization

After pushing forward with server virtualization, some IT executives are rethinking the security implications

1 2 3 4 5 6 Page 3
Page 3 of 6

"We're seeing a lot of misconfigured hypervisors," says RSA's Mulé. When he visits clients' offices, he says, he often sees poor patch management practices for virtual machines and the use of easily guessed or default usernames and passwords for virtual machine manager programs that have full access to the hypervisor. In addition, he says, "we sporadically see virtual machine management tools on the wrong side of the firewall."

The invisible network

The traffic flowing between virtual machines is another area of concern, since intrusion-detection and -prevention systems, firewalls and other monitoring tools aren't able to tell if those machines are running on the same physical server hardware. "I've put packet sniffers on virtual servers and nothing is going in and out of the physical network interface. So how are those communications happening? And are they over secure channels?" asks Vauda Jordon, senior security engineer for the Phoenix city government. While the city has a significant investment in virtual infrastructure, Jordon won't even talk about the technology or scope of its virtual infrastructure, citing security concerns.

Vauda Jordon
"I trust firewalls more than I trust hypervisors," says Vauda Jordon, senior security engineer for the Phoenix city government.

With ESX Server and the other major virtualization platforms, the data that passes between virtual machines is unencrypted, as are virtual machines as the memory state of the VM moves between different physical hosts using VMware's vMotion tool. (The VM disk files themselves remain on the same shared storage device). Venu Aravamudan, senior director of product marketing at VMware Inc., says encryption is being "actively considered in our road map/planning exercises," but he declined to comment about if and when encryption might be added to VMware products.

Aravamudan says that encryption is "not a big issue" when best practices are used. Those best practices call for vMotion traffic to be completely segmented away from production traffic. But he admits that "a man-in-the-middle-attack is theoretically possible," especially since virtual server instances may move between data centers, not just within a single facility.

Products like VMware's vShield and other third-party tools can create virtual firewalls that segment VMware, Xen Server, Hyper-V and other virtual machines into different security zones, but not all organizations have implemented them. For example, the creation of secure zones hasn't been a big focus at Rent-a-Center. But as virtual infrastructure scales up, that's becoming a necessity, says Condit.

The retailer still physically separates virtual machines so that each functional group of virtual servers resides on different physical servers. That approach is difficult to maintain as virtual setups grow larger, however, and it limits the consolidation benefits that virtualization offers. Rent-a-Center's Chanani says that in some cases a blade server enclosure may only have one blade in it. "That became very expensive very quickly. That's why were talking about revamping it and doing virtual firewalls," he says.

Some existing firewall tools have visibility into virtual server traffic, but in other cases IT needs to add another set of virtualization-specific tools, and that adds to management complexity. It's better to have a tool set that spans both the physical and virtual environments, says Gartner's MacDonald. Until the traditional security tool vendors catch up, however, IT may need to bring in tools from lesser-known vendors like Altor Networks, Catbird Networks Inc. and HyTrust Inc. that have been tailored specifically to virtual machines.

Mixed tool environments will be a necessity for the near term, says IBM's Lovejoy. "Just make sure these vendors have a strategic road map that aligns with yours," he says. "Otherwise you'll have a stand-alone tool with a short shelf life."

Virtual network architectures

More important, the core network architectures need to change to accommodate virtualization, says RSA Security's Mulé. "Networks that work correctly with physical servers don't necessarily work well with virtual machines. Security would be improved if proper routing and subnets and virtual LANs were implemented," he says. Most business continuity failures in virtualized settings can be attributed to network design flaws, he contends.

Matthew Nowell, senior systems engineer at Six Flags, uses VLANs to segregate virtual servers. "Depending on how we set up routing rules, they may or may not be able to talk to each other," he says. But Gartner's MacDonald cautions that "VLANs and router-based access controls alone are not sufficient for security separation." The research firm's guidelines call for the deployment of some sort of virtualization-aware firewall.

1 2 3 4 5 6 Page 3
Page 3 of 6
7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon