The scary side of virtualization

After pushing forward with server virtualization, some IT executives are rethinking the security implications

1 2 3 4 5 6 Page 4
Page 4 of 6

Jordon insists that Phoenix's system administrators isolate each virtual server within its own security zone. "I had to fight with server admins who swear up and down that the hypervisor can do that. But I trust firewalls more than I trust hypervisors," she says.

virtualization security

"One of the biggest nightmares is how to segment the everyday business network from the payment card infrastructure," which citizens can use to pay their water bills or pay for other services, Jordon adds. And, she says, to meet the requirements of the PCI Security Standard she needs file integrity monitoring on virtual servers that process, store or transmit payment card data.

For its part, Six Flags has put its payment card processing on virtual servers using VLANs without any issues. "We haven't had anything come back from any of our PCI audits," says Nowell. Rent-a-Center, on the other hand, decided to keep credit card processing off of virtual machines for now.

The Schwann Food Co. in Marshall, Minn., has taken a different approach to payment card processing: It uses only bare-metal virtualization systems and doesn't run any hypervisor at all.

The danger of the über admin

In an unchecked, unmonitored virtual environment, administrators are all powerful -- and that's not a good thing, consultants and IT executives agree. "This gives server admins the keys to the kingdom, and most of the time they don't understand the security risks," says Jordon.

For example, administrators may create a virtual FTP server that compromises security or inadvertently use a virtual-machine migration tool, such as XenMotion, the Hyper-V live migration feature or VMware's vMotion, to move a server onto different hardware for maintenance reasons. But they may not realize that the new host is on an untrusted network segment. Or they may not follow best practices -- for example, they might store administrative credentials for a VMware Virtual Network Computing (VNC) client in a text file within virtual machine images and then distribute those VMs.

Using default passwords when creating new virtual servers is very common, says Harold Moss, an architect with IBM's Security Strategy group, and people responsible for administering the new machines don't always change them either. "With the VNC you're opening up a whole bunch of ports," he says. With those unchanged passwords, would-be thieves could dial into a machine, guess the password "and have complete control," he explains.

John Kindervag, an analyst at Forrester Research Inc., says he's heard stories from clients who have had the VMware vCenter management console compromised. That allows the attacker to copy a virtual machine, which they can then run to access data. "When you steal a VM, it's like you broke into the data center and stole a piece of hardware. It's potentially devastating," he says.

Other common mistakes

At IBM Security Solutions, Lovejoy is seeing malware and cross-site scripting issues in customer sites that result from poorly constructed virtual machine images. "Commonly that image will contain malware or have vulnerabilities that can be exploited very easily. It used to happen once. Now these images are being deployed without end, creating massive headaches for people," he says.

To help protect against that possibility, security software vendors are moving toward a model in which virtulization software vendors allow some code to run at the hypervisor layer. Trend Micro Inc.'s Deep Security software, for example, includes firewall, log inspection, file-integrity monitoring and intrusion-detection and -prevention functions. It works with Sun Solaris Containers, Microsoft Windows Hyper-V, VMware ESX Server and Citrix XenServer virtual machines. But with vSphere, network filtering capability runs at the hypervisor level, says Bill McGee, senior director of product development at Trend Micro.

Some, however, question whether inflating the size of the hypervisor is a good idea. [See related story, "Hypervisor as virtualization's enforcer?".]

1 2 3 4 5 6 Page 4
Page 4 of 6
7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon