Security and Virtualization
As the world of virtualization moves forward, organisations are faced with compelling reasons to virtualize: factors like server consolidation, high energy bills, faster hardware, ease of use and step back and quick snapshot technology make the virtual computing realm become more attractive.
In some organisations virtualization has already become a large part of the infrastructure. Once again technology has outrun the security best practices. This does not have to be the case as many companies hasten the virtualization process.
Virtual environments are becoming more popular as disaster recovery and business continuity solutions, particularly in the financial industry. This is relevant because some of these solutions are in a semi-live environment and typically get forgotten in the update and security protection process.
Let's look at the pitfalls when working with virtualized environments
- If the host is compromised, it is possible to take down the client servers hosted on the primary host machine.
- If the virtual network is compromised then the client is also compromised.
- Client shares and host shares need to be secured as these shares can be exploited on both instances. Potentially this can lead to files being copied to the share that fill up the drive.
- If the host machine has a problem then all the VMs terminate.
- Virtual Machines are often felt to be second grade machines, when they actually have similar traits and perform in similar ways to physical machines. In the next few years there will be few differences between Virtual and Physical Machines.
- Least privilege is a technique that seems to be forgotten when it comes to the realm of virtualization. This technique reduces the attack surface area and should be employed in both physical and virtual environments alike.
Things you can do to better secure your virtual server environment
- Update your operating systems and the applications; this should be done on all Virtual Machines and on the host. Host applications should be kept to an absolute minimum, install only what you need.
- Firewall each virtual machine from each other, this in turn will isolate each Virtual Machine from one another and ensure that only allowed protocols will transact.
- Isolate each virtual machine from each other and the host: Isolation should be looked at in every way possible.
- Install and update antivirus on virtual machines and the host, Virtual Machines can be infected by viruses and worms just like physical machines.
- Use IPSEC or strong encryption between the host and the Virtual Machines: traffic between virtual machines and the host machine can be sniffed and compromised. Vendors are making this less likely but at the writing of this article it remains a real threat. Best practice still dictates communication between machines needs to be encrypted.
- Do not browse the internet from the host computer, infection caused by spyware and malware is still a possibility on the host machine. Remember that the host machines govern the Virtual machines and problems that occur on Virtual Machine Hosts can lead to serious problems and potentially down time or loss of service.
- Secure the Administrator and administrative accounts on the host computer: Access to elevated accounts by unauthorised users can lead to significant security breaches. Research has shown that the Administrator (root) account on the host machine is significantly less secure when compared to the Virtual Machine or physical network machine accounts and passwords. Remember your security is as strong as your weakest entry point.
- Harden the host operating system and stop and disable unnecessary services. Keeping the Operating system thin ensures that the attack surface area is reduced.
- Turn off un-utilized Virtual Machines, if you do not need it do not run it.
- Incorporate Virtual Machines into the enterprise security policy after all they are machines even if they are virtual.
- Secure the host computer to ensure that when the virtual machines are offline tampering with the VM file is not possible by unauthorised users.
- Favour solutions that isolate the processes like the Hyper Visor type implementation, these systems further isolate and better secure the environment.
- Ensure that host drivers are updated: this will ensure that your hardware runs at optimal speed, but better yet the latest iteration of the software will ensure that old flaws in the driver software that can be exploited and potentially result in denial of service is reduced.
- Disable hardware port technology for each VM if not used: technology like USB should be disabled for each VM if the VM environment does not make use of the port technology.
- Monitor the event log and security events on both the host machine and on the virtual machine. Monitoring is often overlooked in virtual environments, the reason is possibly related to the host based monitoring offered by the virtualization software. These logs need to be stored in your log vault as to better secure them and for auditing purposes at a later date.
- In future opt for flash storage of the hyper visor software, magnetic media is not only dated, but attracts security vulnerabilities that are thwarted with the use of flash technology.
- Limit and reduce sharing of hardware resources. Security and resource sharing do not go together. Data leakage and residue are one of the few problems that occur but DoS can occur when resources are shared and locked by alternating Virtual Machines. By virtue Virtual Machines share CPU, RAM, hard disk and other resources. Manage these resources conservatively and following security best practice to ensure availability of service.
- When possible ensure that network interface cards are dedicated to each virtual machine. Again this alleviates the resource sharing problem and ensures that traffic destined and originating from the virtual machine has some isolation.
- Invest in hardware that is fit for purpose and that is VM aware. Hardware that is not built to support virtual machines does leverage technical implementations of security measures that split resources; this in turn has security implications.
- Partitions create disk boundaries that can be used to segregate and secure each virtual machine on their dedicated partition. If a virtual machine grows outside of normal limits dedicated partitions will limit the impact on other virtual machines.
- Ensure that Virtual machines can not connect to each other if they do not need to interconnect. Network isolation is important as previously discussed. For inter virtual machine communication use a separate network card on a different network address range, this is more secure than pushing the inter VM traffic over "exposed" networks.
- Network Access Control NAC is coming to a VM host near you. This is especially true for appliance based VM servers, if this feature can be enabled, correctly implemented NAC can go along way.
- Strictly manage remote access to virtual machines and especially to the host machine, this will make exposure less likely.
- Remember that the host machine represents a single point of failure, technologies like replication and continuity help in reducing this risk.
- Avoid sharing IP addresses, again this is typical of sharing a resource and will attract problems and vulnerabilities.
It is beginning to look like virtualization is not as simple as we once thought as many of the physical security considerations are now also needed; in addition the technology introduces new virtual challenges that need to be addressed.
Monolithic virtual Machine technology is quickly approaching end of life as advanced technologies like hyper Visor are released. These technologies are superior from a security stand point and from a performance stand point so it makes sense to favour such implementations. Virtual Machine security is an investment that must be made. If your organisation feels that the cost is too high, maybe its best to stick with physical machines, but remember these also need to be secured.