A lot of people think that if you virtualize, let’s say, a Windows 2003 Server, that virtualized system should be secure because it is completely separate from the VMware ESX Server operating system and it could be, potentially “protected” by VMware ESX Server. This is not true and there are a lot of things you need to know about virtualization security. In this article, I will cover what you need to be aware of when it comes to securing your Virtualized Servers.
Why Do I Care About Securing My Virtual Servers?
A recent study stated that about 40% of the Fortune 100 and 1000 companies use virtualization. That is a LOT of companies, a LOT of virtual hosts, and a LOT of guest operating systems (virtual machines).
Just because they are virtualized doesn’t’ give them any MORE security. In fact, they could even be LESS secure. While it is generally true that virtualized servers are about as secure as their physical server counterparts, there are some security issues that virtualization brings. Here is my short list:
- No matter what virtualization operating system you choose (VMware ESX, Virtual IRON, or others), you are introducing a new operating system on your network and that is always a cause for security concern.
- Because you are bringing on a new operating system, there could be security holes that are in need of patching
- The possibility exists for guest to guest attacks
- Because virtual guest systems tend to move around with high availability or load balancing, the virtual guests can be difficult to keep track of, causing them to be more difficult to secure.
- Because new virtual guest operating systems are so quick and easy to add, it can be difficult to keep track of new systems that are brought online, causing them to be more difficult to secure.
What are the Security Concerns With Your Virtualization Hypervisor?
As I listed some of the generic virtualization security concerns but what about specific concerns with the hypervisor (the virtualization operating system)? Here is a list of possible hypervisor security concerns:
- You should consider the maturity of your hypervisor. For example, VMware ESX Server has been around for a number of years. I would expect it to be more secure than a new hypervisor by a new company that was released just last year.
- Certainly, the possibility exists that, one day, there could have a hypervisor root kit that could give an attacker full root level access to the hypervisor kernel, over the Internet or your local LAN. While I have never seen this YET, it is as virtualization becomes more popular, it would be possible for an attacker to design this and then try to find some way to get it installed on your virtual host systems.
- Because the hypervisor is small and controlled, it makes it less likely that you will have malicious software like a rootkit) installed but with the growing increase in the use of virtualization, it the high reward of being able to control many guest servers from one host server, just seems like too tempting of a target for attackers to ignore.
While virtualization software vendors always say that it could not happen, the ultimate attack on a virtual host system would be for a guest system to run malicious code allowing it to gain elevated privilege and gain access to the hypervisor. If the malicious code could create a new “phantom” virtual machine that could be controlled by the attacker, they would have full access to the virtual host and all virtual guests. With this form of “hyperjacking”, the attacker would be invisible to traditional virtualization management software and security tools. From there, the attacker would perform a DoS (denial of service) attack by overloading the virtual guest systems.
What About Security Concerns with the Downloading Virtual Appliances?
We all know how great it is to be able to download virtual appliances (see my story Learn How VMware Virtual Appliances Can Help You). Virtual appliances make our life, as system / virtualization administrators so much easier. But what about security concerns with virtual appliances? Here are some reasons to be concerned:
- If go to download one type of virtual appliance, you will likely see 5 other variations of the same appliance that have been created by others. Are these variations secure?
- What about certifying new virtual appliances? Do you do anything to test the security of these “canned operating systems” before you open then up on your production network? What better way to get a worm into your network than in a virtual appliance?
- Even if you know where the appliance came from and you trust that company, who’s to say that they didn’t slip something insecure into that virtual appliance?
- You should always test for backdoors, security patches that need to be applied, and unknown software on downloaded virtual appliances
- What it really comes down to is trust and taking the proper security precautions!
What About Potential Virtualization Management Security Issues?
Here are some basic security concerns with the management layer of virtualization:
- By virtualization guest operating systems, this further complicates security auditing
- Virtualization management interfaces (in general, not just Virtual Center) may not have enough security or logging built into them
- By having virtual guest operating systems that are moving from server to server whenever there is failure or changes in load, you are compromising some of the basic security auditing principles because you may or may not know where your data or your applications really are
Of course we already want things to be “easier”, right? Who doesn’t. I mean, if we had the choice, we would have NO security at the airport right? But you need SOME level of security to get SOME level of protection.
With Virtualization, the life of system administrators gets easier because you can so quickly add new servers, for example. So that begs the question, does virtualization make life “so easy” for system admins that security is compromised?
Still, I don’t think that any of us are going to buy the argument that virtualization is “too easy” and “too insecure” that we will stop using it. Virtualization isn’t “going away” so we just need to make sure that we continue to improve the security of our virtualized systems. Perhaps there needs to be more security in virtualization management systems.
That’s why you need to make sure that you , at least, have the same security procedures and controls in place for your virtualized systems as you do your physical systems. If not, that lack of virtualization security will certainly be a security issue.
Perhaps you are using server management tools that aren’t designed or are aware of your virtualized systems. This is something that may cause to change or need to update your virtualization tools.
A recent Information Week survey asked this:
“Does your organization have a formal security strategy in place that covers virtualized systems?”
Of the responders, 36% did not have a strategy, 29% said that their virtual systems are covered by traditional policies, 23% said that they are working on it, and only 12% of the responders said that they have a formal security strategy that covers virtualization.
While today, perhaps only 25% of the enterprise customers are using virtualization however, according to IDC, 50% of enterprises will use virtualization by 2011 and, according to Gartner, by 2015, virtualization will be part of every aspect of IT. Thus, in the next few years, just about ever enterprise should have a security strategy for virtualization as just about every enterprise will be using virtualization.
What your virtualization management tool needs is the ability to track what virtual machines (VM) are deployed where, where they came from, who created them, when, and how they have moved around and grown, over time. Your virtualization management tool need to be able to enforce security on every VM, control who can create & modify VMs, what VMs can be installed, control how new VMs can affect existing VMs, and ensure new guest operating systems in the new VMs are secure.
As virtualization becomes more and more popular it will also become more and more popular as a target for malicious attacks. As virtualization administrators, we need to ensure that our virtualized systems are as secure or more secure than our physical systems. Plus, we need to demand more and more security features from the manufactures of the hypervisors and virtualization management interfaces. In summary, virtualization is truly invaluable to us all. It is here to stay. Similar to wireless LANs, virtualization is a young technology and it needs more maturity in the area of security.