Audit Knowledge Base

• reducing hardware and operating costs by up to 50 percent,
• cutting energy costs by 80 percent,
• slashing server provisioning time by more than 70 percent,
• saving $3,000 per year for each server workload virtualized, and
• eliminating planned down time.

What is virtualization?

Virtualization involves simulating the underlying hardware component of a server.  Traditionally, a computer would run one operating system at a time.  Virtualization allows a computer to run multiple operating systems, or platforms, at a time.  For instance, I could run one instance of AIX, one instance of a Linux distribution, one instance of Windows, all on the same machine.  The core operating system in this case would be Windows, but by using virtualization software, your computer is also running three fully-functional platforms; one native Operating System that interacts with the computer’s hardware and two other ‘virtual’ Operating Systems in addition.  In essence, virtualization allows you to reduce your hardware need in this example by two thirds.

Many vendors offer virtualization software, but some of the most popular include VMWare, VM from IBM, XEN, and many more.  VMWare offers a free download of their VMWare Player if you’re interested in learning more.

How does virtualization affect security?

Virtualization providers like Microsoft, Citrix and VMware are making every effort to secure this new operating system, but status quo policies and procedures for IT infrastructure are, for the most part, rendered obsolete with the implementation of the first virtual machine (VM) host on the network. Many incorrectly believe that existing IT security processes and technology will protect their virtual infrastructure.  They do not. We will detail 5 specific risks, and their possible mitigations, below.

1. Virtualization introduces a new operating system and management layer -- putting your operations, security and compliance teams in the dark.

It all starts with education: the security team with regard to virtualization, and, conversely, the operations group on virtual infrastructure security.  Organizations often overlook the human element. Virtualization security must begin with both teams working in tandem to develop a mutual understanding of the design, scale, implementation and risk management parameters of the virtual platform. Together, the teams should develop a common set of processes and strategies that become the guidelines for virtual data center deployment. With this solid foundation, IT is able to address security at every turn, with a layered approach that allows organizations to deploy the benefits of virtualization with minimum risk.  Virtualized IT can no longer afford to be placed in silos around these critical operations functions.

2. Virtual infrastructure increases the threat surface of your data center.  This creates new attack vectors, increasing the risk of data breach and DOS.

In-depth defense must be extended to protect the host operating system, hypervisor, hypervisor management and virtualized infrastructure layers.  Hypervisor technologies create virtualized equivalents of networks, switches, routers, firewalls, storage and other analogous physical infrastructure elements.  Extend your policies, practices and technologies to manage, validate and control the virtual infrastructure.  Monitoring and protecting each layer in the configuration is crucial to reducing the threat surface. Employ your virtualization-aware products to secure all of the layers inside the virtual infrastructure -- from the bare metal through the delivered applications. Virtualization-aware security, sometimes called virtsec, provides the comprehensive capability to protect the threat surface in the virtual world, reducing management and compliance costs.

3.    Virtualization collapses the roles of system, network and security administration, increasing the risk from escalation attacks and abuse of privilege.

Virtualization has changed the architecture of how organizations deploy and manage information and technology.  For all virtualization platforms, this also means these tasks become the responsibility of just one individual -- the virtual administrator. The virtual administrator is the Domain, Security and Network administrator all rolled up into one person -- Superman with no Kryptonite.  If an attacker compromises the virtual environment they will have all the keys to the kingdom, courtesy of the virtualization administration tools.

As in any stable environment, IT or otherwise, a system of checks and balances must be employed. Role-based administration and separation of duties are standard operating procedure in physical IT. Organizations must create processes and deploy tools that enforce dual controls for critical tasks in the virtual IT world. These virtualization-aware tools must audit change and enforce access controls for data and virtual machines. Look for technology that not only monitors for unauthorized activity but also enforces segmentation, prevents unauthorized access and limits an outbreak of mobile code or malware. These capabilities will reduce audit costs, mitigate risks and limit the cost of a breach.

4.    The velocity of change complicates configuration and change management, multiplying the risks that arise from incorrect architecture or accident.

Real-time scaling and transience, with new virtual machines added, moved and deleted at a break-neck pace, combined with reduced visibility into the virtual infrastructure, make virtual IT configuration and security dramatically different from physical IT. The velocity of change made possible by virtualization necessitates measurable and enforceable policies for configuration and change management.  Eighty percent of data breaches arise from misconfiguration.  With less than five minutes required to provision, configure or relocate a new virtual server, the window of opportunity for detecting misconfiguration is short, suggesting that only an automated service would be in a position to alert in time.

Administrators must strictly adhere to a provisioning process and change management protocols. Organizations should develop virtual IT processes based on best-practice secure life-cycle management. As examples, ITiL and the ISO 27000 series provide excellent guidance for IT excellence in operations and security. Virtual IT is highly automated and this requires highly automated and virtualization-aware configuration and change management tools. These technologies must have the capability to detect variance from a secure baseline and enforce change management workflows. Look for solutions that integrate configuration and change management along with data protection and access controls.  High velocity virtual IT requires tools that do more than provide alerts; they must also offer policy-based protection against accidental or intentional misconfiguration.

5.    Attackers can ‘physically’ access virtual machines from anywhere in the network

In IT security, the basic assumption is that physical access will trump any technical control.  No matter what the protection -- passwords, biometrics, encryption -- physical access with enough time and resources can get around that security. This is why data centers have alarms, cameras and security guards. Now that entire servers are just files on a hard drive, physical access isn’t even the slightest barrier. Hackers can gain access from thousands of miles away, regardless of the physical security measures in place. This requires security teams to think about physical security in a completely different way. In short, access to a virtual machine image in memory, on the network, or the file on a hard drive equals physical access to the machine. Employ audit and monitor tools for data paths used for virtual machine mobility storage. Monitor and protect the hypervisor and hypervisor management environment from attack or misuse. Enable monitoring for any hypervisor or virtual machine console.

Virtualization-aware data security must follow virtual machines as they migrate across resource pools and virtualized storage. These tools must comprehensively protect every virtualization host in the data center, as all hosts become part of the trust-net and trusted computing base for the virtual machines they operate. Look for tools that are able to overlay trust zones and access controls for this flatter, and much more dynamic, environment. Do not overlook data protection and access controls for SAN or NAS storage networks.

While there are other, even more subtle, ways virtualization changes the security posture of a data center, kick-off your virtsec plans with the above tips and you will be well on your way to enjoying the ROI and cost-savings that led you to virtualize in the first place.

If you have any questions or comments regarding this article, please send them to us.