Security Mistakes to Avoid in Virtualization
Virtualization has taken off quickly and is being used in many fields of computers. Although it is a concept that goes back some fifty years, the technology is still growing and advancing for applications that present themselves now and into the future.
Today, half of the server loads runs on virtual machines, and it will increase in coming years. Gartner estimates that more than four million virtual servers were deployed in 2009, and the number of virtualized PCs will grow from less than five million in 2007 to 660 million by 2016. The use of virtualization technologies comes with many benefits such as agility, flexibility and cost efficiency. At the same time the introduction of virtualization also introduces new challenges:
- A new virtual network fabric, often blind to physical security devices
- A new threat surface: the hypervisor
- An all-powerful virtual administrator, collapsing roles
- Machines becoming files, leading to mobility, rapid change and opportunity for theft
Source: Gartner Forecast
Besides the endless benefits of virtualization, there are many threats as well that are self-created. Due to lack of knowledge and proper guidance to use virtualization and virtual machine, the employee makes lots of sensitive mistakes that are harmful to the organization and the security of virtualization.
Security professionals need to recognize what is new and adapt their security practices to accommodate. If not, virtualization will pose a significant security risk. As more virtual machines move into production, organizations are rightly concerned about virtual machine technology being used as a new vector of attack against them.
Although, there are multiple security solutions that can be implemented to secure an organization. But, employee awareness and secured practice of the use of virtual servers and machines plays an important role. In addition to these emerging areas of concern, the foremost problem with virtualization is the mistakes that users and administrators do while using and configuring the virtual machines that somehow highly affects the security aspect of virtualization.
Mistake #1: Misconfiguring virtual hosting platforms, guests, and networks
Creating secure default configurations for virtual machines is much the same as configuring physical machine defaults. In the case of virtual servers, it’s the biggest mistake that virtual machine administrator can do. If a machine build starts out with poor default configurations, including unnecessary ports and services and other such items, those vulnerabilities will extend to each instance of the virtual machine that is replicated from that build.
Virtual network configuration is another area where organizations make mistakes. On a virtual network, some organizations still host their Web servers and database servers without proper segmentation. These common and silly mistakes can make organization’s virtual server exploitable and an easy target for hackers to breach your server and other services.
To avoid this mistake, all the monitoring system should be virtual machine aware and able to detect and take action accordingly. Examine closely any virtualization platform capabilities that enable communication between guest and host operating systems, such as device drivers, copy/paste functions, leaks in memory, and so on. Where possible, these should be identified and disabled.
Mistake #2: Failure to properly separate duties and deploy least privilege controls
In any organization, the privilege controls play an important role. The attackers always seek to get access the privileged accounts to exploit the servers. In virtualization, it’s the common mistake to leave privilege accounts unhandled and separated from other accounts.
Creating separation of duties and providing the least amount of privilege necessary for users to perform their authorized tasks is crucial for both physical and virtual resources. Some virtualization platforms collapse the functions of system and network administration so that separating these duties, is difficult. They give too much privilege and capability to virtual administrators.
Moreover, high-privilege access raises the risk of abuse by privileged insiders, beyond the insider issue, compromise of the virtual administrator’s login credentials would yield a powerful set of capabilities for outside attackers.
To avoid this critical mistake, use firewall filter rules to limit administrative virtualization console access to predetermined, authorized, internal network addresses to protect against an outside attacker gaining access to the virtualization administrative console. Furthermore, the usage of the trusted security mechanism such as requiring SSH for administrative console access should be considered.
Mistake #3: Failure to educate other groups, particularly risk management and compliance staff
Assessment of risk, compliance and even software licensing agreements are impacted when new virtual machines can be dynamically set-up, put to sleep or eliminated. This the common practice in an organization that is not handled to maintain the security of virtual systems, servers, networks and all the virtualization mechanisms.
Traditional approaches to risk assessment and analysis (sending out assessment questionnaires, analyzing responses) may be inadequate in a virtual environment. Many organizations fail to analyze the gaps due to this mistake of not looking at interlayered risk areas.
We can prevent this mistake by educating risk management and compliance groups about virtualization capabilities and limitations. Additionally, involve compliance staff in critically shaping security policies for the virtual infrastructure in accordance with relevant regulations also assess and analyze risk at the onset of new virtualization projects, and keep risk management staff involved.
Mistake #4: Lack VM visibility across the enterprise
The propagation of virtual systems across the enterprise in an uncontrolled way is the major mistake in an organization that affects the most virtual systems and virtualization mechanism. A common term VM Sprawl is used to define such uncontrolled propagation. It allows machines to consume resources and bandwidth as well as present new vulnerabilities with virtual machines that are not being patched and monitored.
Just as the discovery of physical IT assets is necessary (and challenging), discovering virtual systems (and the applications running on them) is equally important and challenging. That’s why visibility of the virtual environment is important. In any incident when forensics are conducted, the virtual environment will remain invisible due to such mistake and will create great trouble in term of loss of information from insecure and unknown virtual source.
Implementing virtual aware technologies that can do asset discovery port mapping and application inventory for virtual machines and network devices is a great idea to avoid this mistake. Integrate virtual machines into existing system lifecycle processes. This, too, may require new VM-aware tools that work in conjunction with the management capabilities in the VMM to see beyond secure network segments.
Mistake #5: Failure to coordinate policy between virtual machines and network connections
With physical systems and network connections, we can be fairly sure that once we establish policies and physically connect servers, routers, switches and network security devices, things will remain static and change control policies will govern how policy and network configurations may be changed.
But, in virtualization, it’s opposite as virtual machines are dynamic regarding creation. The dynamic nature is the beauty of virtualization. Whereas, it is also problematic when it comes to attaching and enforcing security policy for virtual machines as they are moved around.
The kind of isolation and security zones created through the use of firewalls, routers, switches, IPS devices, and other devices can also be created in a virtualization environment. The trouble is in getting the rules to follow the virtual machines as they move around.
To overcome this mistake, ensure that physical infrastructure such as routers and switches, or their virtual environment equivalents, are bound to virtual machines. Additionally, seek virtualization-aware solutions that can help manage network security policies and work with the VMM/Hypervisor for added visibility and control.
In the longer term, look for integrated and virtualization-aware solutions to more tightly couple security functions to virtual machines and also Use security policy management tools, along with processes governing the management of virtual machines, to ensure that changing the location of VMs will trigger replication of required security functions to the new location.
Security technologies are rapidly evolving to address the unique issues posed by running virtual machines. Many technologies are not capable of providing enough security features and reliability to the virtual environments. Moving a step further, virtualization-aware technologies are playing an important role in the implementation of virtualization and providing visibility, control, and the level of integration with virtual systems that will deliver a secure and manageable environment. Whereas, organizations should avoid the common mistakes in the implementation of virtual environments to avoid security flaws and backdoors open for an attacker to breach the organization and challenge the existence of virtual environment.