COVER STORY:
VIRTUAL MACHINE

From the May 2007 
issue of Communications News

Security rules have changed

New solutions are necessary to protect virtualized networks.

by John Peterson

Virtualization technologies are an appealing solution to the management, logistical and operational challenges incurred by large computer server arrays. Virtualization helps organizations leverage underutilized or inefficient combinations of physical computer hardware to create a flexible, effective and cost-efficient processing resource. It offers practical alternatives for enterprise and service-provider data centers saddled with competing demands for cost control, manageability, legacy support, regulatory compliance and service quality.

Server virtualization, however, also creates unique network security and compliance issues that are not addressed by conventional security products. Unaddressed, these security challenges can lead to such problems as the spread of computer viruses, theft of data, denial of service and regulatory compliance conflicts.

Traditionally, gauntlets of firewalls, content inspection and other defenses have been mainstays of enterprise network protection. While these perimeter and internal security devices continue to be essential for securing physical network architectures, they are not capable of fully protecting virtualized environments deployed within those networks.

Virtualization opens up an entire universe of invisible endpoints that exists inside the host machine. Effective protection of this new universe requires a new generation of network security solutions.

At a broad level, virtualized environments require the same physical and network security precautions as any critical, non-virtualized IT resource. Data and applications that exist within a virtual environment, however, incur incremental security challenges that are not addressed by traditional security solutions.

In a virtualized environment, security threats may originate from within or outside the host machine platform. Of these, intra-host threats present the toughest challenges for legacy security solutions.

Intra-host threat vectors use virtual networks and other resources unseen outside the host. As a result, conventional firewalls and other security tools outside the host cannot inspect or control the traffic. This creates an unmonitored, unprotected security hole that may expose virtual machines to unauthorized or undesirable communication originating from other virtual machines.

Intra-host threats may come from various vectors, including:

Legitimate intra-host communications. Unmonitored or uncontrolled communications may enable the spread of viruses, theft of data or other issues.

Unauthorized intra-host communications. Although virtualization technologies typically create logical partitions between virtual machines, an unexpected breach in this barrier may create a potential back door entry point for intruders or other hostile activities.

Intra-host denial of service. An infected virtual machine could potentially inflict a denial-of-service attack on other local virtual machines by consuming shared host and/or virtual LAN resources.

Intra-host spyware applications. If the virtual LAN or host environment is compromised with spyware or other data-intercept technology, data sent from virtual machines could potentially be intercepted and made available to an unauthorized third party.

When a host or virtual machine communicates with resources outside the host (such as an Internet site or a machine on the local physical network) it may be exposed to an intrusion, malware infection or other unwanted result. Since externally based threats transit network segments outside the host machine, they can typically be routed through conventional network system defenses. This provides an opportunity for conventional firewalls, intrusion prevention or related devices to secure the traffic and protect the host/virtual machine.

Placing an appropriate physical security solution in front of and between each cluster of virtual machines, however, can create impractical cost and logistical requirements. Externally based threats, however, can also be controlled with a virtualized security system deployed inside a host machine.

Because this solution is typically executed in software, it eliminates the need for additional hardware or network reconfiguration. It also facilitates granular control that can be specific to an individual host machine or virtual server. As a result, a virtualized approach to external threats may have significant security, cost and management advantages.

A virtualized security infrastructure operating within the targeted virtual environment offers the most appropriate security and performance capabilities. Because of its unique vantage point, the virtualized security infrastructure allows organizations to protect virtual machines and sensitive data that would otherwise be exposed to risk.

In practice, virtualized security solutions typically emulate the functionality and interfaces of physical security devices. As with physical devices, virtualized security solutions can be configured to operate as an active inline control point, or as a passive out-of-band monitor. Virtualized security can be deployed in front of key virtual servers, between virtualized LAN segments, and/or between virtual servers and the physical world.

Although there are strong similarities between virtualized and physical security solutions, there are key incremental considerations and requirements for virtualized security solutions, including:

Awareness of the virtual environment. A virtualized security solution should have a network discovery capability that can accurately detect and profile the virtual environment and provide administrators with timely and actionable configuration data.

Comprehensive, granular security. The virtualized security solution should protect virtual machines from a full spectrum of threats. In addition, the virtualized security solution should offer granular, heterogeneous control capabilities.

Accountability. The virtualized security solution should have the capability to provide a complete and credible account of security and related events within the virtualized environment.

Wire-speed performance. A security solution should be able to protect virtual resources without introducing unreasonable latencies.

Minimize application performance degradation. A security solution needs to make efficient use of CPU cycles, memory and other finite host capabilities. It should provide protection without unreasonably impacting or degrading the performance of the applications it is intended to protect.

Compatibility and interoperability. A virtualized security solution should be able to interoperate with other networking and security technologies in the surrounding virtual and physical environments.

Integrated security management. Because virtualized security is intended to complement security applications on the external physical network, the ideal solution will support a common management infrastructure between these various security layers.

Ease-of-use and low total cost of ownership (TCO). Security solutions for these environments should be easy to deploy, facilitate efficient administration and deliver low TCO.

Security warning

Companies that rush to deploy virtualization software risk undermining their IT security, analyst firm Gartner warns. While virtualization software has significant potential benefits, Gartner says, a virtualized privileged layer of software that becomes compromised places all consolidated workloads at risk.

“Virtualization, as with any emerging technology, will be the target of new security threats,” according to Neil MacDonald, a Gartner vice president. “Many organizations mistakenly assume that their approach for securing virtual machines will be the same as securing any operating system … (but) simply applying the technologies and best practices for securing physical servers will not provide sufficient protection for virtual machines.”

MacDonald adds that, because of the rush to adopt virtualization for server consolidation, many security issues are overlooked and best practices are not applied. As a result, 60 percent of production virtual machines will be less secure than their physical counterparts through 2009, Gartner predicts.

Gartner advises that the process of securing virtual machines should start before they are deployed, and ideally before vendors and products are selected, so that security can be factored into the evaluation and selection process.

“Organizations need to pressure security and virtualization vendors to plug the major security gaps,” MacDonald says. “Existing virtualization solutions address some of the gaps, but not all. It will take several years for the tools and vendors to evolve, and for organizations to mature their processes and staff skills.”
 

John Peterson is vice president of product management and systems engineering at Reflex Security, Atlanta, Ga.

For more information:
www.rsleads.com/705cn-262