Virtualization Security Risks:
Organizations are adopting reduce virtualization security risk technology to reduce total cost of ownership and improve quality of service of IT systems. This strategy provides the operational foundation to consolidate critical services and sensitive data that were once scattered amongst distributed system deployments. From a security standpoint, not only are the security issues found on networked systems applicable to virtual machines, but the virtualization platform and guest workstation relationship introduces a new breed of security threats. A single compromise of the hosting platform puts the entire virtual data center at risk.
To reduce virtualization security risks, an independent access enforcement technology must be employed in conjunction with system security measures. Some of the vulnerabilities that were traditionally controlled by the presence of physical security must now be mitigated through the implementation of granular access controls on the virtualization platform.
An effective solution to reduce virtualization security risk must be to ensure that only authorized users perform authorized operations on the hosting system. This reduces the risk due to over-privileged accounts or external intrusions which may compromise the gateway to guest images. Machine-to-machine protection through virtual isolation should be supplemented by access enforcement amongst them. Centralized management of security policies is critical to minimizing deployment and administrative costs. Finally, all sensitive administrative activities on both the hosting operating system and guest virtual machines must be closely audited for compliance requirements as well as risk mitigation.
Virtualization Technology Overview
Virtualization technologies enable the execution of multiple operating system instances, or virtual machines (VMs), on the same physical piece of hardware. Each VM functions as if it is its own physical machine with a dedicated operating system and hosted applications. Between the individual VMs and the hardware, a layer called the virtual machine monitor (VMM) performs hardware emulation and provides tools to manage resource allocation. Some virtualization platforms require an external host operating system; others are embedded directly in the hardware. The layer within the virtualization platform that enables hardware resource sharing among VMs is called the hypervisor.
There are several common approaches to virtualization and security risk
Application-Based Virtualization. A virtualization application is hosted on top of the hosting operating system such as windows, UNIX or Linux. This virtualization application then emulates each VM which contains its own guest operating system and related applications. Examples of this are VMware Server or Microsoft Virtual Server.
Operating System-Based Virtualization. Virtualization security risk is protected by the hosting operating system which supports multiple isolated, virtualized guest operating system instances on a single physical server, all sharing the same operating system kernel. An example of this is Sun Solaris 10 Containers (Zones).
Hypervisor-Based Virtualization. A hypervisor is embedded in the hardware or implemented as the hosting operating system kernel. The hypervisor is available at the time of machine boot to control the sharing of system resources across multiple VMs. Some of the VMs, referred to as privileged partitions, are used to manage the virtualization platform and hosted virtual machines. Examples of this are IBM AIX Logical Partitioning (LPAR), HP-UX Virtual Partitions (VPAR) and VMware ESX Server.
Virtualization Security Risks
The virtualization platform serves as a single point of access to all VM images and control over many critical services, creating a vulnerability leverage point. Should the virtualization platform be compromised, the hosting system and all virtualization sessions on that system are at risk. Compromising the virtualization platform to download an image or introduce a rouge VM is equivalent to bypassing physical security to break into a server room in order to steal a machine or introduce an external one. Regardless of the virtualization technology used, administrative access must be secured and tracked at both the virtual machine and virtualization platform levels. Native operating system security does not provide protection for mission-critical data and resources at the granular level needed to meet regulatory compliance and security best practices.
Lack of Separation of Duties
Without an independent access control solution, multiple administrators in various roles have the ability to interact with numerous components of a virtualization deployment. This inadequately regulated access to the virtualization platform presents the potential for significant damage to the enterprise through the compromise of valuable information and disruption of critical services.
