Follow Us On

  • Newsletter Subscription Form

    Sign up for a FREE newsletter

    • USA | India call  305 447 6750
    Print-friendly version
    Virtualization
    Posted on September 21, 2008 by admin

    Virtualization is a concept and a trend that is beginning to regain popularity in today’s computing world. It was first implemented in the 1960’s with mainframes, and now it is offering great possibilities in maximizing IT resources.  Virtualization refers to abstraction of computer resources. It is defined as a framework or methodology of dividing the resources of a computer, into multiple execution environments, by applying one or more concepts or technologies such as hardware and software partitioning, partial or complete machine simulation and emulation.

    In order to successfully implement a virtual environment a critical assessment must be performed to provide insight into the benefits of virtualization, and also bring to light the security risks that need to be considered. It is important that organizations be able to embrace the gains of virtualization while putting into perspective the security issues involved. According to a 2007 Forester research study, over 40% of all organizations use server virtualization3 and experts predict that 50% of computers will go virtual by 20151. Therefore it is imperative to become aware of the potential of virtualization and the impact it will have on computing in the near future. This article focuses on the security concerns of virtualization, giving a brief overview of the different issues that should be considered during the implementation of a virtual environment.

    Types of Virtualization
    Virtualization can be implemented using different methods:

    • Platform Virtualization – With platform virtualization, a host software creates a virtual machine on a specific hardware platform. In this case resources are shared allowing one physical machine to host numerous isolated virtual environments that function as though they are on separate hardware platforms. This makes it possible to have multiple operating systems running on one platform.
    • Resource Virtualization – This involves the virtualization of system resources which include hard drive partition allocation of virtual memory, network addressing space and the abstracting of logical storage from physical storage. One advantage of this is that it increases flexibility and enhances the efficient use of system resources.
    • Application Virtualization – This is the virtualization of applications and components. It enables applications to run on clients without being installed, although it is executed as if it were installed. This approach makes it possible for applications to run in environments that do not suit the local application.
    • Desktop Virtualization – This is the centralized virtual hosting of desktop environments to thin clients. It allows separate virtual machines to be created on the desktop. One of the advantages of this is that it can be useful when dealing with incompatibility between applications and desktop operating systems.

    Virtualization Benefits

    • Increased Flexibility, Reduced Cost - The implementation of a virtual framework can add to the flexibility of an organization’s IT infrastructure and help in reducing the cost of maintaining and managing it. The fact that virtualization helps consolidate a number of virtual systems on a single, physical one, reduces the number of machines an organization will have to purchase to keep up with its growing IT infrastructure needs, and in the process, reduces the power consumption needed to keep these machines running.
    • Increased Efficiency - Virtualization also has the possibility of contributing to the efficient management of computers and ensuring higher availability after failures through backup solutions and instant restores. It also creates a more expanded test environment through the availability of ready-to-use virtual machines where different operating systems with dissimilar configurations or versions are installed on the same machine.

    Key Problems of Virtualization
    Although virtualization comes with its advantages there are a few security aspects organizations should put into consideration before implementing a virtual framework.

    • VM Vulnerabilities - It is good to note that virtual machines do not “know” that they are virtual, and the physical network resources do not communicate with them as though they are. Hence, there is the need to establish organizational configuration policies and standards that apply to virtual machines in the same way as  physical servers.
    • Single Point of Failure- One other issue to be considered is the challenge of a single point of failure. This occurs if any of the hardware components fails, or if the host software crashes. Given that there will be several servers running on one physical machine; disaster recovery should be given thorough planning to ensure that high availability and recovery are well implemented.
    • Server Consolidation - With virtualization, there is the possibility of having a number of individual servers with different levels of risks and criticality hosted on the same physical server. This may make it difficult to assign resources to protect a virtual server that might not really need it. Having servers with the same levels of sensitivity on the same physical machine may prove to be more resourceful, but this poses the risk of being a single point of failure and also serves as a bigger target for attackers. In order to set the security level within a virtual environment it is important to understand the data that is stored and transmitted within the virtual environment, restricting privileged account remote access and disabling “copy/paste” abilities between the guest OS and remote console/server. It is very important that a business decision is made to identify which approach is best suited for your organization to address this issue.
    • Hypervisor Compromise - Another security concern is the possibility of having the hypervisor compromised; the hypervisor is a program that allows multiple operating systems to share a single hardware host2. The hypervisor can be compromised on two levels, Hardware level and Software level Consequently, if a malicious user has the ability to gain access into a virtual host, there is the possibility of that same user jumping to another virtual host on the same physical machine. Another possible scenario is the likelihood of intercepting host traffic by listening to system calls being made from the hosted operating system to hosting system and to the hardware. Hence, the other servers within the physical server are open to the same malicious traffic or attack; therefore there is the need to segment traffic for a more secure network.
    • NIC Sharing - There also stands the possibility of having a point of weakness given that virtual machines may share the same NIC even though it is often advised to use a separate NIC per  virtual machine. Using multiple NICs can help avoid the performance overhead of the virtualized switch. It is also important that a virtual firewall is installed as this ensures the isolation of the items that need to be protected within a proper virtual and physical network layout.
    • Cross Talk - Cross talk is the unwanted, inappropriate or uncontrolled communication that occurs between virtual machines on the same physical server. This can be addressed by segmenting communications using virtual switches, virtual firewalls and virtual IDS to monitor ongoing traffic. It is nevertheless important that these tools be properly configured to ensure the best performance; limit data flow from the virtual machine to the server host; and prevent virtual machines from taking over resources.
    • Codependence on Other Services - There may be a need to install other services such as Internet Information Services (IIS) in order for the GUI management console to be functional when setting up VMware. This opens up opportunities for more security issues. As a result, every other service that needs to be installed with the virtual machine should be properly reviewed for any potential security risks it may pose and configured accordingly.

    Conclusion
    It is evident that virtualization offers a number of great benefits that cannot be overemphasized. In order to implement a successful virtual infrastructure it is important that organizations take adequate time to plan and put into consideration issues like user and account management, password management, file system permissions, auditing and logging. This will help give the assurance that a secure structure is being implemented to help mitigate likely inherent vulnerabilities of virtualization.

    This entry was posted in Banking & Finance, Education, Government & Public, Healthcare, Hopsitality, Information Security Design, Manufacturing, Newsletters, Retailers & Wholesalers, Technology, Telecommunication. Bookmark the permalink.

    Comments are closed.
  • Get Our Free Mobile
    Device Security Whitepaper

  • UVP – All Pages

    First Name: *
    Last Name: *
    Title: *
    Company Name: *
    Email: **
    Phone: *
    * Required field.

    ** Please use a non Gmail, Yahoo, or Hotmail email address.