Security Priorities for Virtual Operations
The methods to adequately secure virtualized computing environments are hampered by multiple risks, as well as the added complexity this technology introduces, although there are several 'best practices' techniques that can help federal agencies sidestep potential pitfalls.
Complications arise due to the complexity that virtualization introduces. IT security staff accustomed to associating security practices with boxes and wired networks must be alert to changes. Virtual servers are easily and transparently moved to maximize bandwidth and computing resources. Dormant high-availability servers require up-to-date patches and configurations.
Although some concepts involved in virtualization are decades old, industry observers maintain that current uses are still relatively new and many security implications have yet to be fully worked out.
There's also a lack of intra-server network visibility. Traditional network-based security tools rely on access to the traffic traversing physical switches, typically through a hardware appliance. When a switch is virtual, new solutions must be employed that access virtual networking traffic, by running in a virtual appliance, for example.
Also, there's no administrative separation-by-default. In traditional large-scale data centers, the server team is distinct from the network and security teams. With virtualization, a single administrative interface controls virtual machines and virtual networks. Separation must be re-introduced through the proper definition of roles and privileges.
In server consolidation projects, meanwhile, industry observers maintain because there are no firewalls between virtual machines, if one gets compromised, it can be a platform for attacks on the others. Also, organizations can risk trouble by simply putting two virtual machines with different security levels on the same host.
Security risks include jailbreaking, which occurs in a hypervisor environment, when someone with access to a single virtual machine is able to 'jailbreak' into the host and compromise other virtual machines. This is the primary reason federal organizations must keep classified virtual machines on a separate hardware platform from those used for testing and development, for examples.
Another headache: in virtualized IT environments, compliance and auditing must still evolve to handle the security requirements of both physical and virtual systems.
This means finding a way to measure resource usage and cost allocations among applications that function in a shared infrastructure. Unless meticulous image cataloging is enforced, “image sprawl” and orphaned images can cause delays and overwhelm an IT staff.
Virtualization software can cause unpredictable errors, say industry observers, and the host system is considered by some experts as a potential ‘single point of failure.’
Another possible threat: virtualized malware (otherwise known as ‘rootkit hypervisors’) that will likely add to the burden of keeping virtualized systems secure. One widely reported prototype rootkit hypervisor has been dubbed Blue Pill. According to reports, Blue Pill is a virtual machine that installs itself on a host and acts as a hypervisor, controlling resource allocation and the interactions of various internal operating system instances. While still only a prototype, it has been reported that this type of potential virtual security risk won't degrade performance and is difficult to detect.
Meanwhile, a separate ‘theoretical’ virtual machine rootkit, called SubVirt, is being researched by Microsoft and the University of Michigan. This rootkit reportedly sits under a hypervisor and logs all virtual machine activities. These security threats are important for government IT organizations to be aware of, as they could potentially create maddening problems if machines are compromised.
Not surprisingly, the best defense against these threats is good governance. Outside assistance from certified security professionals with specialized virtualization credentials may also be helpful as agencies strive to implement virtualization, while ensuring proper protection of government resources and information.