Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor

Virtualisation as the next step in IT security

InfoSecurity Europe : 18 December, 2007  (Technical Article)
David Frith of Siemens Enterprise Communications explains why virtualisation is important as a means of securing enterprise systems.
Although Virtualisation is not a new concept its present implementations are changing the face of corporate IT, through the reduction of the number of physical servers, the consolidation of rack space and the cutting of energy costs.
Virtualisation allows the Virtual Machines (or VM's) running the applications to be divorced from their physical environment. A VM provides an isolated 'sandbox' for running applications, with Hypervisor processes managing multiple VM's on each physical machine. This separation of functionality from physical location allows superior management and a pooling of resources with the ability to meet workload on demand. Virtualisation technology is not just applicable to server applications within a data centre it applies across the enterprise be it within storage, security, the network or at the desktop.

The use of Virtualisation technologies however causes the complexity of computing environments to mushroom and as we all know additional complexity breeds insecurity. Such obfuscation being an issue for both management and monitoring. With recent Virtualisation technologies evolving from mainframe origins to the standard server and desktop market its widespread application is still relatively new. Full security analysis of many of the vendor offerings reveals large areas of unexplored code in which could lurk potential flaws, this is an 'known unknown' since the lack of live deployments until recently has resulted in little testing.

One of the great benefits of Virtualisation as mentioned is the pooling of resources with the ability to re-deploy VM's 'on the fly'. It is easy to create 'Gold' master VM images and replicate these as needed to increase computing resources. VM's can be deployed instantly and shuffled around the infrastructure in a similar way as transferring files, however managing change and introducing security into this mix becomes incredibly complex.

Attacks on virtualised systems have so far been few and far between mainly due to only recent adoption, however the number of installed systems is set to double by 2012 and proof of concept attacks are already in existence. Attacks on virtual systems can come from an extension of older forms of attack such as Denial of Service (DoS), buffer overflows, spyware, Rootkits and/or Trojans - all prone to lurk beneath guest operating systems.

Additionally new specific attacks include those from worms, guest hopping, Hypervisor malware and Hyperjacking all involving the Hypervisor itself being exploited and used to subvert each VM it controls. As the volume of virtualised software increases more exploits will be written and they in turn will become increasingly insidious (potentially compromising several VM systems at once).

In the recent rush to deploy Virtualisation technologies, cost and mobility have been the top priorities and many other implications (such as security, integration, management etc..) have still to be worked out. Existing security technologies typically revolve around static and IP based controls (be they firewalls, IDS's, VLAN's etc..) however with the erosion of technology tied to a particular location, the tracking of IP or static based identifiers is no longer sufficient, indeed most network and admission control technologies are not Virtualisation aware. Additionally IT audit and compliance processes are now far more complex undertakings, what happens with offline or dormant VM's? Obviously these still need to be patched and reviewed on a timely basis, but how - if you can't keep track of VM's and the applications within them? It is clear that the even with including standard best practices such as enhanced change management, separation of duties and administration controls conventional security measures fall far short.

With potential attacks first compromising one VM and then spreading to others, each needs to be protected with secure policies configured and adapted as needed. Here existing vendor tools can be used in the partitioning, isolating and segmenting of each VM with resource management controls to allocate, schedule, monitor and cap resources as required. Such tools can ensure that the VM's that require like levels of security are grouped together and that controls are in place to stop any unauthorised replication.

Where existing tools largely fall short however is in their ability to monitor the whole enterprise, integrate with other tools and to keep track of and detect VM's to limit their spread. Detection tools are required to scan VM's and detect any vulnerabilities or malicious code. Again with reference to some of the newer Hyperjacking type attacks control of inter-virtual data needs to be monitored, with suspicious traffic reported and/or escalated. Communications between virtual components therefore need to be safeguarded with built-in encryption, digital signatures and hardware based root certificates provided by technologies such as the Trusted Computing initiative TPM (Trusted Platform Module) offering built in security, tamper detection and exploit prevention.

Management tools are required to provision VM's as necessary together with their associated security settings, such tools also need to map interdependencies and data flows ensuring that with all the complexity administrators do not lose an understanding of their environment.

With VM's being deployed and re-deployed, patching tools are also required. The need to introduce timely patches is ever more critical to reduce attack surfaces and ensure best-practice compliance. However because of the resulting downtimes or infrastructure complications many applications are difficult to patch in a timely way, therefore new technologies such as inline patch proxying and application correction (modifying data in midstream) have been developed to help mitigate such issues.

In essence the old adage of combined layers of complementary countermeasures applies, protecting the physical devices, the Hypervisors and the Virtual Machines (VM's). It is just that these defences need to be provided dynamically with security policies and settings following and surrounding each newly mobile VM.

The complexity and dynamic nature of virtualised environments means that new threats and vulnerabilities have appeared and will increasingly manifest themselves. Because traditional security practices only go so far new architectural models, design practices and security tools are required. The existing tools however are generally immature and not yet certified, while such vendors and their tools need to evolve, the market also needs to educate itself, raising awareness of potential issues, new vulnerabilities, evolving threats and where necessary pressuring the vendors to enhance their security offerings.

Siemens Enterprise Communications Limited is exhibiting at Infosecurity Europe 2008, Europe's number one dedicated Information security event. Now in its 13th year, the show continues to provide an unrivalled education programme, new products & services, over 300 exhibitors and 11,700 visitors from every segment of the industry. Held on the 22nd - 24th April 2008 in the Grand Hall, Olympia, this is a must attend event for all professionals involved in Information Security.
Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo