Security In Virtual Environment

Advanced articles about security for IP professionals.

Mobile and handheld security is in demand, but the days of virtual security are not far away. Organizations all over the world are experimenting with virtualization technology and most of these organizations will soon adopt the virtual environment. This point can easily be proved: at a recent RSA security conference held in San Francisco, one of the hot topics of discussion was virtual environment security. It is estimated that 40% of all the security software responsible for controlling data centers will be virtualized by 2015.

Security in virtual environments is completely different from that in the physical world. There are times when intrusion prevention systems cannot be tuned well enough based on IP, MAC or geography. Also, inside virtual environments, it is always a challenge to maintain the number of VMs (Virtual Machines) running and then secondly, to maintain the correct patch levels of each and every VM.

So before considering the jump towards virtualization, you should consider the following points:

1. Loading multiple copies of a security solution or a single copy

Even though we are talking about a virtual network, the concept of security solutions doesn’t change. Virtual environments make best use of physical resources, but this doesn’t tell us how best to deploy the security solutions. For example, if there are 50 VMs running on a server, having individual copies of antivirus software running on each system will bog down the server.

On the other hand, if only a single copy of the software is loaded at the server level, there will be obvious advantages of cost savings, processing time savings, etc., but will this approach be secure enough? So the same concern exists in the virtual world just like in the physical world: security vs. efficiency. In the end it is for the company or the organization to decide which security solution method best suits their needs.

2. Encryption for communication between VMs

In a virtualized environment, sometimes there are multiple VMs running on a single server, and these VMs in turn are servers and clients of a single domain or application infrastructure that need to interact with each other. This raises the question of using plain text or encrypted text. If a single organization is using the whole server (collection of VMs), then the risks are small.

But if several different companies are using renting the cloud from a singer server, then it becomes more important to prevent information from being intercepted and misused. In this scenario, the use of encryption is vital: without it, companies that are currently compliant with ISO standards can lose their compliance and certifications. Once again, each organization must weigh the pros and cons of using encryption.

3. Control over access to data

In the physical world, access controls are applied to resources based on either a MAC address or IP address or usernames. However these security policies are less effective in the virtual environment.

When VMs need to decide what resources are to be provided based on MAC and IP, there is the question of how to handle that in Virtual environment. The strong enforcement of security policies is extremely important especially when confidential data is being used over an unsecured Wifi connection. VMs must enforce the security polices of companies just like in the physical world. The decision needs to be made in terms of the data that is requested and not in regards to the IP or the MAC that is requesting the data.

4. Reading between the lines, or should we say links?

Virtual environment means virtual machines on top of a host operating system, whether a Citrix Xenserver, Hypervisor or Microsoft Windows 2008. These can be attacked by VM-aware malware and this problem is on the rise. Malware infection can occur via the internet, or VMs can infect each other internally once one VM is compromised. This is especially true when the VMs are configured to fail with the help of another link. So the question arises: is this other dedicated link protected enough?

Encryption and scanning are necessary to control the data communication that occurs between VMs through these channels.

The National Institute of Standards & Technology (NIST) has established guidelines on virtual environment security. Here is a brief summary of these guidelines:

  • Security on the hypervisor should be as strong as those on the servers in the physical world
  • Guidelines should be established for securely configuring VMs
  • The patch and vulnerability management systems of the physical world need to be extended to fit the virtual world

More security articles