By Bill Beverley - Security Technology Manager, F5 Networks
The concepts behind application and operation system virtualization are not new. The recent rate of virtualization adoption however, especially that of software operating system virtualization, has grown exponentially in the past few years. Virtual machines have finally come into their own, and are quickly moving into the enterprise data centre and becoming a universal tool for all people and groups within IT departments everywhere.
So what exactly is a virtual machine? VMware defines a virtualization as “an abstraction layer that decouples the physical hardware from the operating system...”. Today, we commonly think of virtual machines within the scope of one hardware platform running multiple software operating systems. Most often this concept is implemented in the form of one operating system on one hardware box (the host platform) running multiple independent operating systems on virtual hardware platforms in tandem (the guests).
Platform virtualization usually relies on full hardware segmentation: allowing individual guest platforms to use specific portions of the physical host hardware without conflicting or impacting the host platform, allowing the host and guest(s) to run in tandem without stepping on top of each other.
There are two primary types of platform virtualization: transparent and host-aware. Transparent virtualization is implemented so that the guest is not aware that it’s running in a virtualized state. The guest consumes resources as if it were natively running on the hardware platform, oblivious to the fact that it’s being managed by an additional component, called the VMM (Virtual Machine Monitor), or hypervisor. The more standard forms of virtualization today, such as those by VMware, implement transparent hypervisor systems. These systems can be thought of as proxies: the hypervisor will transparently proxy all communication between the guest and the host hardware, hiding its existence from the guest so the guest believes it’s the only system running on that hardware.
Host-aware implementations differ in that the guest has some form of virtualized knowledge built into the kernel. There is some portion of the guest operating system kernel that knows about the existence of the hypervisor and communicates with it directly. Xen (pronounced ‘zen’), a popular virtualization implementation for Linux, uses a host aware architecture, requiring special hypervisor command code actively running in both the host and all running virtualized guests.
One of the driving factors in virtualization adoption is the open nature of hardware support for VMMs: hardware platforms, which run and manage the primary host operating system, and the VMM are not specialized devices or appliances. This flexibility, the move of virtualization software to everyday hardware, has allowed everyone direct and inexpensive access to run virtualized environments. Virtualization allows a company to purchase one high end hardware device to run 20 virtual operating systems instead of purchasing 20 commoditized lower-end devices, one for each single operating platform.
Virtualized threat vectors
The benefits of virtualization are obvious: more bang for your buck. But everything has a pro/con list, and virtualization is no exception. The pro column is a large one, but the con list isn’t so obvious. What could be bad about running 20 servers for the price of one? Although by no means considered to be a large threat today, security of virtual machines and environments is typically not considered, not because the security of these implementations is a technological mystery, but because it is generally an unknown vector by the groups that are implementing wide-spread virtualization. In other words, virtualization is usually implemented with no specific regard to the new security risks it brings.
Virtualization brings an entire new set of security issues, problems, and risks. Security administrators are familiar with phrases such as ‘hardened operating system,’ ‘walled garden,’ and ‘network segmentation’ in the one-box-for-one-application world, but how do administrators apply these concepts to the uncharted waters of the virtual data centres? How can we protect ourselves in new environments we don’t understand? Today’s system and security administrators need to begin focusing on virtual security, preparing for a new threat arena for distributed and targeted attacks.
There are many, many security risks and considerations that virtual infrastructure administrators should be aware of and prepared for, many of which were not covered in this discussion. And there are many questions that still need to be addressed before moving to a fully virtualized environment, such as:
• How will our current analysis, debugging, and forensics tools adapt themselves to virtualization?
• What new tools will security administrators be required to master between all of the virtualization platforms?
• How does patch management impact the virtual infrastructure for guests, hosts, and management subsystems?
• Will new security tools, such as hardware virtualization built into CPUs, help protect the hypervisor by moving it out of software?
• How will known security best practices, such as no-exec stacks, make a difference when fully virtualized? Will hardware virtualization pave the way to a truly secure VMM?
• Virtualization and shared storage: What happens if we virtualized all the way down to the iSCSI transport layer? Are we opening up a floodgate which bypasses built-in SAN security?
These are all questions that need to be addressed before the enterprise world moves full-on into virtualization. More than anything, we should be thinking today about where virtualization security will take us tomorrow. We all agree that virtualization is for the better and it’s here to stay, but security administrators need to make sure they keep ahead of the threats and think about virtualized threat vectors before attackers have already coded for them.
F5 Networks is exhibiting at Infosecurity Europe 2009, held on 28th – 30th April in its new venue Earl’s Court, London. The event provides a free education programme as well as exhibitors showcasing new and emerging technologies and offering practical and professional expertise. For further information please visit www.infosec.co.uk
•Date: 3rd March 2009• Region:UK/World •Type: Article •Topic: ISM
Rate this article or make a comment - click here