Security in a virtual reality

Roy Harari is UK managing director of Comsec

Virtualisation creates its own challenges for systems security, says Roy Harari

Today, every business tries to cut costs in order to be competitive in tomorrow’s market. Sometimes this is done by outsourcing IT, HR or other non-core services. In other organisations, cost reduction is achieved by consolidating its IT environment by using virtualisation.

By creating multiple virtual machines which share resources, such as CPU, memory, hard drive, network devices, etc, organisations are able to reduce the cost of management of server operation. This includes the hardware, maintenance and human resources needed to manage, operate and administer these servers on a daily basis.

Furthermore, in regard to disaster recovery planning, virtualisation can also enhance the security level by providing means to faster, more flexible and more reliable disaster recovery at a lower cost.

The slogan “Start Secure – Stay Secure” is used by Comsec to emphasise that security has to begin from the very first stages of design and integration and should be integrated into every subsequent step.

Each solution has its own approach, which does not always suits the organisational needs. Some of these solutions completely separate each operating system while others create separate zones with a shared kernel. Organisations need to determine security requirements that correlate with the organisational security policy. A security architect should be involved in this stage in order to define parameters, such as access control to server consol, design of virtual network architecture, design of virtual machines, communication protocols, etc.

When implementing a virtual environment, some of the communication can relay on an internal, virtual network. For example, when a virtual web server communicates with a virtual database, the packets traverse through a virtual network only. A traditional firewall will not be able to filter this communication if needed.

There are a number of possible solutions. One of them is to use a firewall integrated into a virtual server application. The second option is to configure the virtual machines to route all the communication through an external firewall by connecting virtual machines to separate physical network cards. A third option is to use a virtual firewall which usually comes in the form of a virtual appliance. These appliances function as traditional firewall devices and can perform functions such as Deep Packet Inspection, session based rules, filtering, and so on.

In most cases we can assume that each virtual machine is fully isolated from another virtual machine running on the same server. These servers need to be hardened and tested periodically as their physical counterparts. Security vulnerabilities existing on one of the virtual machines could allow an attacker to skip from that machine to another in the network.

Host servers are responsible for allocating memory and CPU to guest servers, as well as providing access to storage and network devices. By receiving access to file systems on the host server, an attacker will gain access to files stored on virtual machines. It is also possible to shut down the host server which will result in denial of service on each of the hosted virtual machines. These are only a few of the possible scenarios.

The host server should be hardened and undergo very strict access control. Only administrators and dedicated operators should have access to the consol and virtual server management interfaces. The server should be updated with the latest security patches and it should be configured in a secure fashion.

Policies

Every security decision should be backed up by an existing and approved policy. These policies should include:

• Password policy (expiration, password length)

• Authentication policy (Token, LDAP, etc.)

• Access control policy

• Network connectivity policy (such as separation to VLANs, firewall rules, etc.)

It is important to review these policies at least annually to make sure that they are updated with new standards and best practices.

Security auditing should be performed on a periodic basis in order to discover security issues such as new vulnerabilities, redundant services, outdated firewall rules and routing tables, etc.

Virtualisation technology offers many operational and financial advantages. It even provides some security benefits. Nevertheless, this concept introduces several security weaknesses. The associated vulnerabilities include potential denial of service, data leakage and others.

With a proper and professional security approach towards the virtualisation concept, one should achieve a secure and reliable environment.