I recently participated in the InformationWeek Dark Security Virtual Event as a panel member with Hoff, Craig Balding, Chris Wolf, Glenn Brunette, and Jon Oberheide. A very far ranging group of individuals from research, security organizations, analysts, and authors. What is interesting is that most of these same people have joined me on the Virtualization Security Podcast, and the others I hope to have as guests next year. There was one question that set me to thinking even more, do we need a new way of thinking about virtualization security?
The question is rather poignant as we enter the cloud using virtualization technology and as the self-same technology is pushed deeper into the hardware. Do we need a new way of thinking about virtualiztion security? To answer this perhaps we need to look at why this is so important yet oft overlooked or bolted on at the end instead of the beginning of the virtualization project.
What is Virtualization Security So Important?
Virtualization Security is very important as we are combining into one hybrid compute, network, and storage device many different virtual machines. Sometimes there are 50 or more virtual machines running within one host. In the enterprise, that host is backed up by others to provide redundancy and availability. Even so, with the networks used in, I would guess 3/4s of all data centers, the virtualization host would be considered insecure. This is because access to the virtualization host gives access to all the virtual machines running on that host, perhaps memory images of those virtual machines as well as disk images.
The combination of memory and disk images, will allow any attacker to retrieve all in memory passwords and information and the disk access will give everything else. You can now understand why this is an important concept. While the virtualization host provides an authoritative security posture, it also provides an attacker huge amounts of data. Most of it would be considered critical.
What Can We Do About Virtualization Security?
There is a simple need to understand that a virtualization host contains multiple security zones, and those zones need to be secured in different ways. There is a need to segregate and isolate these zones from each other while providing usability, manageability, and availability. Storage, Management, and Virtualization Host specific logical and physical security zones exists. Some of these fall within the realm of traditional network security mechanisms, but others require something more.
We need to increase our auditing as well, so that everything is transparent and therefore provide the answer to the question who did what when how and hopefully why?
Yet auditing is an after the fact item, we really want to nip most threats in the bud before they happen. To this end there are such things as Intrusion Detection and Prevention Systems.
Does this Take a New Way of Thinking?
None of the solutions to virtualization security are new, but perhaps we do need some new tools, or more likely a new mindset. Perhaps the mindset includes:
- Virtual Machines are a Threat to the Virtualization Host
- Networking is inherently insecure (this is why we need all these other things)
- No one pays attention to or understands security certificates (or are taught to bypass them)
- Mixed Authentication and Authorization
- Escape the VM Attacks are a concern but Not the end-all of virtualization security, there are plenty of attacks that do not target escaping the VM
- Virtualization does not grant Security.
This mindset is not different than what we have today, but what is different, are the following:
- Controls over virtual machines locations
- Controls over transient virtual machine data
- Motion of full virtual disks and not just small chunks of data
- The security concerns around the agility of virtual machine
Even VMware Fault Tolerance is not a new security concern, it has been around for years, but when it is used such as Marathon Neverfail and Tandem computers, the network connections were dedicated and very expensive links. So now we also have to worry about the commoditization of higher end technologies that had their own security concerns and existing solutions that entail isolation. This is a small part of a recent conversation I have with Michael Berman, CTO of Catbird.
It is very easy to use the same silo approach to virtualization security that is currently used within the data center today and this silo approach is very much in vogue today. However, virtualization has brought to the forefront the transient nature of data within the virtual environment. We need to think about many more issues besides networking, authentication, and authorization, but how the data moves around within the virtualization host as well as within the entire virtual and physical data center where the data is full virtual machines, not just small chunks zooming around the network. No, not NEW, but definitely different!