Virtual servers no escape from IT security management concerns

By far the biggest concern related to virtual machine security is the threat of a virtual machine escape. A virtual machine escape is a theoretical type of attack in which an attacker uses a vulnerability within a virtual machine to take control of either the underlying host operating system, or the hypervisor itself. Upon doing so, the attacker could potentially gain control of the other virtual machines hosted on the server.

Why is it such a threat? It's the fear of the unknown, that eventually someone will be able to do it.

To the best of my knowledge, nobody has successfully performed a virtual machine escape attack yet -- even as a proof of concept. Many security experts believe it will probably be only a matter of time before someone figures out how to perform this type of attack, though.

Virtual servers at the edge

I recently wrote a magazine article on virtualizing Exchange Server 2007. One of the statements I made in the article was that I would not recommend virtualizing an edge transport server because it sits in the network's demilitarized zone (DMZ). The editors of the publication would not allow me to print that statement, citing that Microsoft runs its own edge servers in a DMZ.

I have absolutely no idea whether or not Microsoft uses virtual servers in the DMZ. If it does, and it's comfortable with that decision, then that's fine. Personally, I would not be able to sleep at night if I recommended that a client use a virtualized server in the DMZ.

Granted, no virtual machine escape hacks exist today, but if the IT security experts are right and this type of attack is eventuall

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Security for the midmarket Locking down security in the move to electronic medical records A CIO's advice for implementing single sign-on solutions Options for outsourcing security grow, offer IT budget savings Network access control: Pointers for getting the knack of NAC Stopping malware viruses from attacking Web 2.0 technology Unified communications: Securing access to OCS Unified communications security: How safe is it? Risk assessment frameworks easy to employ Midmarket regulatory compliance management: Don't let your guard down Single sign-on: Sensible security on scale Information security management for the midmarket Using key risk indicators to sell your information security program IT security spending a bright spot in '09, with more growth predicted Gartner: Vetting security of third-party partners in five steps Locking down security in the move to electronic medical records Security and risk management in the midmarket Identity and access management planning guide for the midmarket Information systems management for the midmarket CIOs share advice on doing more with less Get smart about patching security vulnerabilities A CIO's advice for implementing single sign-on solutions Virtualization for the midmarket Disaster recovery plans solve bare-metal recovery problem via VMware Data center virtualization: User best practices From software prices to EHR security: The latest advice for CIOs Pricing out Windows Server 2008 for virtualization cost efficiency Tapping the cloud as a software testing service IRobot CIO dishes on virtualization, disaster recovery and compliance Leading iRobot's IT: Virtualization, disaster recovery and compliance How has the role of the CIO changed? IRobot's CIO weighs in ITSM and corporate performance management: CIO Decisions Ezine Midmarket data center management guides: Tips and best practices

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

y developed, then virtualized servers in the DMZ are basically sitting ducks. My personal recommendation would be to avoid virtualizing anything that resides in the DMZ.

If you must virtualize DMZ servers, then I would recommend that the host server contain only virtual servers that reside at the DMZ level. That way, if anyone ever does manage to perform a virtual machine escape attack, he will gain access to only servers that have already been hardened for use in a hostile environment (the DMZ).

Additional security concerns

Although the IT security concerns I have already mentioned are the primary issues to think about when consolidating your data center, it is important to consider the impact that the virtualization process will have on day-to-day security management.

One good example of this is the patching process. Imagine, for instance, that you maintain three physical servers. Obviously, all three of those servers need to be patched as new patches are released. If you virtualize those servers then, all of a sudden, you have four servers to patch: your three existing servers, which have now been virtualized, and the host operating system that the three virtual servers reside on.

Adding one additional operating system to the mix probably doesn't sound like a big deal but keep in mind: Most enterprise-class organizations have far more servers than this. Furthermore, my experience has been that virtualization is almost too easy. Once a company adopts virtualization, it tends to create additional virtual machines far more frequently than it had previously acquired new physical servers, because the company is no longer bound by hardware costs. To some extent, even some licensing costs go away in a virtualized environment, so it makes sense that "virtual server sprawl" often becomes an issue.

My point is that if you are going to virtualize your organization, then you need to be prepared to manage far more servers than you are today, even if you don't have any immediate plans of expanding.

The other issue that tends to affect security management in virtualized environments is server portability. It is a common practice for virtual machines to be moved from one host server to another. This allows organizations to group virtual machines on host servers in a way that makes the most sense from a performance standpoint.

This is important because virtual machine security works on multiple levels. The virtual machine itself must obviously be secured, but so, too, must the host operating system. If virtual machines are being moved from one host server to another, then great care must be taken to ensure that the host operating systems are configured in an identical manner. Otherwise, a virtual machine may be more secure on some host servers than on others.

As you can see, virtualization tends to complicate the subject of securing your servers. As long as you adhere to the various industry best practices for security, though, and are diligent about keeping your security up to date and consistent across the organization, virtualization should not cause any security issues.

Brien M. Posey, MCSE, is a Microsoft Most Valuable Professional for his work with Windows 2000 Server and IIS. He has served as CIO for a nationwide chain of hospitals and was once in charge of IT security for Fort Knox. Write to him at editor@searchcio-midmarket.com.