Organizations are increasingly becoming interested in the benefits associated with virtualized infrastructure, particularly increased efficiency and reduced burdens on IT staff. Virtualized infrastructure brings with it a host of new challenges in terms of security, however, at a time when the topic is being brought very much to the fore by the actions of several hacker collectives.
Those looking to adopt a virtualized infrastructure should address the following crucial security issues if they are to bolster defenses against cybercrime.
Strength in Depth: Securing the Entire Infrastructure
For the most part, resources to secure virtualized infrastructures are spent on protecting the perimeter network. This, however, is not an ideal strategy because secure perimeter networks do not guard against internal threats. For instance, a weakness exists in that if one exploit succeeds in compromising a single virtual server, then that compromised server could be used as a base to attack other servers on the same host. As such, protecting the hypervisor is a key to any sound strategy.
In addition, it has become increasingly difficult to protect virtualized infrastructures because the demand to create new virtual servers to service dynamic workload spikes can lead to simple administrative errors, exposing backdoors to attackers. Virtual machines (VMs) communicate though virtual switches, so virtualized security controls such as virtual sniffers and virtual firewalls should be in place.
Strong two-factor authentication is critical to maintaining security at the user and admin levels to ensure users can only access the resources they require. Authentication is also vital to maintain strict compliance with policies for securing access to infrastructure, desktop and other network resources. Along with this, policies to trap events based on keywords and protocols can be enforced to prevent sensitive information from leaving the environment.
Keeping data secure while in transit is also important, and protocols such as IPSec and SSL to encrypt WAN connections can be adopted to ensure the packets are obscured and immune to snooping. Data at rest can also be secured with symmetric key encryption. It is important to validate all administrative access to the core environment infrastructure at this stage, and logging can play a role here along with authentication.
Assigning correct lines of responsibility is important because virtual servers can be seen by some cloud providers as not being their responsibility – unlike physical servers. Moreover, system admin staff should be educated about the added layer that comes with virtual servers, which traditionally has not been present.
Vulnerabilities Caused by Rootkits
Rootkits are a major worry because they can lead to the escalation of privileges on exploited systems by third parties used to launch attacks enabled by exploited system administrator rights. It’s also less-than-helpful to administrators that modern rootkits are formed from sophisticated code where the signature is difficult to detect and thus defend against.
Cloud providers have also found similar attacks increasingly difficult to police and defend against. What often happens is that customers port their code and data workload to a cloud provider, which will then run this workload without knowledge of the code internals or its configuration. The sharing of execution environments between user and provider, however, is a concern, because any malware that relocated sensitive data-structures would fool detectors employed by providers and valid updates of the guest operating system would end in false alarms.
Movement of VM Images
A frequent occurrence in virtualized infrastructures is the movement of VM images between physical servers. When these VMs reside on the network between secured perimeters, however, they are vulnerable to attack because hackers could plant malicious code and potentially gain access to a destination data center. There is also a need to carefully migrate the security policies that govern the VMs to the new environment.
Security Mechanisms
Ideally, a great deal of effort should still be spent on traditional security mechanisms, including anti-malware and intrusion detection systems. In addition to this, dedicated virtualization firewalls on components such as the hypervisor should be implemented, while defending the global monitor against deactivation – which is highly crucial. Segmenting networks into virtual clusters that are isolated from one another is also recommended. Inspection of network traffic in real-time can lead to effective action when security policies are violated.
There also needs to be visibility into the security of components, among them routers, switches, firewalls and virtual server hypervisors. To support heightened visibility of these system components, security event logging and correlation should be undertaken to ensure events anywhere on the network are monitored and acted upon when data integrity is in jeopardy. This can also protect against important and confidential information leaving the secure environment.
Tight firewall policies are critical, and restricting specified traffic from the outside can be a powerful security tool. Firewalls can also be hardware-based, but they should be integrated with intrusion detection and prevention alerts to provide greater insight into the overall environment.
Detection of New Virtual Servers
Automatically detecting new virtual servers upon creation can prevent the arrival of 'rogue' instances. Enforcing a strict security patch management policy is important in this respect, as patches may take a significant period of time for vendors to release, and often administrators are busy with other tasks that lead to delays in applying them. This is, of course, why many security vulnerabilities never get patched. It is also good practice to impose requisition requests on managers to prevent VM sprawl, which can simply waste resources and potentially lead to vulnerable machines.
It is not uncommon to find VMs being launched from server images that may have been configured and patched months before. And to make matters worse, many companies maintain a small number of general-purpose ‘stock’ images from which to launch VMs.
There are automated tools available that can scan and patch VM images for VMware and Microsoft Virtual Server and PCs. These can be useful to verify other manual methods of patch management. Both Microsoft and VMware supply patch-management schedules with their base infrastructure products. Both require disk images stored in libraries to be launched periodically so they can be patched.
Logging
Secure monitoring of internal staff transactions is necessary, and this can be achieved through simple logging of key actions taken by IT administrators across the entire infrastructure. This monitoring is important for any audit. The hypervisor should be protected through access control, automatic updating, networking, and introspection on guest operating systems. Image management – especially with regard to migration – can be carried out through strong storage and network encryption so that sensitive data does not leak from the images.
Finally, companies should not overlook setting file permissions, controlling users and groups, and setting up logging and time synchronization – in addition to routine inspection for hardware failures and out-of-date systems in the physical infrastructure. Logging and event correlation will provide insight into occurrences that enable accurate and timely resolution for infrastructure security events, as well as an audit trail to meet regulatory requirements.
The Secured System
All of these recommendations aside, one aspect that can often be forgotten is that VMs can be more secure than standalone servers. This is because they are more isolated and actually depend on a single host server. This can result in the physical security issue being more easily addressed than if each were on different hardware. The benefits of VMs, notably the speed with which new configurations and applications can be tested, will lead to their increased use in the future.
By implementing the aforementioned steps, organizations can expect to enjoy the benefits that virtualized infrastructure can deliver, while boosting security and keeping confidential information away from criminal hackers.
Kevin Curran, senior member of IEEE, is a reader in computer science at the University of Ulster. His achievements include winning and managing UK & European Framework projects and Technology Transfer Schemes. He has published over 700 works to date and is the editor-in-chief of the International Journal of Ambient Computing and Intelligence (IJACI).