Virtualization: What are the security risks?

Virtualization: What are the security risks?

Summary: Virtualization will become dominant in enterprises, but the security risks are fuzzy at best. Meanwhile, the usual defense--firewalls, security appliances and such aren't ready for virtualization.


Virtualization will become dominant in enterprises, but the security risks are fuzzy at best. Meanwhile, the usual defense--firewalls, security appliances and such aren't ready for virtualization.

Those are some of the big takeaways from a ThinkEquity report by Jonathan Ruykhaver. Another big takeaway is that enterprises could put off virtualization in the data center because of worries about security risks. Ruykhaver's conclusion is a bit of a stretch for me--I have never heard any technology executive wonder about virtualization security. If anything, virtualization will be in place before anyone notices the security issues. There's something about saving so much on hardware, easy server provisioning and more IT flexibility that overshadows any security worries.

Nevertheless, Ruykhaver's report is noteworthy because it frames the virtualization security issue (all resources). Some key points to ponder:

Server virtualization can aid security, but virtualized environments bring their own headaches. To wit, security threats can originate externally and internally in a virtualized environment. These "intra-host threats" can elude any existing security protection schemes.

Since these virtualized security threats are hard to pin down "this can result in the spread of computer viruses, theft of data, and denial of service, regulatory compliance conflicts, or other consequences within the virtualized environment," writes Ruykhaver.

Hypervisors introduce a new layer of privileged software that can be attacked. The hypervisor operates like an operating system and could require patching. If a hypervisor needed to be patched all virtual machines would have to be brought down. Ruykhaver points out:

One compromised virtual machine could infect all Virtual Machines on a physical server. An attack on one guest virtual machine escaping to other virtual machine's resident on the same physical host represents the biggest security risk in a virtualized environment, in our view. If, or when, attacks focused on virtual machines become readily available, the attacker potentially only has to spend time attacking one virtual machine, which could lead to compromising other virtual machines over a closed network, and eventually escaping the virtual VMM environment and accessing the host. In a typical attack scenario, an attacker has to focus its attacks on one machine at a time, regardless of its intent: "Attack one machine to inflict harm on that one machine." Virtualized environments remove that restriction and create a one-to-many attack scenario: attack the host, own the guests-or even attack one guest, possibly own them all. Hence, we believe the biggest security risk with virtualization is these "guest-to-guest attacks," where an attacker gets the root or administrator privileges on the hardware, and then can hop from one virtual machine to another. If the hacker owns the hypervisor, he/she owns all data traversing the hypervisor and is in a position to sample, redirect, or spoof anything. Without some form of fail-safe, guest operating systems would have no way of knowing they are running on a compromised platform. This "hyperjacking" scenario is particularly frightening if we consider large-scale virtualization platforms that offer 10, 50, even hundreds of hosted servers running on a single piece of hardware. The potential risk for loss of control and revenue is considerable.

Not enough attention has been paid to patching and confirming the security of virtual servers. Has anyone thought through what it would be like patch a virtual infrastructure?

Communications between virtual machines are likely to be popular attack vectors. Virtual machines have to communicate and share data with each other. If these communications aren't monitored or controlled they are ripe for attack, notes Ruykhaver.

There's money to be made in virtualization security. Some of the private companies worth checking out include Blue Lane, Reflex Security and Catbird Networks. BlueLane's flagship product, VirtualShield, finds virtual machines and updates and patches them. Reflex Security's approach creates a virtualized security appliance and infrastructure. Catbird has a VMware certified virtual appliance dubbed V-Agent. IBM and VMware are also developing secure hypervisor technology and ways to lock down virtual machines, respectively.

Bottom line: Ruykhaver's take is that it's just a matter of time before a major vulnerability or threat in virtualized environments emerges. Today, the virtualization security risks are low, but that that could change in a hurry.

Topics: Hardware, CXO, Emerging Tech, Security, Storage, Virtualization

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • The biggest security risk in virtualization

    is the usual suspect: the administrator. The only difference is that with virtualization there is a chance that the administrator may let his guard down in areas in which he thinks he is safe when he isn't.
    Michael Kelly
  • RE: Virtualization: What are the security risks?

    All good points Larry. Just like everything else in the data center, virtualization will be well entrenched long before the security issues become evident.

    Reminds me of IBM S-Series issues between partitions. Best practice was to exit one partition, go through a firewall and back into a port connected to the next partition. Most firewalls don't have the port density to make that feasible.

    • Routing traffic out of the environment

      Richard, its funny you mention sending traffic out a port to a firewall and back into a port connected to the next partition. I've spoken with a number of customers on this topic and the ones that care about security are considering taking this approach. They will route traffic out of the virtual environment, to an external firewall and then route it back into the environment.

      This is not the most optimal solution as we can all clearly see.

      The vendors that are doing inline devices like Reflex, Blue Lane and Catbird all have limitations as well from what I can see. They are inline devices and cant enforce VM to VM communication.

      -John Peterson
  • RE: Virtualization: What are the security risks?

    I take to heart Ruykhaver's points, but don't quite see the full problem. Admittedly, all my virt stuff has been desktop, but I've updated and patched all my VM's - Windows and Linux, and installed software firewalls and anti-virus apps on most of them. Doing so can get, um, interesting, but I figured that was mostly due to my own ignorance and lack of skill.
  • The biggest security risk with Virtulization is to Microsoft

    Microsoft might not be able to track a
    virtual system as easily to insure
    collection of license fees for every single
    instance of any Microsoft software, and/or
    every connection to that system.

    Veeeeery insecure for Microsoft..... not so
    much for their customers (presently known as
    users, no such word as "customers" anymore).
    If they used the term "customer" now, the
    customer would also have to be labeled
    Ole Man
  • RE: Virtualization: What are the security risks?

    Another security issue not talked about here is technologies like shared clipboard that allow data to be transferred between virtual machines and host. While a handy technology, it can be potentially used as a gateway to transfer data by malicious programs working in tandem within these virtual machines.