Virtualization is mostly done with the help of software,
and since any software is vulnerable to security threats, so is virtualization
software. So if you think that by deploying virtualization technologies in your
data center, you're safe from security threats, then think again. There are
security threats to virtualization as well, which can be pretty serious. Here's
why.
Keep your Hypervisor secure
When you do virtualization, you're essentially putting all your eggs in one
basket. If you loose that basket, then you loose all your eggs. So essentially,
you're taking one hardware server, placing a virtualization layer on top of it,
and then placing multiple guest Operating Systems and applications on top of
this layer. That's like a gold mine for any security attack, because if a hacker
manages to break-into the virtualization layer, then he would have access to all
the applications hosted on it. So keeping your virtualization layer (also known
as the hypervisor) secure is extremely important. Make sure that only limited
people have access to it.
Patch management becomes ever more important
Recently, VMWare released an advisory about 9-10 vulnerabilities across many
of its products, some of which were known to be remotely exploitable. Similarly,
a kernel-level vulnerability was found in Microsoft's HyprerV, which though
wasn't remotely exploitable, but was dangerous nevertheless. Earlier, when you
weren't using virtualization, you would have one server hosting one application.
So if that application was compromised because of a critical vulnerability in
the OS or the application itself, at least your other applications were safe. In
virtualization, you have multiple applications lying on the same server, so one
infection could easily spread across to other virtual machines. Or worse still,
if a vulnerability is found in the virtualization layer itself, then those could
be used to attack all the hosts sitting on that server. This makes it extremely
important to keep track of all vulnerability announcements coming from your
virtualization software provider, and patching them on time. It's also important
that all the guest OSs are also patched up on time.
Set the right roles and permissions for users and admins
Besides ensuring proper and timely patch and update management, you also
need to pay closer attention to the roles and permissions of your users and
groups. This applies to both administrative control as well as user control.
Don't give more permissions than necessary.
Monitor the communication between VMs
When you have multiple virtual machines or host OSs sitting on the same
hardware, then how should they communicate? Should the data from one VM travel
first traverse the entire physical network, only to come back to another VM
that's sitting right next to it? That's obviously not practical. That's why, in
virtualization, the physical NICs on a host server are abstracted into a
switching fabric. This way, all the inter-VM traffic on that host doesn't go out
to the main network, but remains within the same host. While this is good on one
side, it can also be a security issue on the other, because your traditional
network monitoring tools that sniff and scan the network wouldn't really work.
What's important therefore is to check whether a mirroring port can be setup on
the virtual switching fabric, so that traffic going through it can be monitored.