Addressing security vulnerability issues in a virtualized environment

Addressing security vulnerability issues in a virtualized environment

Tags:    CA   securing shared resources   security management   virtual machines   virtualization   virtualized environments   VMware

By PF Vilquin | Nov 11, 2008

More organizations are adopting virtualization to reduce total cost of ownership and improve the quality of service of their IT systems by consolidating servers, applications and data. While the benefits of virtualization are clear, few companies realize that virtualization amplifies the security risks associated with server OS platforms.

 
Not only are the security issues found on networked systems applicable to virtual machines, but the virtualization platform and guest workstation relationship introduces a new breed of security threats. A single compromise of the hosting platform puts the entire virtual data center at risk.
 
Compromising the virtualization platform to download an image or introduce a rogue VM is equivalent to bypassing physical security to break into a server room in order to steal a machine or introduce an external one.
 
To secure virtualized environments, network mangers must be able to centrally manage role-based identity and access, control machine-to-machine access, monitor all activities on the host operating system and guest VMs, and be able to manage compliance and risk.
 
Drawing the Boundaries
An effective security management system for virtualized environments must provide granular segregation of duties to limit each administrator’s privileges to the minimal set required by their job role. This includes the containment of the superuser account by assigning permissions to specific roles and transparently enforcing these permissions.
 
For example, CA’s access control system can limit system administrators of a VMware ESX Server to root operations such as applying patches to the system while denying access to the VM file systems and daemons. Access can also be restricted to specific calendar and time schedules.
 
Without an independent access control solution, multiple administrators in various roles have the ability to interact with numerous components of a virtualization deployment. This poorly regulated access to the virtualization platform presents the potential for damage to the enterprise through the compromise of information and disruption of critical services.
 
Similarly, starting and stopping of VMs should be tightly controlled and restricted to authorized administrators. This prevents critical VM images from being shut down or paused resulting in denial of service or the compromise of data managed by dependent VMs.
 
VM images can be copied along with the data and applications that they hold. These images can be brought back online on an unsecured computer, making it easier for an intruder to access contents managed within the copied image.
 
Moreover, such a breach can affect LAN/VLAN configuration, shared disks or CPU resource allocation. Therefore, as an added layer of security, organizations should also protect the configuration files for virtualization settings such as access controls, shared disks, VLANs and CPU resource allocation.
 
 
 
12 > >>

Similar

Related Articles

Add comment

Post a Comment

The content of this field is kept private and will not be shown publicly.
Verification Code
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
 

Similar

Related Articles

knowledge_central_tab

 
 
Knowledge Central
Trusted Mobility Index
The mobile ecosystem of devices, services and networks is at a critical inflection point.While the mobile revolution is unleashing massive opportunities in both emerging and mature economies, it is also increasing in complexity and confusion. The reality is the lightning-fast adoption of powerful, smart devices is outpacing society’s ability to secure them. Today, trust in mobility hangs in the balance.
The state of the Internet, Q4, 2011
Geography appears to play a role in frequency of observed attacks on specific ports. For example, Port 23 (Telnet) is a favorite target for attacks observed to be originating from South Korea and Turkey, where it accounted for more than five times the number of attacks targeting the next most popular port (445 in both countries). Other instances of geography-based port targeting include observed attacks centered on Port 1433 (Microsoft SQL Server) in China and on Port 80 (WWW/HTTP) in Indonesia.
 
 
 
HID Global deploys a centralized, web-based IP access control solution at Fuxi Power Plant
Unable to meet the needs for real-time monitoring with its traditional patrol system, China's Fuxi Power Plant has deployed HID Global's VertX V2000.
StubHub: How to spot fraud before it happens
Whenever a list of log-on credentials is dumped onto the Web, retailers get hit with waves of automated attacks. Here's how ticket marketplace StubHub fights the threat.