Virtualization's Security Challenge
While server consolidation boosts efficiency,
it also creates a host of new vulnerabilities.
by John Bordwine
Hardware virtualization has been around for many years, but only recently has it begun to gain momentum. Through virtualization technology, mainly server consolidation, defense organizations have a huge opportunity to reduce hardware, power use and management upkeep needed to run their data centers.
Today, most government servers, based upon a distributed architecture, operate at only 10 percent to 15 percent efficiency. With virtualization and architectural changes, servers can be expanded to as much as 80 percent utilization, greatly increasing efficiency without impacting performance. As agencies begin to leverage the advantages and benefits of this newly popular technology, however, network security is often neglected.
If not managed properly, virtualization can invite many unwanted vulnerabilities, many of which are unique to virtualization. These vulnerabilities need to be addressed upfront to ensure defense organizations truly reap the benefits of virtualization without harm.
It is not surprising that virtualization has become a preferred technology in recent months, shifting from buzzword to reality for a number of reasons. Server consolidation can provide huge cost savings through the reduction of hardware needed. A military organization can now rely on a single server, rather than eight to 20 additional units, to manage its network. Another benefit of virtualization—more efficient business continuity planning—allows agencies to scale instantly by turning additional machines on or off, with a single click of a button. The ability to meet workload on demand is enabled by the fact that virtual machines can be cloned, or re-deployed “on the fly,” often in under an hour.
The benefits of virtualization are especially valuable in the battlefield. Net-centric warfare has increased mission effectiveness, through improved information sharing, which enhances situational awareness and speed of command. The Warfighter Information Network-Tactical (WIN-T), the Army’s on-the-move, high-speed, high-capacity backbone communications network, is being developed to keep the warfighter connected, communicating and synchronized. Virtualization has enabled WIN-T to stay connected, while decreasing the amount of hardware. With less hardware, the warfighter has less to transport, increasing force mobility and the ease of deployment.
While the benefits of virtualization are countless, there are many security challenges a virtual environment faces. The same threats that plague traditional physical systems also target virtual machines, like denial of service, buffer overflows, spyware and/or Trojans. But virtual systems also lack the boundaries and compartmentalization of physical systems, so many new challenges unique to virtualization have evolved. Agencies tend to focus on the benefits of these new, virtual systems, causing security to take a seat on the back burner.
SECURITY CHALLENGES
Below are five key security challenges unique to virtualization that need to be addressed up front.
Hackers gain access to larger pools of information.
Virtualization’s ability to enable a server to run at 80 percent utilization is an enormous benefit to government agencies. Although this increases efficiency, it also means that these servers are a greater target for hackers. Virtualization allows a larger number of virtual clients to access a server at any given time; before virtualization, a potential hacker would have to navigate through hundreds of different work stations to determine a method of reaching the target data. Now, one infection will infiltrate not only the server, but every work station logged on to that server. This could prove especially catastrophic in the defense industry, since through virtualization the nation’s most critical data may be compiled onto one data-rich hard drive. If not secured appropriately, an intruder could potentially gain access to large amounts of highly classified mission-critical information.
Servers are exposed to a greater threat of contamination.
Unlike traditional physical systems, virtual systems no longer have boundaries in place, separating critical pools of information from each other. Prior to virtualization, a physical system utilized physical connectivity devices that monitored data being transmitted. Virtualization’s lack of boundaries limits its capability to monitor this transfer of data. An agency that has not embraced virtualization may utilize a dozen hardware devices, each controlling a different function. Although malware contamination is still a threat to non-virtual systems, it does not typically have the ability to affect as much data because traditional malware borders would prevent the spread of contamination. Today’s virtual infrastructure does not offer any network-based segmentation: Since a virtual system runs off of a single host, malware contamination has no boundaries to penetrate, enabling the possibility for greater damage.
Unpatched backup systems can expose the entire system to infection.
Another challenge unique to virtualization lies within the images used to back up the system. Virtual images, or snapshots taken of the system, are filed away on virtual shelves, often lying dormant for months at a time. When problems within the operating system occur, these backup systems are brought back online. The challenge is that in the realm of security, a lot can happen in the days, weeks or months that system was offline. New threats are constantly evolving; if backup systems are not patched before going back online, they can expose the system to widespread infection. As the military turns to virtualization to increase the effectiveness of its continuity of operations (COOP) plan, backup systems left unpatched could be particularly catastrophic. In the event of an emergency, government agencies implement COOP plans to minimize downtime and expedite the recovery process. Neglecting to patch offline backup systems could amplify the scope of a disaster by exposing virtual systems to infection.
Malware techniques and attacks unique to virtualization are continuously developing.
As with any new technology that gains acceptance, virtualization has become a prime target of hackers. As with any phishing scam or malware deployment, hackers are pinpointing areas where they’ll get the biggest “bang for their buck.” They are deploying new malware techniques to exploit virtual systems, which enable boundaries to be crossed very easily. One of the biggest concerns is a compromise of the virtual host server, which is like Pandora’s Box to most hackers. Because a virtual system operates off of a single host, gaining access to that host server leaves the entire data-rich hard drive vulnerable. Malware can be morphed to cascade through an entire virtual environment; because there are few boundaries and most or all data is stored in one place, it is no longer necessary to locate the identity of each and every file server.
This exposure can lead to a number of attacks unique to virtualization. Hyperjacking is an attempt to take control of the hypervisor, by a number of methods: injecting a rogue hypervisor beneath the original hypervisor, directly obtaining control of the original hypervisor, or by running a rogue hypervisor on top of an existing hypervisor. After an intruder gains control of the host, full network access is enabled. Guest-hopping, another attack unique to virtualization, occurs when an intruder operating on a guest platform breaks through, gaining access to multiple virtual server hosts. This ghost-like intruder would remain nearly undetected, enabling a variety of attacks to be carried out.
Conventional security measures lack the capability to protect a virtual system.
For years, security measures have been evolving—traditional physical systems are compatible with hundreds of solutions, all designed to keep intruders out, controlling user access and information that crosses over designated boundaries. Through the implementation of virtualization, however, an agency’s processes, training and tools have to be re-evaluated. Do these processes and tools protect the virtual environment as effectively as they protected the physical system? Probably not. Chances are that vast pools of critical information are unguarded if new security solutions have not been implemented.
These existing security technologies also tend to be tied to a particular location, revolving around static and IP based controls, but this is no longer adequate because a virtual system is not necessarily tied to a particular location. Compliance-based processes also become more difficult because they not only need to take into account active server data, but also offline virtual images.
ADDRESSING THE RISKS
As new virtualization security risks and challenges are constantly evolving, so are mitigating techniques to protect the network infrastructure. At the most basic level, it is vital that users and administrators have access to proper training and education, on a continuous basis. When new solutions are implemented across an agency, it is standard practice to provide education about the new technology in order to understand and plan for the organizational process changes required to manage any new implementation. Virtualization is no different. It is critical that administrators, operational staff, solution architects and users learn how a virtualized environment operates in order to more efficiently and effectively protect the network.
Administrators and users need not only be trained on the new technology itself, but also on process training, like change control. One of the challenges with a virtual system is the ease with which configuration modifications can be carried out. Since the entire network is managed from a single host, a major change can be implemented by a single mouse click. Changes and updates to the underlying system should be carefully considered before they are approved. These changes can often affect all three fundamental security concepts— confidentiality, integrity and availability— which could have a catastrophic impact on the military organization.
In addition to training and education, a virtual environment has unique security measures that need to be implemented in order to protect important agency information. As with any new challenge, new security solutions to address vulnerabilities presented by virtual systems are constantly evolving. One solution, the virtual switch, is relatively new and adds an attack point into the network architecture. A virtual switch is a software switch with embedded security controls that runs within a virtual environment, controlling how and between whom information is shared. The primary purpose here is to provide security measures, like isolation, control and content inspection, between virtual machines. Routers and back-up systems can also be implemented to protect the network infrastructure of a virtual system.
Encryption is also a popular solution for securing a virtual environment. Virtual disks are typically stored as files on the host, and most of these disks are stored in plain text, giving an intruder who gains access to these files the same level of access as a valid user. The risk here is not only in the fact that information may be illegitimately disclosed, but also the ease with which malware can be injected into the virtual disk increases. Stronger access controls are a possible solution, as well as encryption of sensitive files stored on the host. These security measures can be achieved through add-ons available from a virtualization vendor, or by using host physical disk encryption technologies that encrypt specific segments on the virtual machine where important files are stored.
As the military continues to turn to virtualization for more efficient network management, security concerns need not be neglected. The benefits of virtualization are practically endless—not only does it reduce management upkeep, but also hardware is also drastically reduced, in turn decreasing power usage, and ultimately providing significant cost savings for the organization.
While the benefits are enticing, it’s important to recognize that virtualization has many unique challenges that need to be addressed to adequately protect critical information stored within these servers. Old systems and processes need to be re-evaluated, and most times, new security devices will need to be implemented. Although with virtualization comes a variety of new risks and challenges, the good news is that none of these problems are unsolvable. Using proactive security measures and administering appropriate training can protect against a breach of data, saving agencies both time and money. ♦
