|
|
05-03-2010
Registered User
26,240,
27
Identifying and Reducing Attack Vectors in Virtualized Environment - Part1
Everybody wants to go to heaven but no one wants to die to reach there. Because Heaven is a myth but death is real. Companies want to enjoy the benefits from Cloud and Virtualization technologies but are afraid of adopting the cloud/Virtualization infrastructure because of security concerns. In real world, (Absolute) security is a myth. Virtualization is the cloud enabler. Virtualization as a technology is a complex, dynamic and off course an evolving technology. It is not a fully mature technology (No technology is fully matured). But it is not insecure as many believe. Instead it is a business enabler which makes organizations to reduce cost, competitive and sometimes even more secure. Why Virtual Environment is different from the Physical Environment?
Virtualization become insecure and complex when those who manage and protect the virtual environment do not understand the under laying technology.
We are not in the same Information Technology era where we protected our information assets by protecting the Physical IT Infrastructure.
Virtualization opens few additional layers (entry points).
Is there anything wrong with these additional layers?
Nothing really... But these additional layers give us (security people) an opportunity to perform additional monitoring and protection capabilities at these layers which are not available in the physical environment.
There is no significant increase in the number of entry points to a Virtual Infrastructure but if administrators fail to identify and secure the entry points then that would result in increased attack vectors.
Virtualized data centers are less secure internally than from outside.
The key problem that we can find in the Virtual Infrastructure is the lack separation of duties.
The privileged insiders are the greatest threat to the Virtual Infrastructure (This is true even for Physical Infrastructure). If not implements properly, the SA's get access to the Virtual Networks and make unauthorized changes in the network policies.
But these issues can be overcome by implementing roles based access controls at the Hypervisor layer.
Adding more security controls into the Virtual Infrastructure would make virtualization solutions more expensive and less attractive.
Since not many people see security as a business enabling service we generally consider ROI before a security control is put in place.
Keep in mind - security is always risk driven.
I will talk further about reducing attack vectors in Virtualized Data centers in a future post.
More...
Virtualization become insecure and complex when those who manage and protect the virtual environment do not understand the under laying technology.
We are not in the same Information Technology era where we protected our information assets by protecting the Physical IT Infrastructure.
Virtualization opens few additional layers (entry points).
- Hypervisor <li class="MsoNormal" style="MARGIN: 0in 0in 10pt; mso-list: l0 level1 lfo1; tab-stops: list .5in">Virtual Networks <li class="MsoNormal" style="MARGIN: 0in 0in 10pt; mso-list: l0 level1 lfo1; tab-stops: list .5in">Virtual Machines <li class="MsoNormal" style="MARGIN: 0in 0in 10pt; mso-list: l0 level1 lfo1; tab-stops: list .5in">Virtual Storage
Nothing really... But these additional layers give us (security people) an opportunity to perform additional monitoring and protection capabilities at these layers which are not available in the physical environment.
There is no significant increase in the number of entry points to a Virtual Infrastructure but if administrators fail to identify and secure the entry points then that would result in increased attack vectors.
Virtualized data centers are less secure internally than from outside.
The key problem that we can find in the Virtual Infrastructure is the lack separation of duties.
The privileged insiders are the greatest threat to the Virtual Infrastructure (This is true even for Physical Infrastructure). If not implements properly, the SA's get access to the Virtual Networks and make unauthorized changes in the network policies.
But these issues can be overcome by implementing roles based access controls at the Hypervisor layer.
Adding more security controls into the Virtual Infrastructure would make virtualization solutions more expensive and less attractive.
Since not many people see security as a business enabling service we generally consider ROI before a security control is put in place.
Keep in mind - security is always risk driven.
I will talk further about reducing attack vectors in Virtualized Data centers in a future post.
More...