StoneBlog.stonesoft.com

The most common motivation for a virtualization project is cost saving coming from server consolidation. Like the term indicates, the server consolidation is typically managed by server administrators, who may be a separate group of people from the IT security team. This may lead into a situation that the security is not an integral part of the design.

When the security is an afterthought, the solution may become more complex than necessary. And because simplicity is one of the main security principles, the complex solution will further decrease the security by increasing possibilities for configuration mistakes. Like Gartner’s report shows, more than 99% of security breaches are caused by misconfigurations [1]. Maintaining an unnecessarily complex environment will inevitably lead into additional misconfigurations, i.e.  into additional security breaches.

When security is added into the virtual environment, one may think of using the same solution that is already in use in the other parts of the organization. That solution is already well known and proven to work properly, but the problem is that it can be used in physical networks only. Thus, to be able to use the same solution, the traffic needs to be routed back to the physical network like shown in the diagram below (for more detailed description about this challenge, see e.g., my Virtually Secure at Every Network Point article in the February issue of the ISSA Journal, page 37).

For sure, this arrangement will cause additional complexity and performance penalty, which both have security risks of their own. The complexity adds possibilities for configuration mistakes (read: security breaches), and the additional routing arrangement multiplies the network traffic making the system more vulnerable to DoS attacks.

On the other hand, if the security solution is separately chosen for the virtual environment only, the end result may not be that optimal either. When different security solutions are used in the physical and virtual environments, it is very difficult to have a unified security policy implemented across the organization. In some cases, it may be even impossible when one of the selected security solutions is lacking a feature which is used in the other solution to implement the policy. And even if it is doable to maintain two separate solutions, the increased complexity makes the environment more vulnerable to configuration mistakes.

Furthermore, there is an additional possible threat in those virtual environments, whose security is based on an API of the hypervisor. That API provides visibility to the network traffic, memory, and storage of all the VMs so that the security solution does not need to be in the middle of the network communication path or it does not need to be installed into all the protected VMs, but it can do the necessary inspection via the API. As the hypervisor is the most critical component of the whole virtual environment, this kind of API attracts hackers for sure. Although the API does not break down the VM isolation directly, the hacker would get access to all the VMs in the virtual environment by getting access to the API – either directly or through the security VM.

If the security solution is installed inside the virtual environment later on, there may not be enough storage, CPU, or memory resources for it. Obviously, it is very straightforward process to add more resources into the virtual environment nowadays, but the additional hardware cost may be a surprise that should have been taken into account earlier. If you do not accept the additional costs needed for the hardware upgrades, you may end up with even bigger and more nasty surprises. That is, that the system may keep running fine during testing and normal operation, but it may get overloaded during unexpected traffic peaks, causing results similar to a successful DoS attack.

Fail to plan, and you plan to fail. Do not leave security out of your virtualization plans.

[1] Q&A: Is It More Secure to Use Firewalls From Two Different Vendors?, Gartner, 12Aug2008

written by pentti - 6,531 views \\ tags: security threat, Virtualization