People a big security threat to virtualization, Interop speaker says

While VMware this week is holding its own VMworld party in Las Vegas, 2,200 miles away, attendees at Interop New York were told about the potential security risks of virtual environments, not the least of which are people.

At least for now, virtual servers, the hypervisors that oversee them, the management platforms that govern them and the IT staff that sets them up and runs them are all potential attack vectors, said Joshua Corman, principal security analyst for IBM/ISS. “Virtualization is a game changer for good and for bad,” he said.

IT staffs under financial pressure to implement virtual servers may be overworked and lose the diligence to properly plan secure deployments Corman said. “Virtualization requires more discipline and enforcement of policies than before,” he said..

Just as teams of server, network, security and application specialists typically oversee the deployment of traditional physical server farms, the same group should plan virtual rollouts, Corman said. But often, the security team is left out and server administrators may inherit the responsibility without the proper expertise. “Before there was a healthy balance of skill sets distributed well [among a variety of administrators],” he said.

This lack of balance generates unproductive finger pointing when things go awry and in some cases creates grabs for power as IT staff recognizes a shift in how work is being distributed. In either case, security can suffer, Corman said.

Meanwhile, virtual technology presents weak spots for attackers to take advantage of, he said. “Virtualization will set you back on your risk posture,” he said. In particular, virtual environments are a “management nightmare” where each virtual machine may spawn another that could appear virtually anywhere. This makes instances of servers hard to find, let alone protect, he said, and this “server sprawl” can lead to catastrophic failures.

Individual virtual machines, called guests, can fall into vulnerable configuration due to a feature of virtualization that suspends them when they are not used, Corman said. When the applications these guests host are needed, they are brought back online, but in the meantime may have missed critical security updates and are left open to exploits.

Once a guest is taken over, it can contend for the available processing power within the same hardware and cause bottlenecks for applications on the other guests within the physical machine, he said.

Corman told a story about a business that set up 2,200 virtual servers. When some of them got overloaded they replicated onto other physical machines, where they drained CPU capacity on those machines forcing more virtual servers to migrate to yet other hardware servers as well, overloading them. The whole scenario caused a cascading crash of the servers, Corman said.

This live migration of servers to new physical hosts is itself a vulnerability if limits are not set on where virtual servers can migrate to, Corman said. While the image is being transferred from one hardware server to another it is unencrypted and vulnerable to man-in-the-middle attacks that could, for instance, alter the administrative rights to the replicated machine. The new virtual server could then be controlled by an attacker, he said.