Virtualisation: At risk from attack

Virtualisation, with its rapid pace of adoption, is becoming a frontier for attackers, but not all businesses are aware of, or act on the risks adequately, according to market observers.

Graham Titterington, principal analyst at Ovum, told silicon.com sister site ZDNet Asia in an email interview that with the increasing prominence of virtualisation, threats to virtual machines (VMs) are becoming more significant.

"There is little evidence of attacks on the foundation layers of virtualised environments yet but we need to be vigilant as attacks will surely come," he noted. "Virtualisation [can offer] the attacker the bonus of taking down many VMs with one attack, if successful. There is also the risk of attacks on the information held in all the VMs sharing the same physical platform if hypervisor security is broken.

Security from A to Z

Click on the links below to find out more...

A is for Antivirus
B is for Botnets
C is for CMA
D is for DDoS
E is for Extradition
F is for Federated identity
G is for Google
H is for Hackers
I is for IM
J is for Jaschan (Sven)
K is for Kids
L is for Love Bug
M is for Microsoft
N is for Neologisms
O is for Orange
P is for Passwords
Q is for Questions
R is for Rootkits
S is for Spyware
T is for Two-factor authentication
U is for USB sticks/devices
V is for Virus variants
W is for Wi-fi
X is for OS X
Y is for You
Z is for Zero-day

Ronnie Ng, Symantec's manager for systems engineering in Singapore and Indonesia, agreed with Titterington's assessment. "While actual hypervisor breaches are still rare, there is still the potential threat of the hypervisor layer being compromised, putting at risk all the virtual servers running business applications," he said in an email.

The key problem with the growth in the adoption of server virtualisation, he explained, is the lack of control - or VM sprawl - in the data centre. The ease of deployment of virtual servers makes it difficult to audit and enforce security policies, noted Ng.

Benjamin Low, managing director of Asia South at Secure Computing, added in an email that the mobility of virtual environments and the fact that VMs can "hide" when they are not active make it difficult for traditional network security tools to monitor and control traffic within virtual networks. Acknowledging that it would be a matter of time before hackers act on "unprotected vulnerabilities that the technology presents", he warned: "Virtualisation may become the next frontier for black hats."

According to Andrew Milroy, research director of ICT practice at Frost & Sullivan, the approach toward virtualisation security is not so much the tools that need to be changed but the mindsets of businesses.

He said in a phone interview: "It's not that you need brand new security products…it's just the way the way the security products are deployed and managed. From our perspective, it's really a cultural change and understanding of how to deploy the security products more effectively in a different architecture."

The analyst added that greater awareness and education needs to be in place, as there is "always a lag for organisations getting onto the security implications of new implementations".

To improve security of virtualised environments, Frost & Sullivan's Milroy said companies need to ensure passwords of VMs are varied enough, and that their IP addresses are not sequential. Servers and operating systems on the host should also be kept "to an absolute minimum", he added.

"If you keep the same security policies and software in a virtualised environment, your risks will go up," said Milroy. "It's not to say you'll be a sitting duck - it's just [more risky] because there's so much in one machine, [so] should that one machine be broken into or infected by something then the consequences are more severe than if you have many more [physical] servers."

Original article: Virtualization--the next frontier for hackers? from ZDNet Asia