By creating multiple virtual machines that share resources - such as CPU, memory, hard drive, network devices - organisations are able to reduce costs associated with server operation management. This includes the hardware, maintenance and human resources needed to manage, operate and administer these servers on a daily basis. Further, virtualisation provides a fast, reliable disaster recovery.
However, failure to configure and harden your virtual server might have very unpleasant results, especially when implemented without security considerations. In one case, we witnessed a hacker bringing down an entire virtual infrastructure because of a memory leak flaw on one of the servers. By exploiting this flaw, the hacker was able to consume all the available memory to a point where the entire system crashed.
The phrase 'start secure, stay secure' is a simple philosophy that emphasises security has to begin from the first stage of design and integrated into every step of your virtualisation project.
So, how do we secure a virtual environment? Here is our guide:
1. Design a secure virtual environment
Each solution has its own approach, which does not always suit the organizations needs. Some of these solutions separate each operating system while others create separate “zones” within a shared kernel.
Businesses need to determine security requirements that should correlate with the organisational security policy. A security architect should define parameters such as access control to server console, design of virtual network architecture, design of virtual machines and communication protocols.
When implementing a virtual environment, some of the communication can rely on an internal, virtual network. For example, when a virtual web server communicates with a virtual database, the packets traverse through a virtual network only. A traditional firewall will not be able to filter this communication if needed.
There are a number of possible solutions. One of them is to use a firewall integrated into a virtual server application. The second option is to configure the virtual machines to route all the communication through an external firewall by connecting virtual machines to separate physical network cards. A third option is to use a “virtual” firewall which usually comes in the form of a virtual appliance.
These appliances function as “traditional” firewall devices and can perform functions such as “deep packet inspection”, session based rules and filtering.
3. Harden virtual “guest” servers
In most cases we can assume that each virtual machine is fully isolated from another virtual machine running on the same server. These servers need to be hardened and tested periodically as their “physical” counterparts. Security vulnerabilities existing on one of the virtual machines could allow an attacker to skip from that machine to another in the network.
4. Harden virtual "host” server
“Host” servers are responsible for allocating memory and CPU to “guest” servers, as well as providing access to storage and network devices. By receiving access to file systems on the host server, an attacker will gain access to files stored on virtual machines. It is also possible to shut down the host server which will result in denial of service (DoS) attacks on each of the hosted "virtual" machines. These are only a few of the possible scenarios.
The host server should be hardened and should undergo very strict access control. Only administrators and dedicated operators should have access to consol and virtual server management interfaces. The server should be updated with the latest security patches and it should be configured in a secure fashion.
5. Policies, policies, policies
Every security decision should be backed up by an existing and approved policy. These policies should include:
- • Password policy, including expiration and password length
- • Authentication policy
- • Access control policy
- • Network connectivity policy
It is important to review these policies at least annually to make sure that they are updated with new standards and best practices.
6. Security auditing
Security auditing should be performed on a periodic basis. Auditing should include:
- • Security testing of guest servers’ operating system and services
- • Security testing of host servers’ operating system
- • Security testing of host server virtualisation application
- • Relevant network equipment, such as switches, firewalls and routers
This auditing is important in order to discover security issues such as new vulnerabilities, redundant services, outdated firewall rules and routing tables.
Virtualisation technology offers many operational and financial advantages. It even provides some security benefits. Nevertheless, this concept introduces several security weaknesses, and the risk of denial of service attacks and data leakage.
With a proper and professional security approach - including proper secure design, secure configuration of the environment, secure maintenance and proper periodical security audits towards the virtualisation concept - one could achieve secure and reliable environment.
Roy Harari is the UK managing director of security consulting company Comsec Global