Recent Entries
Popular articles
Topics
Recommended links

RSS icon Subscribe

» View my profile
Technorati

del.icio.us My links on del.icio.us

Tags
analysis antivirus application security auditing botnets breaches compliance crime cryptography DNS encryption forensics humor interesting Linux Malware marketing network pdf pentest phishing php Privacy rant reference software ssl standards sysadmin tool tools trends ubuntu Virtualization virtualization security vmware vulnerabilities vulnerability+assessment web web application security webappsec web security windows Windows security xss

« Previous article — Next article »

Security of virtualization

November 17th, 2006 Posted by D Webber

Over at Info World, Tom Yager has a few thoughts on the security of virtualization. I touched on the topic back in April in Can virtualization be trusted for security?.

Among other things, he has an interesting idea that an attacker might take advantage of easier cloning and failover possible with virtual machines. I can see how the near instantaneous failover provided by features like VMWare’s "VMotion" technology could make attacks less noticable: rebooting or crashing a physical server tends to be more visible than it is with a virtual infrastructure that can shift processing to another VM in a few milliseconds. This potentially could allow an attacker to install a modified kernel or perform a few trial-and-error exploits on VMs without being noticed.

Escaping a virtual machine is not necessarily "an easy target" as he says, especially for ESX Server, but the consequences can be greater in a network with many virtual machines.

Physical compartmentalization for each security domain is a sound approach: one or more physical servers for all your VMs in a DMZ, other physical servers hosting VMs with application servers and databases on the trusted network, and a physical firewall between them. Unfortunately I still come across designs that use just one honking big box to host both inside and Internet-facing VMs (plus development VMs, QA VMs, and more). Beyond the obvious single point of failure of the physical server, the bigger danger is in the assumption (without hard evidence) that virtual machines provide the same level of isolation as actual hardware.

Update: Recently the SANS Handler’s Diary (recommended daily reading) discussed how more malware is detecting VMware, and linked to a presentation on how to avoid detection.

Related posts:

Posted in Myths & misconceptions, Virtualization |
Tags: , , ,

2 Responses to “Security of virtualization”:

  1. Adi Says:
    February 11th, 2007 at 7:49 am

    Dear Sir,
    I would like to start by saying that I really enjoyed reading your articles on VMware.

    I would like to implement your suggestion and implement ESX cluster per DMZ.

    My question is what about the Virtual Center?
    Is it safe to implement one VC for the entire design, or should I install one VC per DMZ?

  2. D Webber Says:
    February 11th, 2007 at 11:57 pm

    Adi:

    Glad you’ve found my articles helpful and you ask a good question.

    I can’t provide a definitive answer (haven’t tried getting VirtualCenter working through a firewall). Apparently as long as you’re managing only recent versions of ESX, the VC server makes only inbound connections to the VC agent on each managed ESX host, which should be pretty safe. The release notes for VC 1.4 say ESX 2.0.1 and older made outbound connections to the server on "random ports"… obviously a bad thing when your VC sits outside a DMZ.

    Regardless, look at the risk. If you have one VirtualCenter controlling all your organization’s VMs, an attacker could cause a lot of damage if they were to compromise it from the DMZ. Usually it’s better to isolate everything in a DMZ whenever possible.


Article contents copyright © Advosys Consulting Inc. Comments are copyright of the author
Icons courtesy Wikimedia Commons and are copyright of their authors.