Vulnerabilities / Threats

04:06 PM

Tech Insight: Keeping Server Virtualization Secure

Don't let security worries stop you from virtualizing your servers -- but know the risks and ways to protect your systems and data

A Special Analysis for Dark Reading

Security is sometimes touted as a benefit of server virtualization, but it is hard to rationalize that argument when you consider the conundrum of putting all of your eggs in one basket. What if an attacker compromises one virtual machine (VM), escapes out of it, and gets into the hypervisor, thereby gaining access to all other VMs on that host?

This virtualization VM escape, as it is sometimes called, is a real concern that haunts security professionals and can prevent organizations from moving forward with virtualization. While this type of attack has been demonstrated only in workstation versions of VMware, the threat exists that one day a researcher will find a way to do so in virtual server platforms, and it will fall in the hands of a bad guy.

Still, attackers jumping from one machine to another is nothing new. The recent AVSIM site hack, during which both the physical servers hosting the site and the site's backup were victim of a malicious hacker, is one such example.

As is often the case with emerging technologies, the benefits of virtualization can serve as a double-edged sword. For example, VM portability is a helpful feature that allows a VM to be moved from one physical host to another with ease. The VM can be backed up, archived as a "golden image" for reproducing similar systems, and snapshotted for quick recovery. But a few potential problems can arise from the ease of portability.

The first possible problem is server sprawl. Being able to deploy a server quickly and easily doesn't mean you should. Proper planning is required, and inventory should be updated to reflect every new server. Deploying a VM for a quick test and forgetting to decommission it, or having it start up accidentally after a hypervisor software update, could lead to an unmaintained, vulnerable system sitting on your network just waiting to get hacked.

The second problem with portability is a data thief now has the potential to steal your entire virtualized server, something that is unlikely to happen with a physical server. Say an attacker isn't able to penetrate any of your sensitive production servers, but gets to your backup server. If he can steal a VM, he now can access it as if he were sitting in front of the physical machine. And as we all know, physical access means game over.

Some virtualization vendors have been looking at these security issues surrounding virtualization technologies and working on ways to alleviate problems posed by their products. Two of the top issues being addressed by virtualization vendors now are visibility of traffic among VMs on the same physical host, and business continuity if one or more physical hosts are down. The latter issue has been partially addressed through high-availability configurations and physical server clusters, but VMware and Citrix hope to put the final nail in the coffin with their respective solutions, VMware FT (Fault Tolerance) and Marathon everRun VM.

On the network front, each virtualization vendor has implemented some type of basic virtual switch, allowing traffic from VMs to move from one another, and in and out of the physical host. The resulting problem is that the traffic on the virtual switch is not visible to traditional physical security devices, like firewalls, proxies, and IDS/IPS. As a result, VMware last year announced the VMsafe API, which has helped spawn several recent releases from vendors to help network security professionals peer into the vast darkness of VM-to-VM traffic. New products include Lancope StealthWatch FlowSensor VE, Cisco Nexus 1000V, and Altor Networks Altor VF.

Security is certainly not a driver for virtualization, but it isn't a deal-breaker, either. Proper design and inventory, and keeping up-to-date on virtualization software patches, security issues, and new security solutions, will help you ease the discomfort level of putting so many virtual eggs in one basket.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Veterans Find New Roles in Enterprise Cybersecurity
Kelly Sheridan, Staff Editor, Dark Reading,  11/12/2018
Understanding Evil Twin AP Attacks and How to Prevent Them
Ryan Orsi, Director of Product Management for Wi-Fi at WatchGuard Technologies,  11/14/2018
7 Free (or Cheap) Ways to Increase Your Cybersecurity Knowledge
Curtis Franklin Jr., Senior Editor at Dark Reading,  11/15/2018
Register for Dark Reading Newsletters
White Papers
Current Issue
Flash Poll
Online Malware and Threats: A Profile of Today's Security Posture
Online Malware and Threats: A Profile of Today's Security Posture
This report offers insight on how security professionals plan to invest in cybersecurity, and how they are prioritizing their resources. Find out what your peers have planned today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2018-11-19
modules/orderfiles/ajax/upload.php in the Customer Files Upload addon 2018-08-01 for PrestaShop (1.5 through 1.7) allows remote attackers to execute arbitrary code by uploading a php file via modules/orderfiles/upload.php with auptype equal to product (for upload destinations under modules/productfi...
PUBLISHED: 2018-11-18
** DISPUTED ** GNOME Seahorse through 3.30 allows physically proximate attackers to read plaintext passwords by using the quickAllow dialog at an unattended workstation, if the keyring is unlocked. NOTE: this is disputed by a software maintainer because the behavior represents a design decision.
PUBLISHED: 2018-11-18
GNOME Keyring through 3.28.2 allows local users to retrieve login credentials via a Secret Service API call and the D-Bus interface if the keyring is unlocked, a similar issue to CVE-2008-7320. One perspective is that this occurs because available D-Bus protection mechanisms (involving the busconfig...
PUBLISHED: 2018-11-18
Jupyter Notebook before 5.7.1 allows XSS via an untrusted notebook because nbconvert responses are considered to have the same origin as the notebook server. In other words, nbconvert endpoints can execute JavaScript with access to the server API. In notebook/nbconvert/, NbconvertFileHand...
PUBLISHED: 2018-11-18
Jupyter Notebook before 5.7.2 allows XSS via a crafted directory name because notebook/static/tree/js/notebooklist.js handles certain URLs unsafely.