From virtual rootkit "aka Blue Pill" attacks to attacks that make it possible to break out of a virtual machine's operating system to the underlying server OS -- there's been plenty of talk about virtual security in the past few years. Yet, the more I look into the issues surrounding virtualization and security, the less I think it's about securing the actual virtualization software itself, such as the hypervisor.One of the big scares out there is the concept of a hypervisor being compromised, and one successful exploit would make it possible to comprise the underlying host operating system, and permit unauthorized access to each and every hosted VM on the host server. In an event like this, current antivirus tools may not be able to spot malicious processes or software. And there you have it, one exploit and it's possible to "own" all five, 10, or more hosted machines. Or maybe even hundreds in a clustered environment.
That certainly wouldn't be a good day in the life of any CISO. While the scale of these (so far theoretical) threats are greater than compromising a single server, the threats against the hypervisor are not really any different than vulnerabilities that enable attackers to gain access to physical servers. Because the hypervisor is a more dedicated, and relatively thinner, slice of software than a full-blown operating system, we're going to see many fewer vulnerabilities. In a recent conversation, Andreas Antonopoulos at Nemertes Research summed it up best: "When you look at the total virtualized environment, and you have a pool of 300 servers running on 100 physical servers with 100 hypervisors, what are you going to be more worried about? The attack surface of the hypervisor? Which is about 100,000 lines of tightly written code, or the 300 copies of Microsoft Vista running above it?"
Fixating on the security of the hypervisor itself is akin to taking a long, hard drag off of a cigarette while looking up at the sky and worrying about an asteroid strike.
Sure, it could happen. But it's the lack of taking care of the basics that will probably bring you down. So, rather than obsessing over hypervisor attacks, it's best to make sure that all of the software running on top of it is snugly patched. That the intra-VM traffic is vetted just as tightly as traffic that transverses the hardware. And that all of your change-control processes are maintained.
Sure, you're going to have to keep an eye out for hypervisor vulnerabilities and exploits. But if you have good layers of defenses in place, it won't be the end of the world.