Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

8/17/2007
07:25 AM
50%
50%

Virtualization's Hidden Risks

Security is a lousy reason to virtualize your servers

3:25 PM -- With VMware's IPO and Citrix's acquisition of XenSource this week, there is no denying that virtualization is one of the hottest tech trends. But how does security fit into the world of virtualization?

I've seen deployments where security was one of the driving factors behind virtualization, and they make me cringe. Given that there have been several proof-of-concept exploits targeting VMware released in the past month -- and given that IntelGuardians demonstrated an escape from a guest OS to the host at SANSFIRE 2007 -- the idea of virtualizing servers for security reasons seems way off base. Segmentation of security levels between different guests and hosts should be at the forefront of any virtualization design.

It's not that I'm against virtualization. In fact, I think virtualization technologies are fantastic, and I'm an avid user of VMware's products for research and testing. But it isn't a security solution -- in fact, it's just the opposite.

When designing a deployment of something like VMware ESX (VMware's flagship enterprise virtual server), you should take the same network segmentation precautions as you do when hosting multiple servers on one physical machine. Keep machines' sensitive information grouped together, and don't mix virtual machines with varying security levels on the same physical host.

This separation and segmentation is increasingly important, because one of the demonstrations Ed Skoudis and Tom Liston showed at SANSFIRE was an application running within a guest OS that ran, crashed the guest, and resulted in abitrary code being executed on the host OS.

Now imagine if this had happened on one of your virtual servers. If an attacker could arbitrarily execute code on your host by crashing one guest, what sort of access might he have to other guests running on that same box? With VMware server, the attacker might upload a small bootable Linux LiveCD ISO, restart a guest, boot it with the ISO, and gain access to the data on that guest.

Virtual servers are no more secure than physical servers. They have the same inherent risks carried by any server that must service users or applications. In fact, if emerging research is any indication, they (and their hosts) could be more vulnerable than ever. Keep an eye out for the upcoming CIS Benchmark, which offers best practices for deploying virtualization technology. (See Virtualization's New Benchmark.)

— John H. Sawyer is a security geek on the IT Security Team at the University of Florida. He enjoys taking long war walks on the beach and riding pwnies. When he's not fighting flaming, malware-infested machines or performing autopsies on blitzed boxes, he can usually be found hanging with his family, bouncing a baby on one knee and balancing a laptop on the other. Special to Dark Reading

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Commentary
What the FedEx Logo Taught Me About Cybersecurity
Matt Shea, Head of Federal @ MixMode,  6/4/2021
Edge-DRsplash-10-edge-articles
A View From Inside a Deception
Sara Peters, Senior Editor at Dark Reading,  6/2/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-34682
PUBLISHED: 2021-06-12
Receita Federal IRPF 2021 1.7 allows a man-in-the-middle attack against the update feature.
CVE-2021-31811
PUBLISHED: 2021-06-12
In Apache PDFBox, a carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.
CVE-2021-31812
PUBLISHED: 2021-06-12
In Apache PDFBox, a carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.
CVE-2021-32552
PUBLISHED: 2021-06-12
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-16 package apport hooks, it could expose private data to other local users.
CVE-2021-32553
PUBLISHED: 2021-06-12
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-17 package apport hooks, it could expose private data to other local users.