Virtualization's Hidden Risks

Security is a lousy reason to virtualize your servers

3:25 PM -- With VMware's IPO and Citrix's acquisition of XenSource this week, there is no denying that virtualization is one of the hottest tech trends. But how does security fit into the world of virtualization?

I've seen deployments where security was one of the driving factors behind virtualization, and they make me cringe. Given that there have been several proof-of-concept exploits targeting VMware released in the past month -- and given that IntelGuardians demonstrated an escape from a guest OS to the host at SANSFIRE 2007 -- the idea of virtualizing servers for security reasons seems way off base. Segmentation of security levels between different guests and hosts should be at the forefront of any virtualization design.

It's not that I'm against virtualization. In fact, I think virtualization technologies are fantastic, and I'm an avid user of VMware's products for research and testing. But it isn't a security solution -- in fact, it's just the opposite.

When designing a deployment of something like VMware ESX (VMware's flagship enterprise virtual server), you should take the same network segmentation precautions as you do when hosting multiple servers on one physical machine. Keep machines' sensitive information grouped together, and don't mix virtual machines with varying security levels on the same physical host.

This separation and segmentation is increasingly important, because one of the demonstrations Ed Skoudis and Tom Liston showed at SANSFIRE was an application running within a guest OS that ran, crashed the guest, and resulted in abitrary code being executed on the host OS.

Now imagine if this had happened on one of your virtual servers. If an attacker could arbitrarily execute code on your host by crashing one guest, what sort of access might he have to other guests running on that same box? With VMware server, the attacker might upload a small bootable Linux LiveCD ISO, restart a guest, boot it with the ISO, and gain access to the data on that guest.

Virtual servers are no more secure than physical servers. They have the same inherent risks carried by any server that must service users or applications. In fact, if emerging research is any indication, they (and their hosts) could be more vulnerable than ever. Keep an eye out for the upcoming CIS Benchmark, which offers best practices for deploying virtualization technology. (See Virtualization's New Benchmark.)

— John H. Sawyer is a security geek on the IT Security Team at the University of Florida. He enjoys taking long war walks on the beach and riding pwnies. When he's not fighting flaming, malware-infested machines or performing autopsies on blitzed boxes, he can usually be found hanging with his family, bouncing a baby on one knee and balancing a laptop on the other. Special to Dark Reading

Recommended Reading:
Editors' Choice
Kirsten Powell, Senior Manager for Security & Risk Management at Adobe
Joshua Goldfarb, Director of Product Management at F5