Virtualization is one of the hottest technologies in the data center today, and with good reason. The benefits are clear. Virtualization can help reduce the physical space of the data center, lower hardware, software support and facilities costs, increase speed to deploy new servers and applications and enhance disaster recovery and business continuity.
As is the case when introducing any new technology it is important to have a strong understanding of how virtualization will impact your environment and all of the applications you are running. It is important to understand how virtualization may change your level or risk. For example, if the virtual server running a web site were compromised, could the attacker continue to compromise other virtual servers on the same host undetected by network intrusion detection? There are certainly ways to leverage virtualization without increasing risk, but it’s important to recognize these potential challenges and safeguard against them.
Below are a few security concerns and best practices to keep in mind as you virtualize your IT environment.
1) Ensure your software vendors provide full support for applications running within a virtualized environment – It’s best to figure this out before you move an application to a virtualized environment, instead of when you need help troubleshooting an issue, especially if the application in question is mission-critical. Talk with your vendors about support options, before making the switch.
2) Update your written security policies and procedures to account for virtualization – You will now have multiple virtual systems running on the same physical server using the same physical data storage, memory and peripheral hardware such as network interface controllers. You need to update your security requirements and policies to allow these resources to be shared in such a manner.
3) Always secure the host virtual machine – It’s very important that the virtual server host operating system be locked down following the appropriate guidance for that operating system. For VMWare Infrastructure, for example, the guest Operating System is based on Linux, so it should be locked down in accordance with best practices and your corporate standards and requirements.
4) Institute appropriate access control – Since virtualization provides the opportunity to completely control a machine remotely, appropriate access control measures must be implemented to limit the risk of inadvertently shutting down, rebooting or deleting a machine. Filesystem permissions for virtual machine images also need to be stringent and consistently monitored and audited. Virtual server configuration settings such as network configuration settings should also be restricted.
5) Build Virtual DMZ’s – For systems deemed to be safe for virtualization, the virtual servers that run together on the same hardware platform should share similar security requirements. Think of these systems as being together on a virtual DMZ network. The virtual machines will likely exist on the same subnet and may communicate with each other to handle transactions. It is preferable to configure hosts in this manner so that they do not need to traverse an external firewall (separate physical system) to communicate with each other.
6) Make network intrusion detection and prevention changes – If multiple virtual machines are using the same network interface cards, keep in mind the extra bandwidth that will be traversing that card. Before you may have had separate servers, each with Gig interfaces, peaking at 80 MB/sec of traffic. Now you will have a Gig interface peaking at 480 MB/sec if you run 6 virtual machines. Your network intrusion protection system may need to be re-architected slightly to keep up with the new demands of this single port.
7) Understand the impact to incident response and forensics plans – When introducing virtual systems into an environment, things like incident response need to be handled a little differently. Your incident response plan must now account for other systems running on the same virtual host. Immediately separate the suspect virtual machine from the others to ensure proper containment. Your system image acquisition process will also need to take into account the differences between nonvirtual and virtual systems.
8) Host intrusion detection and prevention – Host intrusion protection should continue to be in place as it would with a stand-alone server. Be sure to test your intrusion detection and prevention software within the virtual environment. Check with your vendor to be sure it is officially supported when running in a virtual environment.
Does it always make sense to virtualize?
It is important to keep critical authentication and directory services on dedicated systems. In most cases Active Directory domain controllers, RSA authentication manager servers, and RADIUS servers should not be run in a virtualized environment. However, there are exceptions to this, especially with regards to disaster recovery initiatives.
Although some firewall vendors are beginning to provide virtualization-ready solutions, it is best to hold off on virtualizing your firewall servers for now. While the idea of hosting multiple firewalls as virtual servers on a single host is appealing, you are likely running multiple firewalls that serve very different needs—with different security policies and rules. Keep these systems on their own servers for now.