Virtualization Security – A Complete Guide

By Joseph Ochieng •  Updated: 02/23/20 •  13 min read

Despite being a concept born fifty years ago, virtualization has advanced and can satisfy complex applications currently being developed. Half of all servers run on Virtual Machines (VMs), and the IDC predicts that close to 70% of entire computer workloads will run on VMs by 2024. As virtualization components increase and the virtualized environment expands, the main concern becomes how to maintain safe security levels and integrity.  Below is a brief look into some of the differences, issues, challenges, and risks caused by virtualization. This paper also provides some recommendations to ensure that the network is secure to the required degree.

Security benefits due to virtualization

The introduction of virtualization to the environment will lead to the following security benefits:

Notice that I have frequently used the terms “if set up or configured appropriately”. This is to emphasize the complexity of virtualization. Therefore, it must be appropriately secured to gain the stated benefits.

Security challenges and risks

We can now proceed to some of the challenges, risks, and other relevant issues that influence virtualization.

Sharing of files between Hosts and Guests

Hypervisor

Snapshots

Network storage

Administrator access and separation of duties

Time Synchronization

Partitions

VLANS

Virtualization common attacks

Below are some of the three common attacks known with virtualization:

In case of a successful denial of service attack here, hypervisors are likely to be completely shut down and a backdoor created by the black hats to access the system at their will.

Loopholes or weakness points present in the hypervisor can allow for tracking of files, paging, system calls, monitoring memory, and tracking disk activities.

If a security vulnerability such as a hole exists in a supervisor, a user can almost seamlessly hop over from one VM to another. Unauthorized users from a different VM can then manipulate or steal valuable information.

TRADITIONAL SECURITY APPROACHES TO VIRTUALIZATION

Most of the current security challenges encountered in virtualization can be partly addressed by applying existing technology, people, and process. The main setback is their incapability to protect the virtual fabric composed of virtual switches, hypervisors, and management systems. Below is a look into some of the traditional approaches used to provide security to virtualization and some of their shortcomings.

  1. Firewalls

Some security personnel imposes traffic between the standard system firewalls and VMS to monitor log traffics and send feedback back to VMs. Virtualization being a new technology, firewalls do not provide a well-tailored infrastructure to accommodate security-related issues. Firewalls came way earlier before virtualization was incorporated and adopted within data centers and enterprises. Therefore, the pre-installed management systems cannot handle current security threats to virtualization as they seem complex for the system. Such setbacks can lead to the deployment of manual administrations, which comes along with errors due to the human factor.

  1. Reducing the number of VMs assigned to physical NICs/per Host

this method reduces the number of VMs to be placed on a host and assigns a physical NIC to every VM. This is one of the most efficient means to secure the firm though it does not allow the organization to enjoy ROI related to virtualization and other cost benefits.

  1. Detection of Network-Based Intrusions

When there is multiple VMs residing on a host, the devices do not work well.  This is mainly because the IPS/IDS systems cannot efficiently monitor the network traffic between the VMs. Data can also not be accessed when the application is moved.

  1. VLANs

VLANs are extensively used for booth environments with a good degree of virtualization and those without any form of virtualization. As the number of VLANs expands, it gets harder to counter manage the resulting complexities related to access control lists. Consequently, it also becomes difficult to manage compatibility between the virtualized and non-virtualized aspects of the environment.

  1. Anti-virus

The use of an agent-based anti-virus approach entails mapping a complete copy of anti-virus software on each VM. It is a secure method but will require a large amount of financial input to load copies of anti-virus across the entire VMs in the environment. The software is large and therefore increases hardware utilization. As a result, it causes negative impacts on memory, CPU, storage, and a decrease in performance.

A larger percentage of firms still rely on traditional mechanisms for their network security despite the above-mentioned drawbacks. Virtualized environments are highly dynamic and rapid change with the advancements in technology and IT infrastructure. To get the best protection for such an unpredictable environment, it’s recommendable to use the good aspects of the current security approach in addition to the below-listed recommendations for a virtualized environment.

Best practices and recommendations for a secure virtualized environment

  1. Network security

  1. Disaster Recovery

  1. Separation of duties and Administrator access

  1. Desktop security

Below are some of the four effective measures that can be used to eliminate unauthorized and unsecured virtualization in an environment.

Clearly outline acceptable use policy.

Define the required approvals and the exact conditions under which a virtualization software can be installed.

Reduce the ratio of VMs to Users

Not every user will require VMs on their desktop.  Restrict installation of freely available software’s on corporate laptops and desktops.

Implement security policies that second virtualization

Ensure that our system does not have conflicting security policies with the existing virtualization platforms.

Have a library of Secure VM builds

 Set up a repository of VM builds for keeping security software, patches, and configuration settings that users can easily access for use or re-use if need be.

  1. Virtual Machine Security

  1. Management System

  1. Hypervisor Security

  1. Remote Access

  1. Backups

Conclusion

Virtualization is a dynamic and rapidly growing technology that has presented new challenges to most security firms. Therefore, existing mechanisms and the process cannot effectively provide security to the virtual environment and all its components. This is because virtualization is a hybrid of a physically centered network and a new logical or virtual environment.  To ensure a strong security posture, additional protection and considerations must efficiently be put in place. The firm needs to plan and have prior preparations on how to handle the security perspective of the new virtual infrastructure and all its components. Virtualization security should be a priority and not an afterthought.

Joseph Ochieng

Joseph Ochieng’was born and raised in Kisumu, Kenya. He studied civil engineering as first degree and later on pursued bachelors in information technology from the technical university of Kenya. His educational background has given him the broad base from which to approach topics such as cybersecurity, civil and structural engineering. When he is not reading or writing about the various loopholes in cyber defense, the he is probably doing structural design or watching la Casa de Papel . You can connect with Joseph via twitter @engodundo or email him via josephodundoh@gmail.com for email about new article releases”

Keep Reading