The Register® — Biting the hand that feeds IT

Feeds

Fake servers even less secure than real ones

But not necessarily so

By Timothy Prickett Morgan, 19th March 2010
  • print
  • alert

SaaS data loss: The problem you didn’t know you had

The prognosticators at Gartner are at it again, and this time they are guessing that IT shops are not going to be as diligent in securing their virtual servers as they need to be for many years to come.

The company has released a new report, with the catchy title Addressing the Most Common Security Risks in Data Center Virtualization Projects, that makes predictions based on surveys of IT shops doing server virtualization projects in 2009. (You can shell out some cash for the report here.)

According to Gartner's surveys, only about 18 per cent of the workloads running on servers that could be virtualized have been virtualized as of the end of last year. By the end of 2012, three long IT years later, Gartner is projecting that about 50 percent of the applications that are suited to be run atop hypervisors will be lifted one level up above their physical boxes.

This is all well and good, but virtual machines and their software stacks are mobile, thanks to live migration, which allows VMs to be teleported from one physical server to another (provided their hypervisors are compatible). Applications running on a single virtual server will have differing levels of trust and security, too, and the virtual networks inside of hypervisors do not generally plug into intrusion detection systems and other security appliances on existing physical networks, so this virtual traffic is largely invisible in terms of security.

"Virtualization is not inherently insecure," explains Neil MacDonald, the vice president at Gartner who wrote the report. "However, most virtualized workloads are being deployed insecurely. The latter is a result of the immaturity of tools and processes and the limited training of staff, resellers, and consultants."

Oddly enough, in many cases, security seems to not even be an afterthought, much less a forethought. Gartner's surveys show that 40 per cent of server virtualization projects were done without bringing the company security experts in from the get-go as the virtualized infrastructure was planned.

While companies do have processes in place to secure hardware, operating systems, and networks, they do not always have processes to lock down access to the hypervisor and its virtual machine monitoring (VMM) tools.

Gartner recommends that companies have to get tools to check the hypervisors and tools at boot time to make sure they are not compromised and that they never rely on host-based tools running inside a virtual environment to assess the security of hypervisors and VMMs. And Gartner adds that IT shops should brace themselves for this hypervisor layer to become the plump, juicy target that it is for hackers to try to crack. Administrative access to the hypervisor has to be controlled tightly and monitored continually.

But, not everyone will do the things they need to do, just as is the case with physical servers, thanks to laziness or ignorance. And therefore Gartner is projecting that through 2012, when virtualization is firmly established in the data center, some 60 per cent of virtualized servers will be less secure than the physical servers they replace. And by 2015, Gartner projects, some 30 per cent of virtual servers will still be less secure than if their workloads had been running in bare-metal mode on physical boxes. ®

Steps to Take Before Choosing a Business Continuity Partner

COMMENTS

House Rules Send Corrections
All Reader Comments (9)
Highly Rated
Anonymous Coward

Don;t know what they're talking about

Either you do or don;t have IDS systems. If you do, you're a bigger shop, and almost certainly your VM infrastructure is on blades or large IBM-or-equiv multi socket chassis. Those have integrated Cisco switches, and ALL traffic, virtual or otherwise absolutely goes through that switch, even when talking to another VM on the same box.

VMs are scanned with the same tools, deployed to the same security standards, and run the same code bases as their physical brethren. VM on type 1 hyper visor are segregated from the host traffic (more so when you deploy the host interfaces out-of-band only), and guests are self segregated from each other if they're in different security enclaves or tiers (by being in different subnets without cross routing, thus forcing them to have traffic going through switches and in most cases even firewalls to talk to each other).

Yes, schmucks under tight budgets trying to justify VM on a single chassis, with limited redundancy, limited experience, and a lack of budget for the proper tools in the first place, yea, they'll manage to screw it up, especially type 2 hypervisor deployments which honestly should never be used in production except to virtualize a workstation on top of another one, or for a training seminar, etc. Some people will deploy them insecurely. These are the SAME people who deploy real servers insecurely, so WTF cares, it;s not a change in risk for them.

Shops that take care, mind security, follow the vendors recommendations, and have proper tools, and hardware etc will deploy virtual no less securely than anything else. The fact that it's virtual does not make it less secure. The fact that it's NEW, and that it has some deployment architectural considerations makes it less secure. Do NOT blame the infrastructure or software for being less secur, when it's CLEARLY an administrator knowledge issue. Should we now blame the OS for Social Engineering vulnerabilities too?

3
1
Anonymous Coward

Marsvellous

So what we've now got, as we look forward with bated breath to the received wisdom of the IT future of the second decade of the twenty first century is:

. a server processor running code (some of the time, but much of the time it's idle)

. an insecure and overpriced piece of software from Vendor V running native on the processor (today it's called a hypervisor)

. an insecure and overpriced piece of software from Vendor M that thinks it's running native on the processor but isn't (it used to be called an OS when people were being generous)

. an insecure and overpriced network

. an insecure and overpriced set of essential network security facilities

. an insecure and overpriced set of application software (much but not all of which is from Vendor M) that doesn't care whether it's native or not so long as it looks like an x86

. an insecure and overpriced set of desktop clients that need constant tending from an army of clueless helldesk staff

You could probably add "and unreliable" in at least half the entries above too.

And Gartner genuinely expect people to believe that this race for the gutter really makes more sense than mainframes and minicomputers, which used to be designed and implemented by people who may not have been Microsoft Certified but at least probably knew what they were doing (on a good day)?

Marvellous. Absolutely ***** marvellous. I wish I could work for an IT market analyst (or vendor) and get paid for the rubbish they produce.

3
1
Henry Wertz 1

Unplanned virtualization

Firstly, a setup like "Don;t know what they're talking about" AC describes sounds quite secure so my comments don't apply to something like that at all. On the other end, the "schmucks" as he calls them probably are not securing physical servers won't secure virtual servers, no surprise.

But in between -- I see plenty of room for problems. It's real easy to see VMs as drop-in replacements for physical machines and just not think about what is happening behind the scenes. Some of these people deploying type 2 hypervisors will probably (incorrectly) assume that the host OSes protections have anything to do with the VMs, when in fact plenty of type 2 hypervisors pass packets straight out the ethernet port, bypassing the machine's OS. If the hypervisor (type 2 or not) uses any kind of tunneling to communicate then they user may think existing hardware within the network will catch problems, when it now won't. I think also the virtualization could hurt in the case of machine seperation -- I suspect some people would carefully keep seperate LANs for different tasks for security reasons, will forget about this with VMs and turn out to just have everything on one flat network (or not forget but find out they don't have tools to fix it.)

I must admit most people I've worked with would not spend for Cisco + IBM blades. But it's also important not just to toss VMs onto some boxes and overlook security, there are ways to keep things secure even using free software.

0
0

More from The Register

SCO vs. IBM battle resumes over ownership of Unix
Zombie lawsuit back and wants to suck the brains out of Linux
119
breaking news
You don't need phone lines or cable for ANYTHING, says Dish
The satellite-dish man can sort you out with phone and broadband over the air too
17
breaking news
What's HP got under wraps? Looks awfully flash and tape shaped
What happens in Vegas won't stay there - we've got the details
20
AMD lifts the veil on Opteron, ARM chip plans for 2014
Not much action going on in 2013, though
10
Microsoft borks botnet takedown in Citadel snafu
Stupid Redmond kicked over our honeypots, wail white hats
19
REVEALED: The gizmo leaker Snowden used to smuggle out NSA files
You probably have one in your pocket
113
Seagate reveals a NASty side, tears wraps off WD Red copycat disk
Meow!
19
IBM's $1bn layoffs latest: Now axe swings in US, Canada - reports
Union claims 121 storage bods canned after dismal sales
16
NetApp musters muscular cluster bluster for ONTAP busters
Storage array OS overhauled to juggle more nodes, go down on you, er, less
8
HP adds 'Haswell' Xeon E3s to entry ProLiant servers
Gussies up MicroServer for SMBs, adds baby switches
13