Fake servers even less secure than real ones
But not necessarily so
The prognosticators at Gartner are at it again, and this time they are guessing that IT shops are not going to be as diligent in securing their virtual servers as they need to be for many years to come.
The company has released a new report, with the catchy title Addressing the Most Common Security Risks in Data Center Virtualization Projects, that makes predictions based on surveys of IT shops doing server virtualization projects in 2009. (You can shell out some cash for the report here.)
According to Gartner's surveys, only about 18 per cent of the workloads running on servers that could be virtualized have been virtualized as of the end of last year. By the end of 2012, three long IT years later, Gartner is projecting that about 50 percent of the applications that are suited to be run atop hypervisors will be lifted one level up above their physical boxes.
This is all well and good, but virtual machines and their software stacks are mobile, thanks to live migration, which allows VMs to be teleported from one physical server to another (provided their hypervisors are compatible). Applications running on a single virtual server will have differing levels of trust and security, too, and the virtual networks inside of hypervisors do not generally plug into intrusion detection systems and other security appliances on existing physical networks, so this virtual traffic is largely invisible in terms of security.
"Virtualization is not inherently insecure," explains Neil MacDonald, the vice president at Gartner who wrote the report. "However, most virtualized workloads are being deployed insecurely. The latter is a result of the immaturity of tools and processes and the limited training of staff, resellers, and consultants."
Oddly enough, in many cases, security seems to not even be an afterthought, much less a forethought. Gartner's surveys show that 40 per cent of server virtualization projects were done without bringing the company security experts in from the get-go as the virtualized infrastructure was planned.
While companies do have processes in place to secure hardware, operating systems, and networks, they do not always have processes to lock down access to the hypervisor and its virtual machine monitoring (VMM) tools.
Gartner recommends that companies have to get tools to check the hypervisors and tools at boot time to make sure they are not compromised and that they never rely on host-based tools running inside a virtual environment to assess the security of hypervisors and VMMs. And Gartner adds that IT shops should brace themselves for this hypervisor layer to become the plump, juicy target that it is for hackers to try to crack. Administrative access to the hypervisor has to be controlled tightly and monitored continually.
But, not everyone will do the things they need to do, just as is the case with physical servers, thanks to laziness or ignorance. And therefore Gartner is projecting that through 2012, when virtualization is firmly established in the data center, some 60 per cent of virtualized servers will be less secure than the physical servers they replace. And by 2015, Gartner projects, some 30 per cent of virtual servers will still be less secure than if their workloads had been running in bare-metal mode on physical boxes. ®
Don;t know what they're talking about
Either you do or don;t have IDS systems. If you do, you're a bigger shop, and almost certainly your VM infrastructure is on blades or large IBM-or-equiv multi socket chassis. Those have integrated Cisco switches, and ALL traffic, virtual or otherwise absolutely goes through that switch, even when talking to another VM on the same box.
VMs are scanned with the same tools, deployed to the same security standards, and run the same code bases as their physical brethren. VM on type 1 hyper visor are segregated from the host traffic (more so when you deploy the host interfaces out-of-band only), and guests are self segregated from each other if they're in different security enclaves or tiers (by being in different subnets without cross routing, thus forcing them to have traffic going through switches and in most cases even firewalls to talk to each other).
Yes, schmucks under tight budgets trying to justify VM on a single chassis, with limited redundancy, limited experience, and a lack of budget for the proper tools in the first place, yea, they'll manage to screw it up, especially type 2 hypervisor deployments which honestly should never be used in production except to virtualize a workstation on top of another one, or for a training seminar, etc. Some people will deploy them insecurely. These are the SAME people who deploy real servers insecurely, so WTF cares, it;s not a change in risk for them.
Shops that take care, mind security, follow the vendors recommendations, and have proper tools, and hardware etc will deploy virtual no less securely than anything else. The fact that it's virtual does not make it less secure. The fact that it's NEW, and that it has some deployment architectural considerations makes it less secure. Do NOT blame the infrastructure or software for being less secur, when it's CLEARLY an administrator knowledge issue. Should we now blame the OS for Social Engineering vulnerabilities too?
So what we've now got, as we look forward with bated breath to the received wisdom of the IT future of the second decade of the twenty first century is:
. a server processor running code (some of the time, but much of the time it's idle)
. an insecure and overpriced piece of software from Vendor V running native on the processor (today it's called a hypervisor)
. an insecure and overpriced piece of software from Vendor M that thinks it's running native on the processor but isn't (it used to be called an OS when people were being generous)
. an insecure and overpriced network
. an insecure and overpriced set of essential network security facilities
. an insecure and overpriced set of application software (much but not all of which is from Vendor M) that doesn't care whether it's native or not so long as it looks like an x86
. an insecure and overpriced set of desktop clients that need constant tending from an army of clueless helldesk staff
You could probably add "and unreliable" in at least half the entries above too.
And Gartner genuinely expect people to believe that this race for the gutter really makes more sense than mainframes and minicomputers, which used to be designed and implemented by people who may not have been Microsoft Certified but at least probably knew what they were doing (on a good day)?
Marvellous. Absolutely ***** marvellous. I wish I could work for an IT market analyst (or vendor) and get paid for the rubbish they produce.
Firstly, a setup like "Don;t know what they're talking about" AC describes sounds quite secure so my comments don't apply to something like that at all. On the other end, the "schmucks" as he calls them probably are not securing physical servers won't secure virtual servers, no surprise.
But in between -- I see plenty of room for problems. It's real easy to see VMs as drop-in replacements for physical machines and just not think about what is happening behind the scenes. Some of these people deploying type 2 hypervisors will probably (incorrectly) assume that the host OSes protections have anything to do with the VMs, when in fact plenty of type 2 hypervisors pass packets straight out the ethernet port, bypassing the machine's OS. If the hypervisor (type 2 or not) uses any kind of tunneling to communicate then they user may think existing hardware within the network will catch problems, when it now won't. I think also the virtualization could hurt in the case of machine seperation -- I suspect some people would carefully keep seperate LANs for different tasks for security reasons, will forget about this with VMs and turn out to just have everything on one flat network (or not forget but find out they don't have tools to fix it.)
I must admit most people I've worked with would not spend for Cisco + IBM blades. But it's also important not just to toss VMs onto some boxes and overlook security, there are ways to keep things secure even using free software.