The impact of virtualisation on securing systems

Real solutions to a tricky problem

  • alert
  • submit to reddit

Beginner's guide to SSL certificates

Workshop Virtualisation has become an established trend in the x86 server market and is moving into the desktop and notebook space too. It's a great tool for providing flexibility, recoverability and consolidation.

But virtualisation also brings challenges, and security is certainly one of them. Personal or financial data that should be deleted may be retained in libraries of offline virtual machine images. Loading up an old image that has been stored for some time may expose the network to threats from unpatched security holes or out-of-date applications. But while virtualisation brings its own issues, it can also provide the opportunity for fresh thinking to provide a new security paradigm.

There are two sides to the virtualisation coin. On the one hand, virtualisation as a technology brings so many changes to established ways of implementing IT that ensuring security in the face of this massive upheaval is a challenge. On the flip side, virtualisation can also allow new ways to approach security by enabling quick recovery from issues such as system compromise and malware infection, as well as providing secure virtual desktops or applications to use on remote, possibly untrusted workstations.

Virtualisation liberates the operating system and installed applications from the underlying hardware. While great for flexibility of deployment, it also raises serious issues for securing systems. Previously, the operating system and applications would have resided on a physical disk or in a set location, and have been tied to the hardware of the host, usually a server but also possibly a workstation or PC. Taking the operating system and attempting to load it on a new machine would often cause issues, necessitating lengthy re-installation or recovery in order to access applications or services.

Virtualisation, particularly in the latest iterations, makes it a snap to bypass the issues that previously kept systems and data static and therefore relatively secure by process of physical containment. But with virtualisation each system and related applications is stored as a nice, convenient self-contained image file. It is a cinch to take a copy of an image and load it up in a virtual machine host. This may be internally within the data centre, but equally it is possible to do so in a test environment and outside of the company.

Although virtualisation allows point and click deployments, this freedom should not be allowed to encourage a free for all to deploy new systems at will. Staff behaviour and policies and procedures should be geared around proper change management to keep on top of the proliferation of virtual servers.

Protecting virtual machine images is therefore an important security priority. Access to them should be restricted to authorised personnel only and an audit procedure for access and use implemented. It is also necessary to take steps to ensure that virtual images are protected should they be lost or copied. Encrypting the virtual machine images is one step, as is restricting the pool of virtual machine hosts that are able to boot the image.

Data protection responsibilities must also be considered. The ease with which virtual machine images can be copied provides an ideal way to set up realistic test environments and staging areas. However, use of personal data in a test environment must be appropriate, as data protection legislation does not allow live personal data to be used within test systems. Live data may only be used for ensuring the ability to recover live systems, such as verifying that a restore procedure works. Companies that set up test or staging systems using copies of real systems and real data must have a system in place for anonymising or randomising data so that it is not possible to use it for personal identification.

As the library of virtual machines expands, various issues of management and process arise. For systems where data is kept together with applications within the virtual image, it is necessary to track the storage of the data, and ensure that issues such as periods of data retention or purging are adhered to for governance and compliance. Knowing exactly what data is stored within each offline image will also be important in cases of legal discovery.

As time passes, the images in the library become progressively more out of date and less secure. Companies need to be able to track and manage virtual machine image libraries in much the same way as the live server estate. They must try and do this in a way that is as automated as possible and does not put a strain on the infrastructure in the process. Having to load virtual machine images in order to perform security will have major impacts on time, licensing and hardware.

The ability to upgrade applications, install patches or manipulate data automatically while keeping the virtual machines offline will be the goal. This will help to ensure that should images from the library need to be loaded and run, that they are secure immediately they are needed.

A key challenge for the virtualisation generation will be how to architect security for a fully virtual stack. Over time, applications will increasingly be distributed and installed as virtual machine images with an optimised operating system. These applications will communicate via virtual network interfaces rather than shared memory or intra-OS APIs. It makes less and less sense to install full-blown security applications for every virtual machine. The workload would be quite redundant in many cases, and would eat power, impact on performance and increase cost.

An effective virtual security solution would run in all tiers of the virtualisation stack. At the lowest level, a security application would run in conjunction with the hypervisor and be able to access virtual hardware such as virtual switches and disks. Then there may be virtual machines dedicated to running security applications that provide a pooled security resource for many virtual machines. And finally lightweight optimised agents may run where necessary to secure particular applications within the virtual machines.

One of the big security advantages of client-side virtualisation is the ability to effectively roll back systems that may be compromised by malware. Many vendors have in the past invested in tools to provide for system and data recovery in the event of catastrophe. Although designed in the main to protect users from the effects of accidental actions such as file deletion, they can equally help to restore systems compromised by malware. Such systems were most often proprietary and required specific hardware, training and management, raising the cost of implementation and ownership.

Virtualisation support and standard images reduced many of the barriers to deployment of system rollback. When coupled with new management features that allow remote control it also reduces the cost and increases the effectiveness of remote user support and recovery. Such systems enable a roll-back to a known good, uninfected state. Virtual image restoration may also help recover from issues where security applications get a bit over-zealous and remove critical systems files accidentally. But it's vital to recognise that it's also possible to revert back to a prior state that may be infected, so security needs to remain a priority to ensure the integrity of the stored images.

As ever we would be very happy to hear how you tackle these issues. Have you had your customer database appear in a test lab? Is security bogging down your virtual performance? Please let us know in the space below. ®

Protecting users from Firesheep and other Sidejacking attacks with SSL

More from The Register

next story
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
Early result from Scots indyref vote? NAW, Jimmy - it's a SCAM
Anyone claiming to know before tomorrow is telling porkies
Jihadi terrorists DIDN'T encrypt their comms 'cos of Snowden leaks
Intel bods' analysis concludes 'no significant change' after whistle was blown
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
China hacked US Army transport orgs TWENTY TIMES in ONE YEAR
FBI et al knew of nine hacks - but didn't tell TRANSCOM
Microsoft to patch ASP.NET mess even if you don't
We know what's good for you, because we made the mess says Redmond
NORKS ban Wi-Fi and satellite internet at embassies
Crackdown on tardy diplomatic sysadmins providing accidental unfiltered internet access
prev story


Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Protecting users from Firesheep and other Sidejacking attacks with SSL
Discussing the vulnerabilities inherent in Wi-Fi networks, and how using TLS/SSL for your entire site will assure security.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.