Today, virtualization is one of the most prominent topics in IT due to the belief that this technology can bring about a major transformation with reduced costs and increased efficiency. While we reap the benefits of virtualization, we should be aware of, and plan to meet the security challenges that this new technology brings. At the same time, virtualization of security products and technologies is an emerging area driven by the Virtualization philosophy resulting in major benefits. This article will focus on addressing both aspects of Virtualization and its impact in the security arena.

Virtualization is becoming a hot technology because of its ability to reduce costs by optimizing the existing infrastructure. The flexibility provided by a virtualized environment makes it easy to implement and deploy; but at the same time, it exposes the application to new security threats across the stack.
Security issues in a virtualized environment are more complex, across multiple layers, and are not the same as security issues seen in regular operating systems or applications. On the other hand, virtualization technology in existing security products and tools can help identify and resolve threats more easily in virtualized server and application farms.

SECURITY CHALLENGES IN VIRTUALIZATION
To best understand the security issues in a virtualized environment, we will take a layered approach to security.

At the very bottom layer, we need to address Host-based security. If the security of the physical host gets compromised, it affects all the VMs (Virtual Machines) running on the host and hence becomes a single point of failure for all the VMs. Next, we need to consider the VM security issues. The approach for securing virtual machines is not the same as securing the host or any operating system. A compromised VM will break the physical host, which could result in access into all other VMs. Hosting multiple guests on a single physical host introduces the possibility of guest-to-guest attacks after a VM is compromised. The Virtual Machine monitor can become a point of attack from within VMs if security parameters are not tightened. A security hole or bug in the Virtual Machine monitor can cause unexpected termination or an abort of the VM which is going to affect every instance running on the system. Issues like a software tight loop or memory leak in monitors will end up in resources being exhausted and may require a reboot of the host which causes downtime to all the VMs.

The next layer requires securing communication between the VMs. Maintaining firewall rules in between the VMs becomes difficult, especially for static rules. If a rule is constructed over IP addresses that are virtual and running over two VMs hosted on the same hardware, it becomes quite difficult to have it effectively applied. The concept of DMZ and security perimeter is hard to implement when you have different servers (Web+App+Database) in a virtualized environment on the same blade. Today’s virtualization engines do not have the ability to logically intercept and block the communication within every VM instance running on the same host in a very secure manner.

Maintaining separation of privileges and duties in between VMs is much more difficult. Allowing admin access for any VM would give the ability to get into the physical host environment. Lack of appropriate access control may result in shutting down or rebooting the host machine or VM. File system and Network level configuration access should be restricted within VMs. Protection against DoS (Denial of Service) attacks should be handled to ensure that one VM does not end up using all the physical resources. Memory and CPU usage should be authorized and managed for every VM. For application specific deployment, usage of application-based filtering and firewalling should be mandatory. Emulated hardware on VMs is also prone to attack and it is easy to escalate privileges and compromise a system based on the hardware security flaws.

Running default host services can also attract attackers because most of the common services have security flaws and unnecessary services can cause a system compromise. Most of the default host configurations run with relaxed security parameters and very few deployments use operating system security levels effectively.

On top of all the new issues, application specific vulnerabilities can still affect the whole environment. A buffer overrun in one application codebase can cause privileged access to another VM memory area if not controlled properly. Safeguarding passwords and encryption keys might also be a challenge if VMs are sharing memory. This will become a big issue if there is lack of access control policies within VMs. Replay attacks are easier to perform in virtual environments with given support for undo/redo operations and snapshots. One-time passwords (OTP) that leverage time synchronization may not be as secure as they are considered today. An attacker could identify the authentication operation, note the OTP used, revert to a snapshot prior to the submission, and replay the entire event successfully.

Another important aspect is to update the security policies and procedures to account for virtualization. As VMs use the same physical data storage, memory and peripheral hardware (such as network interface controllers), the security requirements and policies need to be rewritten to allow these resources to be shared in an expected way. The existing core security tools like firewalls, intrusion detection systems (IDS) and intrusion prevention systems (IPS) are not designed to support virtualized environments. These tools would not work for protecting the communication in between VMs. In terms of scalability, it becomes an issue when a single physical interface serves traffic for multiple VMs. This would result in multifold traffic increase and the existing security infrastructure may not be ready to handle the load.

Software upgrades and patch application become more challenging in a virtualized environment and need to be done across VMs. Bringing up a new VM on an existing host will always have the challenges of maintaining the same security level. Configuration management is a much harder challenge when there are five VM instances running on a host emulating five different operating systems. The basic issues start with deploying different anti-virus solutions for the operating systems hosted in the VM instances. The configuration management guidelines need to be rewritten to be effective in a virtualized environment. Beyond the soft points, physical security is another challenge with VMs because stealing a VM does not require moving the physical system; the complete image can be copied into a USB drive without causing any damage to the original VM and hardware, resulting in a security breach.

In summary:

• All attacks which are possible against an OS or an application running on a physical system, are also valid in a virtualized system.
• A VM will have more attack vectors as compared to a physical system running identical OS and applications. This is due to the additional attack surface through the hypervisor and VMMs.
• One needs to build a completely new security protection perimeter for the hypervisor, Virtual Machine Monitoring tools and shared resources in between VMs.
• Encryption of VM image and content will help along with encrypting the communication in between VMs or between hypervisor and physical resources.
• Having proper authentication for user and admin layers at VM/VMM always help in reducing the risk.
• VMs can prove to be more secure when compared to the similar physical host as a result of the ability of running different apps in different VMs.
• VMs can always reduce application attack vectors by ensuring that two critical processes are running in separate memory segment and controlled by different VM.
• If a VM is compromised, it has the potential for much quicker recovery time than a traditional system due to the configurable checkpoints.

HOW VIRTUALIZATION BENEFITS SECURITY PRODUCTS AND TECHNOLOGIES
Another aspect of the discussion is to be able to leverage virtualization in security technologies. Security is an important area where virtualization technology can be leveraged by isolating traffic for different VMs and providing fast disaster recovery solutions. It also helps security researchers in saving costs by conducting their work in a virtualized environment.

There are two ways to implement virtualization in security products. The first is the ability to take a single physical Firewall/IDS/IPS/VPN and partition it into multiple virtual Firewalls/IDS/IPS/VPN to serve different VMs with different nature of traffic. One host having multiple VMs would not be served by a single firewall because the need of the application could be different. Thus, having virtualized firewalls serving individual VMs can have application-specific policies and controls. This would help to isolate malware traffic and identify the real request/responses for different VMs. Virtualization helps in running different applications on the same blade and hence the need for powerful application firewalls that can cater to ‘N’ number of application instances.

Another aspect of security virtualization is the need to have different security products and technologies working together on a single host. This is going to help significantly in reducing the cost of hosting different protection mechanisms. Having different products working as individual instances in a single host, also helps in reducing unnecessary packet flow in the network. Virtualization of security solutions is more effective in utilizing existing resources better, cutting down on capital, and increasing operational efficiency. For example, Honeypots are often impractical because the total cost of ownership can be more than the net ROI. Virtual environments provide ways to implement and tear down systems quickly, thereby reducing costs to a point where Honeypots can become beneficial. It also becomes quite efficient to bring up a Honeynet by deploying multiple Honeypots in the VM instances.

Currently, security virtualization is mainly focused on firewall solutions, but areas like intrusion detection, intrusion prevention and SSL-VPNs can be virtualized to route and scan specific traffic. Virtualization of SSL-VPNs ensures that depending on the profile, a mobile user can be directed to the intranet of a specific division instead of putting up multiple devices to route the user. Similarly, depending on the traffic, firewalls can be scaled up or down and filtering can happen for different profiles in a single box. Today technologically advanced products like application delivery controllers (ADCs) support a package of security technologies like SSL-VPN, Application Firewall, Content Filtering, DoS/DDoS protection and Content Rewrite. All these technologies are applied from the same control point and are hence more cost-effective and easy to manage.

Another major benefit of VMs is the ability to write log events and alerts to external locations without significant performance implications. The external locations can still exist on the same physical machine and the transfer of data occurs in memory. An attacker that compromises a VM cannot modify the logs if they are being written externally in real time.

CONCLUSION
The security of a Virtualized environment needs to be looked at as a new area, and a formal plan needs to be created to address new set of issues. Without securing a Virtualized environment, one risks a lot of information that can affect the whole infrastructure. There is a need for a structured methodology to ensure that security across all layers is effectively addressed by implementing a layered security approach for running Virtual Machines.
The future of security products lies in their ability to use virtualization infrastructure. In this highly competitive security landscape, the key differentiator will be vendors who leverage virtualized security solutions.