Virtualization and its Impact on Security: Q&A with a Security Architect

Virtualization has come to the forefront as one of the biggest trends in IT over the past decade. While there are many benefits of virtualizing parts of the network, virtualization introduces new challenges. For example, when inter-VM traffic bypasses inspection by traditional security devices and controls. A great thing about working in a technology company is having many technically-focused colleagues around you who can share their insights. I took advantage of this recently to sit down and discuss the impact of virtualization on network security with our own Kyle Wickert, who previously served as a Security Architect for a major bank.

[Sam]: Does virtualization introduce any unique security threats into the IT environment?

[Kyle]: Virtualization as a whole does create new challenges. However fundamental age old security practices can and should still be implemented. The foremost challenge is defining your virtual environment correctly from a security perspective during the initial design and architecture phases. During these initial phases the ongoing security posture for the system will be defined for better or for worse! It is extremely difficult to re-design a virtual infrastructure that was not designed with security in mind so that security is “baked in”.

[Sam]: Virtualization enables a physical machine to become more like a large file system. Does this help or hurt organization’s in addressing the threat of data leakage or theft?

[Kyle]: As a general practice, based on today’s technologies, I would not advise merging the network isolation control (firewall) and the virtual hosting infrastructure using a software based firewall. Merging of the asset and the control on a single software platform increases the likelihood a single vulnerability or misconfiguration could allow for the entire system to be exploited. Wherever possible software, hardware and platforms should vary throughout the stack to avoid a network layer exploit permitting a compromise of the entire system. Essentially in today’s system architectures, with dedicated network isolation control (firewalls), an exploit of the firewall software does not allow an attacker to gain access to the system it is protecting.

[Sam]: Virtualization also gives administrators potentially even more control than ever before across the network, specific systems, databases, recovery and security. What are or should organizations be doing to manage this new potential risk of providing one individual with too much control?

[Kyle]: Organizations are doing little to bolster existing system administration processes to include appropriate separation of duties and audit trails. In today’s infrastructure as more systems and functions are virtualized, the liabilities and risks of potentially malicious actions by a VM system administrators increases. Organizations must implement appropriate governance surrounding which systems and layers of the stack can be virtualized, thus creating administrative isolation between components of the system. Additionally, governance must clearly state the logical access and monitoring controls that should be in place within a systems administration portal.

[Sam]: What types of security concerns/threats occur in virtual environments?

[Kyle]: Virtual environments face the same threats as physical infrastructure when it comes to attacks against the hosted VM’s themselves. However in virtual environments additional attack vectors are present due to the addition of a hypervisor and the virtualization software as a whole. Controls should be implemented to mitigate the impact of attacks which are designed to pass through the hypervisor to the VM host or move between guest VM’s. These controls may include host-based IPS or VM specific anti-virus/malware software combined with strong authentication and authorization practices. During the design stages of implementing a VM infrastructure, specific consideration should be given to the network architecture. As a best practice the VM host should perform a minimal amount of network control or management thus allowing existing network based controls to fill their existing roles. Ensuring each VM guest is directly connected to existing layer-3 infrastructure also mitigates the potential of a VM host-based attack against the network and data passing over it.

[Sam]: With regards to virtual firewall policies, who do you feel is responsible for managing these?

[Kyle]: Standard security processes should be followed around management of virtual firewalls. The “security team” should maintain ownership of the policy while the “network team” should maintain ownership of the device itself. This creates a clearly defined separation of duties and mitigates the privileged insider threat, thus also reducing a multitude of other threats.

[Sam]: Do you believe that PCI-DSS compliance is more challenging in a virtual environment? Why and how?

[Kyle]: The fundamentals of ensuring PCI compliance  should not change in a virtual environment, assuming that an organization’s standard security controls have not been compromised by the design of the VM solution’s architecture.

Thanks to Kyle for chatting with me about this trend and how it impacts security.