Virtualization has eased many aspects of IT management but has also
complicated the task of cyber security.The nature of virtualization
introduces a new threat matrix, and administrators need to address the
resulting vulnerabilities in their enterprise environments.
Critical Virtualization Vulnerabilities
Some attacks against virtual machine, or VM, environments are
variations of common threats such as denial of service. Others are still
largely theoretical but likely approaching as buzz and means increase.
Keep an eye on these critical weaknesses:
VM sprawl:VMs
are easy to deploy, and many organizations view them as hardware-like
tools that don’t merit formal policies.This has led to VM sprawl, which
is the unplanned proliferation of VMs.Attackers can take advantage of
poorly monitored resources.More deployments also mean more failure
points, so sprawl can cause problems even if no malice is involved.
Hyperjacking:Hyperjacking
takes control of the hypervisor to gain access to the VMs and their
data. It is typically launched against type 2 hypervisors that run over a
host OS although type 1 attacks are theoretically possible. In reality,
hyperjackings are rare due to the difficulty of directly accessing
hypervisors.However, hyperjacking is considered a real-world threat, and
administrators should take the offensive and plan for it.
VM escape:A
guest OS escapes from its VM encapsulation to interact directly with the
hypervisor.This gives the attacker access to all VMs and, if guest
privileges are high enough, the host machine as well. Although few if
any instances are known, experts consider VM escape to be the most
serious threat to VM security.
Denial of service:These
attacks exploit many hypervisor platforms and range from flooding a
network with traffic to sophisticated leveraging of a host’s own
resources.The availability of botnets continues to make it easier for
attackers to carry out campaigns against specific servers and
applications with the goal of derailing the target’s online services.
Incorrect VM isolation:To
remain secure and correctly share resources,VMs must be isolated from
each other.Poor control over VM deployments can lead to isolation
breaches in which VMs communicate.Attackers can exploit this virtual
drawbridge to gain access to multiple guests and possibly the host.
Unsecured VM migration:This
occurs when a VM is migrated to a new host, and security policies and
configuration are not updated to reflect the change.Potentially, the
host and other guests could become more vulnerable.Attackers have an
advantage in that administrators are likely unaware of having introduced
weaknesses and will not be on alert.
Host and guest vulnerabilities:Host
and guest interactions can magnify system vulnerabilities at several
points.Their operating systems, particularly Windows, are likely to have
multiple weaknesses.Like other systems, they are subject to
vulnerabilities in email, Web browsing, and network protocols.However,
virtual linkages and the co-hosting of different data sets make a
serious attack on a virtual environment particularly damaging.
How to Mitigate Risk
Fortunately, security engineers can take several steps to minimize
risk.The first task is to accurately characterize all deployed
virtualization and any active security measures beyond built-in
hypervisor controls on VMs.Security controls should be compared against
industry standards to determine gaps.Coverage should include anti-virus,
intrusion detection, and active vulnerability scanning.Additionally,
consider these action steps:
VM traffic monitoring:The
ability to monitor VM backbone network traffic is critical.Conventional
methods will not detect VM traffic because it is controlled by internal
soft switches.However, hypervisors have effective monitoring tools that
should be enabled and tested.
Administrative control:Secure
access can become compromised due to VM sprawl and other issues.Ensure
that authentication procedures, identity management, and logging are
ironclad.
Customer security:Outside of the VM, make sure protection is in place for customer-facing interfaces such as websites.
VM segregation:In
addition to normal isolation, strengthen VM security through functional
segregation.For example, consider creating separate security zones for
desktops and servers.The goal is to minimize intersection points to the
extent feasible.
Conclusion
Virtualization threats can seem abstract but are no more so than
other attacks. Motives and methods are fundamentally the same, and
administrators must counter with similar proven techniques.
Posts
