Why it cannot be an afterthought and how to protect virtual server resources
Virtualization stands out as one of the most discussed and debated technologies in recent years. Businesses have been built around virtualization technology and organizations are using it to benefit business operations in multiple ways.
The adoption of virtualization technology has accelerated because of its ability to improve IT and business flexibility, lower power consumption in the data center and provide effective backup solutions. Many companies are using virtualization to consolidate applications and data onto fewer, more powerful servers.
It is clear that virtualization brings many benefits to an organization, but it also increases the risk profile of the host servers and raises a new set of security and access concerns. For example, there are an increasing number of compliance regulations and privacy directives companies must follow. As companies employ virtual servers in greater volume to run production applications and store sensitive data, they are exposing themselves to a higher level of risk on the host server and some important new risks on each of the virtual or “guest” machines.
The challenge is obvious. As more resources and applications are placed and run on virtual servers, businesses need to protect that data in the same way they would protect data on their physical servers. They also must ensure that the management layer or any one of the guest machines does not cause harm to host server performance or availability. Securing virtual servers cannot be a mere afterthought.
Virtualization Data Risks and Security Solutions
There are several areas of concern that are not addressed in many virtualization deployments because they are not currently covered by virtualization software or native operating systems:
- Critical file protection, monitoring and other operating system hardening measures;
- Role-based access rights for administrators and segregation of duties;
- Detailed auditing;
- The ability to adjust security levels and policies regularly to match the flexibility of the virtual environment.
Operating system hardening measures
All forms of virtualization include a management layer that resides on the hosting server (either the host operating system or the privileged partition). This layer has the ability to control critical processes on the host server and the key settings on each of the virtual servers. An external attack at this level could compromise the data or performance on all of the virtual machines (VMs) it contains. It is important to provide stack overflow protection on the host operating system and each of the guest operating systems. Critical processes such as the ability to copy or create a VM and the ability to change configuration files should be restricted to the management application and even then high risk activities need to be carefully monitored. Network traffic on the virtual LAN should be regulated between the VMs and from the VMs to the host operating system. These protection measures can provide a baseline of defense for both the host and guest operating systems against external attacks and also protect against some forms of internal errors or malicious activity.
Role-based administrative access
An important risk area that often goes unchecked is administrative access. The management operating system and each guest operating system have superuser accounts – also referred to as “root” or “administrative” accounts – that provide unrestricted access. In many organizations these accounts are shared between various administrators that need some form of privileged access to the server (backup technicians, database administrators, auditors, password administrators, etc.). The host operating system poses the most significant risk with regard to these superuser accounts because they could be used to copy any one of the VMs and the sensitive data it contains. These accounts also have the ability to modify or turn off audit logging which undermines the integrity of these records.
Compliance regulations such as the PCI standard require that unique IDs be used to access sensitive data to ensure accountability. On virtualization hosts, these accounts have leverage not only on the physical machine but also on all of the virtual sessions it hosts. This magnifies the risk posed by these shared, privileged accounts.
Companies need to eliminate the use of shared accounts on both the host and guest operating systems and limit the entitlements for each privileged user to match the requirements of their job. There should be a segregation of duties between the virtualization administration and the system administration to contain risk. Because virtual machines are easy to create and move, it is important to have the ability to create and change entitlement policies to enforce the required segregation of duties. This will stop over-exposure to sensitive data, help avoid errors that could effect performance or lead to downtime and help maintain compliance with various regulations such as Sarbanes-Oxley.
Detailed auditing for compliance regulations
Compliance and privacy regulations require both security policies and detailed auditing. Although some high risk activities can’t be eliminated completely, they should be tracked and may warrant an alert to key stakeholders each time they occur. Unfortunately the basic logging capabilities that are provided by most native operating systems do not provide enough detail to track significant events, and in most environments those logging capabilities can be suspended or modified by the administrative account user.
This lack of accountability violates many compliance regulations and it means that an organization has no reliable way to investigate problems or suspicious activity – if that activity is even detected. Without detailed audits, organizations may suffer from undetected problems. Companies need the ability to collect detailed audit logs that can be correlated with individuals, not just shared accounts, and these logs need to be tamperproof so it is easy to find the source of problems and impossible for anyone to cover their tracks. Having quick access to event logs and policy reports is essential to prove compliance, monitor high risk events and investigate suspicious activities.
Security flexibility to support virtualization flexibility
To live up to the virtualization promise of providing flexibility and rapid response to the business, companies need to have the above mentioned capabilities in place so they can maintain a consistent level of security as applications are moved onto different physical and virtual servers. The use of virtualization and the number of VMs is expected to continue its rapid growth. Maintaining the required segregation of duties and data privacy controls without a robust, policy-based access control system would be “virtually” impossible. Any viable solution to these challenges needs to provide an easy way to create, deploy, change and monitor a diverse set of security policies.
As companies reap the benefits of virtualization, they need to recognize the additional risks inherent in virtualization technology deployments and take measures to protect these virtual environments. To effectively mange the security challenges discussed above, companies need a server resource protection solution that protects both the guest operating systems and the host regardless of the virtualization platform that is used. When proper security policies and access controls are in place, virtualization can deliver its promised benefits, while allowing IT to reduce risk and meet compliance regulations. Enforced security policies and access control offer a logical solution to the very tactical problem of securing virtual servers.