OVERVIEW

In this the final virtualisation article from Orthus, we look at the wider security and operational implications of virtualisation for business.

A FEW WORDS OF CAUTION

Virtualised resources are commonly employed as a replacement for a conventional LAN infrastructure, and network routing is supplanted by virtual routing and forwarding. Although a number of virtualised resource specific security appliances are beginning to emerge in the marketplace, their implementation is not without significant challenges. Additionally, the marketing materials that have accompanied the emergence of virtualisation technology tend not explore potential risks and operational impacts, such considerations may not have been made by organisations wishing to utilise such technologies.

BARRIERS TO EFFECTIVE RESEARCH

ADDITIONAL OPERATIONAL CHALLENGES

The security implications of virtualised resources are not merely technical; there are a number of operational challenges that negatively impact upon security posture. A common assumption when discussing virtualised resources is that deployment will greatly reduce operational expenditure. However, the reverse may hold true (similare arguments were made about Client/Sever implementation!).  Virtualisation is being widely embraced by a number of hardware and software manufacturers, and this may well result in enterprises facing an environment that contains numerous flavours of virtual machine environments and virtual machine monitors (with higher than expected costs).

To adequately secure virtualised environment it will be necessary to implement multiple security solutions within the architecture (other than VRF and a reliance on a firewall instance or two), and these will impact upon the performance, scalability and ease of administration and system maintenance. It should also be noted that many available security appliances are heavily reliant upon network topologies, and also can be resource intensive. If the network is replaced by a virtualised resource, the topology may well present a challenge, but any introduced security appliances will utilise the same resources as the assets they seek to protect. Not only does this introduce performance issues, but if a cross memory attack can be implemented, the security appliances themselves may too be vulnerable.

In many contemporary enterprise environments, there exists a clear delineation between IT specialist roles. Many organisations employ network specialists, security specialist, implementation specialists, and administrators (to name but a few roles). The big iron solution offered by many virtualised resource vendors makes this delineation somewhat invalid. Because applications, Operating Systems, databases, network topologies (and the security of all these) are sat in one appliance, the case may present itself that specialists are no longer required. The mass of available systems functionality and application however may well may the whole unmanageable without these specialists, and because there is a mass it may well prove to be both challenging and costly to secure.

Virtualised technology is an emerging market, and as such, there are a number of competing products to address the security impacts of its implementation. Sadly, there is no such entity as a silver bullet in relation to security, and many enterprises may face a struggle to implement solutions that can best deliver assurance and value in relation to their virtualised environments, resources or platforms.

CONCLUSION

When considering securing virtualisation, there are a number of practical steps that organisations can take to positively impact upon risk, namely:

As with any other area of security, general awareness of the potential impacts of virtualisations is growing. Attacks against virtualised technologies are an increasing area of concern.  Preventing successful exploitation of vulnerabilities within the architecture will continue to be an objective of both responsible security researchers and vendors alike. It is hoped that some of the topics discussed in this series of articles can assist in this process.

Related posts:

1. Virtualization Security – The How To Guide – Part 5 OVERVIEW In this the penultimate virtualisation article, we look at...
2. Virtualisation Security – The How To Guide – Part 1 A number of security research projects have been undertaken into...
3. Virtualization Security – The How To Guide – Part 4 OVERVIEW In this the fourth technical article from Orthus that...
4. Virtualization Security – The How To Guide – Part 2 OVERVIEW In this the second of six technical articles from...
5. Virtualization Security – The How To Guide – Part 3 OVERVIEW In this the third technical article from Orthus that...

Related posts brought to you by Yet Another Related Posts Plugin.

• Previous Entry: I Want To Run Vmware With 8 Different Ip’s. What About Network Cards?
• Next Entry: Vmware Vsphere And Virtual Infrastructure Security: Sec