By Jeff Jilg, ClearCube’s Technology Services Director, and Tom Josefy, ClearCube’s Director of Product Marketing
Say you have 3 operating systems standardized on one virtualization infrastructure. Say that virtualization software gets hacked. Suddenly all of the OS diversity you have goes kaput. (ZDNet: Between the Lines)
So wrote Larry Dignan on ZDNet last week. It seems like an obvious idea: virtualization creates a single point of failure, one which, depending on your assessment of hypervisor vulnerabilities, could be pretty large. However, the speed and ease with which you can deploy security patches, and the fact that you can isolate virtualization infrastructure from network infrastructure, means that virtualization can actually be a net positive for security.
Greg Ness suggests that virtualization complicates the patching process:
How do you plan a patch cycle for virtual machines that are not physically online? How do you keep users from creating new instances of unpatched applications and potentially replacing the patched versions? (AlwaysOn)
But patches can actually be easier to roll out to existing VMs because they’re all accessible from a centralized location in the datacenter. And if you’re using deployment software that can be configured to deploy the patches overnight, the process is pretty painless.
A virtualized desktop gives users a single base VM image. That’s one image to modify and maintain; one image to roll out to new users; one image with specific firewall ports to open when you add new applications. And version control improves, since you can maintain and roll out the image from the datacenter – instead of walking around to different desktops through the company.
The fact is, a diverse set of images doesn’t reduce security exposure. However different those images are from each other, they could still have exactly the same security flaw. And multiple images can increase security exposure because there are more configurations to track and maintain.
As far as infrastructure is concerned, look at VMware’s ESX3 virtualization infrastructure. Part of its value is that you can totally isolate the management of the infrastructure layer from the rest of your network infrastructure and thus have, essentially, zero possibility of getting it hacked. Of course, this flip side of this — embedding virtualization in the OS — is precisely what has a lot of people wondering about the safety of Microsoft’s approach.
If, as Thomas Ptacek at Matasano suggests, “in five years, everything is going to be virtualized,” this discussion is far from over. What’s your take?
Patching is easier in the way you mentioned… if virtualized environments weren’t as complex, mobile and “instantaneous”. If you think about the dynamics of instant server creation and movement, combined mith new variations of data stacks (with more combinations of configurations to test, etc) the centralized monthly patch cycle could be rendered irrelevant in hours.
One key advantage of virtualization is the mobility and flexibility of processing power. Deploying patches on moving targets is a bit more complicated (and risky from a security perspective), even if you end up patching nightly.
Thanks again for mentioning my Always On blog…
Here is a recently published Nemertes report on the issues:
http://www.bluelane.com/lib/pdfs/SecuringVirtualizedInfrastructure.pdf
Greg
Neil MacDonal at Gartner just published a paper entitled: Security Considerations and Best Practices for Securing Virtual Machines. If you are a Gartner client and interested in security and virtualization it’s definitely a worthwhile read.
Thanks Greg for the note about the Gartner paper - that sounds like a good read. Overall a lot of shops are starting to get into virtualization and they are just now considering the consequences.
Virtualization will deliver benefits to many companies. The maintenance of those installations is just a bit different that normal maintenance. This would be a ripe field for customized software to take hold in the market to provide additional customer benefits.
Certainly the hypervisor offers a more powerful opportunity for patching/securing these virtual environments… with the right shims/plug-ins. But the static approaches to network security will become increasingly irrelevant in protecting these highly fluid, complex environments.
Ultimately I think security will be virtualization’s “killer app” for production environments. That is, virtualized environments will be MORE secure than their physical counterparts (with the proper solutions in place). Stay tuned for Blue Lane’s VirtualShield(TM) to address one key aspect of the problem.
Thx
G
http://virtual-jay.blogspot.com/2007/04/blue-lane-intrusion-prevention-system.html
Jay Rogers Virtualization blog discusses Blue Lane - FYI