In the Drive to Optimize Data Centers, Security Concerns Linger
Virtualization helps optimize data centers, but security must be addressed.
In a recent interview with 1105 Government Information Group, two officials from the National Institute of Standards and Technology (NIST) outlined the impact of virtualization on data center operations, and primary concerns government IT organizations must resolve to deploy solutions and meet federal mandates.
The increasing use of virtualization government-wide, has been driven by improved server utilization rates, increased operational efficiency, and the ability to leverage desktop virtualization to centrally control operating systems and meet security requirements, the executives said. However, despite the many benefits of virtualization as a tool to help optimize data centers, it has some negative security implications government agencies must address. “Virtualization adds layers of technology, which can increase the security management burden by necessitating additional security controls,” said Tim Grance, a Senior Computer Scientist for NIST.
Murugiah Souppaya, also a Senior Computer Scientist for NIST said some of the security problems stem from “the loss of visibility into guest operating system workloads and network traffic across virtualized environments.”
It can also be challenging to manage large numbers of virtual instances and snapshots, NIST officials said. “The implementation of proper change management processes and procedures will minimize the impact of virtual machine sprawl,” Grance explained.
Souppaya added that proper management of the hypervisor can also minimize an agency’s attack surface. “This includes proper patch management, secure configuration, and protection of the management interface,” he explained.
When it comes to virtual desktop implementations, NIST officials said all of the security considerations that apply to operating systems running on traditional hardware also apply to guest operating systems, which means IT organizations must apply security patches, implement a secure configuration baseline, back-up critical data, just as before. Finally, both executives stressed the importance of virtualized infrastructure exposure. “It’s important to restrict access to the virtual hardware, the virtual network, and virtual storage,” Grance said.
Ultimately, combining many systems onto a single physical computer can cause a larger impact if a security compromise occurs. And because some virtualization systems make it easy to share information between the systems, this convenience can turn out to be an attack vector if it is not carefully controlled. “In some cases, virtualized environments are quite dynamic, which makes creating and maintaining the necessary security boundaries more complex,” Souppaya explained.
NIST created guidance for virtualization in NIST Special Publication 800-125, Guide to Security for Full Virtualization Technologies, which outlines the security concerns associated with virtualization solutions for server and desktop environments, and provides recommendations to address concerns. According to NIST officials, to improve the security of server and desktop virtualization environments, organizations should implement the following recommendations:
Secure all elements of a virtualization solution and maintain security – The security of a virtualization solution is heavily dependent on the individual security of each component, from the hypervisor and host OS (if applicable) to guest OSs, applications and storage. Organizations must maintain sound security practices, such as keeping software up-to-date with security patches, using secure configuration baselines, and using host-based firewalls, antivirus software, or other appropriate mechanisms to detect and stop attacks. In general, organizations should have the same security controls in place for virtualized operating systems as they have for the same operating systems running directly on hardware.
Restrict and protect administrator access to the virtualization solution – The security of the entire virtual infrastructure relies on the security of the virtualization management system that controls the hypervisor and allows the operator to create new guest OS images, and perform other administrative actions. Because of the security implications, access to the virtualization management system should be restricted to authorized administrators only. Some virtualization products offer multiple ways to manage hypervisors, so organizations should secure each management interface, whether locally or remotely accessible. For remote administration, the confidentiality of communications should be protected, such as through use of FIPS-approved cryptographic algorithms and modules.
Ensure the hypervisor is properly secured – Securing a hypervisor involves actions that are standard for any type of software, such as installing updates as they become available. Other recommended actions include disabling unused virtual hardware, disabling unneeded hypervisor services such as clipboard- or file-sharing, and considering using the hypervisor’s capabilities to monitor the security of each guest OS running within it, as well as the security of activity occurring between guest operating systems. The hypervisor also needs to be carefully monitored for signs of compromise. This is because hosted hypervisors are typically controlled by management software that can be used by anyone with access to the keyboard and mouse. Even bare metal hypervisors require physical security. Someone who can reboot the host computer that the hypervisor is running on might be able to alter security settings for the hypervisor.
Carefully plan security for a virtualization solution before installing, configuring and deploying it – Planning helps ensure the virtual environment is as secure as possible and in compliance with all relevant organizational policies. Security should be considered from the initial planning stage at the beginning of the systems development life cycle to maximize security and minimize costs. It’s much more difficult and expensive to address security after deployment and implementation.