Posted by: Colin Steele
Colin Steele, Trend Micro, Virtualization security, VMware
Not surprisingly, cloud computing was the big theme at last week’s VMware Virtualization Forum in Boston.
For the most part, VMware and the other vendors there focused on the nuts and bolts of the cloud; Bogomil Balkansky, vice president of product marketing, admitted, “We have really outdone ourselves in terms of the hype and marketing.”
(But occasionally they did revert to the kind of sales pitches and hyperbole that have led to so much cloud skepticism in the first place; Balkansky later compared cloud computing to the Industrial Revolution.)
One session I attended, in particular, offered some great real-world advice about a serious issue: security for virtual infrastructures and private clouds.
- Inter-VM attacks: Physical security products won’t detect attacks that go from one virtual machine to the other on the same host. And if you send all inter-VM traffic out to the network to detect these attacks, you create network latency.
- Rapid VM provisioning, no security provisioning: In a physical server infrastructure, you know when you’re rolling out a new machine, and you can make sure it has the proper security in place before deployment. But with virtualization, it’s so easy to create new VMs that many go online without the right security features — or any at all.
- Vulnerable “off” VMs: When you shut down a physical server or PC, you know it’s safe. But if you turn off a VM on an active host, there is still code that represents that VM, and that code can still be exploited.
- CPU drain: You know when you run a full system scan on an older computer and it brings the machine to its knees? Sure, that doesn’t happen on the fancy new server you have in your data center. But it can if you run antivirus scans on every VM inside that server at the same time (which most physical security products do). The problem leads some organizations to reduce their VM density — which cuts into the major benefit of virtualization in the first place — or even to turn off scanning, Agastya said.
For more information on securing your virtual infrastructure, follow these best practices for server virtualization security.