» VIEW ALL POSTS Jun 7 2010   1:46PM GMT

Top 4 virtualization security gotchas

Posted by: Colin Steele
Colin Steele, Trend Micro, Virtualization security, VMware

Not surprisingly, cloud computing was the big theme at last week’s VMware Virtualization Forum in Boston.

For the most part, VMware and the other vendors there focused on the nuts and bolts of the cloud; Bogomil Balkansky, vice president of product marketing, admitted, “We have really outdone ourselves in terms of the hype and marketing.”

(But occasionally they did revert to the kind of sales pitches and hyperbole that have led to so much cloud skepticism in the first place; Balkansky later compared cloud computing to the Industrial Revolution.)

One session I attended, in particular, offered some great real-world advice about a serious issue: security for virtual infrastructures and private clouds.

The session was actually called “Virtualizing Business Critical Apps,” but the 45-minute “introduction” by sponsor Trend Micro turned out to be more valuable than the session presentation itself. Trend Micro’s Harish Agastya, director of data center security, gave a relatively vendor-neutral and spin-free overview of some of the major virtualization security issues you should be aware of. Here are four of particular note:

• Inter-VM attacks: Physical security products won’t detect attacks that go from one virtual machine to the other on the same host. And if you send all inter-VM traffic out to the network to detect these attacks, you create network latency.
• Rapid VM provisioning, no security provisioning: In a physical server infrastructure, you know when you’re rolling out a new machine, and you can make sure it has the proper security in place before deployment. But with virtualization, it’s so easy to create new VMs that many go online without the right security features — or any at all.
• Vulnerable “off” VMs: When you shut down a physical server or PC, you know it’s safe. But if you turn off a VM on an active host, there is still code that represents that VM, and that code can still be exploited.
• CPU drain: You know when you run a full system scan on an older computer and it brings the machine to its knees? Sure, that doesn’t happen on the fancy new server you have in your data center. But it can if you run antivirus scans on every VM inside that server at the same time (which most physical security products do). The problem leads some organizations to reduce their VM density — which cuts into the major benefit of virtualization in the first place — or even to turn off scanning, Agastya said.

For more information on securing your virtual infrastructure, follow these best practices for server virtualization security.