Skip to main content

Virtualisation & Security : Why The Virtual World Is A Radically Different Environment To Defend [Podcast]

IT security has come a long way in just a few short decades, but virtualisation has, in many ways, still got a long way to go before all the potential threats are parried effectively using easy-to-use technology.

One of the areas that IT professionals overlook on the security front when encountering a virtualised environment for the first time is the way in which the abstraction layer between software and hardware operates.

This is a podcast with Peter Wood, CEO, First Base Technologies, Senior member of ISACA London

The hypervisor - aka virtual machine monitor - for example, manages the interaction of virtual machines and hardware, but also hides the nature of the physical server resource.

This means that, in order to better understand the security requirements of a virtualised environment, it is necessary to take a logical, rather than a physical view. Put simply, this involves a group of services typically being seen as a single pool of resources or a single machine running multiple operating systems.

In order to maximise the effect of security in a virtualised environment, planning is essential. And planning security for a virtual environment - as with physical servers - requires that IT staff undertake a risk analysis for each (virtual) machine, as well as a vulnerability analysis as well.

Once this step is completed, then a good IT security deployment involves hardening the network interface, and, for each hypervisor, the strengthening of the security of the host operating system and allowed applications.

This does not mean that installing a commercial security application for a virtual environment is sufficient. The process of risk analysis should include configuration assessments, as well as configuration checks on each hypervisor and the use of approved templates (ISACA is a good source here) for deployment.

The reason for such a high emphasis on hypervisor security is that a failure to defend the hypervisor means that the host operating system then becomes vulnerable to attack - this is regardless of what security software is deployed on each virtual machine. Hackers have developed a number of specialist techniques to attack the hypervisor, including a process known as hyperjacking.

As the name implies, hyperjacking involves injecting a rogue hypervisor element between the target system and its hardware. If carried out successfully, hyperjacking is difficult to detect using conventional security technology.

Because of the relative youth of virtualisation security, hyperjacking is still thought by many to be a theoretical attack scenario, but some hackers at the December 2010 Chaos Computer Club meeting in Berlin detailed an in-depth strategy that, if implemented in hacker darkware, could become an automated security threat.

One very real virtualisation security threat, however, is a process known as virtual machine hopping and hacks seen to date involve the exploitation of vulnerabilities in hypervisors, which allow malware - or remote attacks - to compromise virtual machine separation protections.

Using this hacker methodology allows cybercriminals to gain access to other virtual machines, hosts and even - again, in theory at least - to the hypervisor itself.

Hacker demonstrations of virtual machine hopping have shown that it is possible to piggyback on a virtual session once the attacker has gained access to a low-value, and so less secure, virtual machine on the host system. This low-value virtual machine is then used as a take-off point for further attacks on the system.