Commentary
Virtualization Security
From virtual rootkit "aka Blue Pill" attacks to attacks that make it possible to break out of a virtual machine's operating system to the underlying server OS -- there's been plenty of talk about virtual security in the past few years. Yet, the more I look into the issues surrounding virtualization and security, the less I think it's about securing the actual virtualization software itself, such as the hypervisor.From virtual rootkit "aka Blue Pill" attacks to attacks that make it possible to break out of a virtual machine's operating system to the underlying server OS -- there's been plenty of talk about virtual security in the past few years. Yet, the more I look into the issues surrounding virtualization and security, the less I think it's about securing the actual virtualization software itself, such as the hypervisor.One of the big scares out there is the concept of a hypervisor being compromised, and one successful exploit would make it possible to comprise the underlying host operating system, and permit unauthorized access to each and every hosted VM on the host server. In an event like this, current antivirus tools may not be able to spot malicious processes or software. And there you have it, one exploit and it's possible to "own" all five, 10, or more hosted machines. Or maybe even hundreds in a clustered environment.
That certainly wouldn't be a good day in the life of any CISO. While the scale of these (so far theoretical) threats are greater than compromising a single server, the threats against the hypervisor are not really any different than vulnerabilities that enable attackers to gain access to physical servers. Because the hypervisor is a more dedicated, and relatively thinner, slice of software than a full-blown operating system, we're going to see many fewer vulnerabilities. In a recent conversation, Andreas Antonopoulos at Nemertes Research summed it up best: "When you look at the total virtualized environment, and you have a pool of 300 servers running on 100 physical servers with 100 hypervisors, what are you going to be more worried about? The attack surface of the hypervisor? Which is about 100,000 lines of tightly written code, or the 300 copies of Microsoft Vista running above it?"
More Security Insights
White Papers
- The BlackBerry PlayBook tablet's Good Bones - by BlackBerry
- New Visual and Wizard-Driven Paradigms for Exploring Data and Developing Analytic Workflows
Reports
More >>Webcasts
- Outsourcing Security: What Every Potential Cloud Security Customer Should Know
- Maximize ROI with Database Consolidation onto Private Clouds
Fixating on the security of the hypervisor itself is akin to taking a long, hard drag off of a cigarette while looking up at the sky and worrying about an asteroid strike.
Sure, it could happen. But it's the lack of taking care of the basics that will probably bring you down. So, rather than obsessing over hypervisor attacks, it's best to make sure that all of the software running on top of it is snugly patched. That the intra-VM traffic is vetted just as tightly as traffic that transverses the hardware. And that all of your change-control processes are maintained.
Sure, you're going to have to keep an eye out for hypervisor vulnerabilities and exploits. But if you have good layers of defenses in place, it won't be the end of the world.
Related Reading
| To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy. | |
|
|
T-Shirt Giveaway: Each week we're selecting one great comment from our readers. The author of the comment will receive an InformaitonWeek Community t-shirt. So get posting! |
Subscribe to RSSResource Links
This Week's Issue
Technology Whitepapers
- Mobile BI: Actionable Intelligence for the Agile Enterprise
- Creating the Enterprise-Class Tablet Environment - by Yankee Group
- How To Regain IT Control In An Increasingly Mobile World - by BlackBerry
- The BlackBerry PlayBook tablet's Good Bones - by BlackBerry
- New Visual and Wizard-Driven Paradigms for Exploring Data and Developing Analytic Workflows
Featured Resource
This is your portal to all the news, product information, technical data, and other information related to the topic of computer user authentication and certification. Visit us to find out how to ensure that computer users are who they say they are.
Learn More












