Brad Bird takes a look at virtual servers and their level of security compared to physical servers. What makes a virtual server a richer target for attack? Are you prepared for the security considerations?
The industry suspects that servers in the virtual world are less secure than physical servers. This is interesting, because in addition to the challenges involved with securing physical servers, virtual servers have their own distinct challenges. I recently presented on this very topic at TechDays08 for Microsoft in Ottawa and Montreal.
Physical servers (metal) have been around for a long time, and we all know and love them. What gets installed on those servers typically can differ, but the approach we take in securing them is not terribly different no matter what is installed.
Some similar security challenges for all servers are:
- Control physical access
- Monitor network access
- Limit administrative privileges
I have listed only a few challenges here, and they are broad. So what about virtual servers? What is so different?
Additional security challenges for virtual servers
Whether a virtual server or a physical server is running Windows or Unix, these servers still require monitoring. The operating system also requires security updates and software patches as any code exploits become known. This does not change. However, at the risk of being chastised by all of my Unix guru colleagues, I am saying that Unix servers are ALSO vulnerable. In my opinion, Unix is less vulnerable than Windows, but there are a lot more Windows systems out there, and therefore, there are more to exploit.
Regardless, virtual servers have some additional security considerations. Try to imagine that virtual servers get contained inside these resources called virtual hard disks. The entire server is contained in these resources. These are files!
So imagine the security considerations of a Word document. Now compare that to those of an entire server present as a file.
Incidentally, other resources that require protection in the same way are the configuration files. These are the files where the server is configured as far as name, RAM configuration, network configuration, etc.
The immediate issue that comes to mind is the internal threat. Internal threats become exponentially greater because of the ease with which these virtual resources can be moved around.
The other concern is access to the host on which these "files" are stored. If the host server were to become compromised, suddenly more than one single server would be impacted.
Now arguably, if we are securing the physical server anyway and we trust that our documents are secure, should our virtual servers not be as secure as any documents?
Suddenly, virtual servers seem like they would be more likely targets for attack.
Techniques can be used to isolate the servers from network access at the hot level, which limits the possibility of exposing virtual machines at all. This, however, does not do a lot to mitigate internal threats if this is a major concern.
We use the same principles to secure access to the virtual host as we do to secure access to any server (i.e., least privilege approach, NTFS security, ACL permissions, Active Directory group memberships, etc....). But is this enough?
What do you think? Are virtual servers really secure? Share your thoughts.
Brad Bird is a lead technical consultant and MCT certified trainer based in Ottawa, ON. He works with large organizations, helping them architect, implement, configure, and customize System Center technologies, integrating them into their business processes.