Servers

Are your virtual servers really secure?

Brad Bird takes a look at virtual servers and their level of security compared to physical servers. What makes a virtual server a richer target for attack? Are you prepared for the security considerations?

Brad Bird takes a look at virtual servers and their level of security compared to physical servers. What makes a virtual server a richer target for attack? Are you prepared for the security considerations? 

--------------------------------------------------------------------------------------------------------------

The industry suspects that servers in the virtual world are less secure than physical servers. This is interesting, because in addition to the challenges involved with securing physical servers, virtual servers have their own distinct challenges. I recently presented on this very topic at TechDays08 for Microsoft in Ottawa and Montreal.

The two industry sources for my opening statement, that virtual servers are suspected to be less secure than their physical counterparts, are IDG and Gartner.

Physical servers (metal) have been around for a long time, and we all know and love them. What gets installed on those servers typically can differ, but the approach we take in securing them is not terribly different no matter what is installed.

Some similar security challenges for all servers are:

  • Control physical access
  • Monitor network access
  • Limit administrative privileges

I have listed only a few challenges here, and they are broad. So what about virtual servers? What is so different?

Additional security challenges for virtual servers

Whether a virtual server or a physical server is running Windows or Unix, these servers still require monitoring. The operating system also requires security updates and software patches as any code exploits become known. This does not change. However, at the risk of being chastised by all of my Unix guru colleagues, I am saying that Unix servers are ALSO vulnerable. In my opinion, Unix is less vulnerable than Windows, but there are a lot more Windows systems out there, and therefore, there are more to exploit.

Regardless, virtual servers have some additional security considerations. Try to imagine that virtual servers get contained inside these resources called virtual hard disks. The entire server is contained in these resources. These are files!

So imagine the security considerations of a Word document. Now compare that to those of an entire server present as a file.

Incidentally, other resources that require protection in the same way are the configuration files. These are the files where the server is configured as far as name, RAM configuration, network configuration, etc.

The immediate issue that comes to mind is the internal threat. Internal threats become exponentially greater because of the ease with which these virtual resources can be moved around.

The other concern is access to the host on which these "files" are stored. If the host server were to become compromised, suddenly more than one single server would be impacted.

Now arguably, if we are securing the physical server anyway and we trust that our documents are secure, should our virtual servers not be as secure as any documents?

Suddenly, virtual servers seem like they would be more likely targets for attack.

Techniques can be used to isolate the servers from network access at the hot level, which limits the possibility of exposing virtual machines at all. This, however, does not do a lot to mitigate internal threats if this is a major concern.

We use the same principles to secure access to the virtual host as we do to secure access to any server (i.e., least privilege approach, NTFS security, ACL permissions, Active Directory group memberships, etc....). But is this enough?

What do you think? Are virtual servers really secure? Share your thoughts.

About

Brad Bird is a lead technical consultant and MCT certified trainer based in Ottawa, ON. He works with large organizations, helping them architect, implement, configure, and customize System Center technologies, integrating them into their business pr...

4 comments
groffg
groffg

One thing I noticed when I set up Virtual PC at home (host: Vista x64; virtualized OS: Vista x86) is that the virtual OS does not seem to have hardware-DEP support (the processor *does* support NX/XD and the host has DEP coverage enforced via hardware). Anyone know if this is an inherent limitation of virtualization?

apelliccio
apelliccio

Brad...I work for a company called Guardian Digital. We've pioneered open source network security solutions. What is your opinion on SELinux for Virtual Servers?

craig_willied
craig_willied

Hey Brad, this is a good topic and I'm looking forward to what our peers have to say. Me and a collegue have argued over this very topic. He loves the whole virtual server phenomenon. I do to but for "testing" only. I can't get pass the old SPOF (single point of failure) problem. The industry has strived to reduce this aspect with Raid configurations and other technologies like imaging. Virtual servers (VS)brings us back to square one. I think they are very useful for testing purposes.(Remember trying to find enough machines to create a lab environment for testing?) I'm just not ready to give a VS a mission critical task even something as simple as DHCP. I'm curious to know what others are implementing VS's for in their environment. What say you peers...

m.finlay
m.finlay

Hi Craig, I'd have to disagree on the SPOF thing. The virtual HDD file (and data within it) and Virtual Machine config files should be as highly available as physical data. Ideally, stored on a SAN with full redunancy. You will still rely on physical hardware for running the VMs - the same redundancy as physical servers. It does, however, introduce an additional point of failure in the virtualisation layer. And, with the possibility of multiple VMs running on a single physical host, a hardware failure can cause all VMs running on the host to be powered off ungracefully. On the upside, these VMs can be 'powered on' via another physical host much faster (even automatically) than restoring or rebuilding a physical server.

Editor's Picks