Virtualization Advisor

Expert analysis and advice on server virtualization technologies, deployments and management.

RSS
All Posts | RSS

Our blogger: Bernard Golden is CEO of consulting firm HyperStratus, which specializes in virtualization, cloud computing and related issues. He is also the author of "Virtualization for Dummies," the best-selling book on virtualization to date.

Thu, June 12, 2008

Can Virtualization Improve Security?

By Edward L. Haletky

Keywords: Virtualization, virtualization security, virtual server security, VMware, Cisco, Xen

CONNECTIONS
VMware
Cisco

A common misconception is that the virtualization of a server will alleviate all the normal concerns of running the system in question.

This misconception implies that virtualization provides a miraculous shield to all virtual machines that will eliminate downtime caused by security vulnerabilities and application errors.

This is not the case. All virtualization does is remove from the mix the vagaries of hardware—not the inherent software problems that exist within applications and even operating systems.

However, it could improve security.

Some aspects of VMware Infrastructure 3 keep certain network switch attacks from occurring within the virtual environment employing VMware ESX. This protection does not occur when using VMware Server, Xen, or any other virtualization tool, that does not employ virtual switches.

In its default state, VMware ESX will also prevent the creation of virtual machines that can sniff traffic destined for other virtual machines or even the physical network.

But is this really adding more protection to the virtual environment than you can already find within normal physical switches?

In some cases yes; in others no.

High-end Cisco physical switches include the ability to disable sniffing for systems connected to the switch or to sniff traffic addressed to other systems. They also protect against the same kinds of attacks virtual switches can stop.

These switches also protect against the switch attacks a virtual switch counters. That provides at least some level of immediate protection, even for low-end physical switches that lack defenses themselves.

Nor does virtualization protect against viruses, spybots, rootkits, man in the middle, or denial of service attacks, to name just a few.

Virtualization software does not even provide firewalls to protect a VM from external threats. Those firewalls either need to be physical, created as additional virtual machines, or installed in each VM using a software firewall.

Just like every other piece of attractive hardware or software, virtual-server infrastructures are constantly being researched by hackers, crackers and predators hoping to find a vulnerability that will let them into a whole series of virtual and physical servers.

Currently that silver-bullet vulnerability doesn't exist (or isn't known) for the VMware ESX host. But you cannot depend on one not turning up. Adequate security means constant vigilance.

With the advent of VMware VMsafe it is possible that vendors will add various capabilities into the VMware Virtual Infrastructure, but the default install does not provide much in the way of additional protections.

Currently, virtualization does not improve security. Virtualization, instead, gives a false sense of safety that does not exist. The same threats that exist in the physical world still exist in the virtual world.

Loading...
Virtualization Vendor Matrix

Find out what vendors offer the products you need.

View the Vendor Matrix »
Virtualization ABCs

Get up to speed on virtualization.

Learn More »
Virtualization MarketSpace
MarketSpace White Papers
Twenty-to-One Consolidation on Intel Architecture: New Tools for Virtualization and Workload Management
 Consolidation isn't easy—especially considering the costs and risks that come with bringing multiple applications and operating systems together on a single mainframe or proprietary platform... Learn more »
Building the Virtualized Enterprise with VMware Infrastructure
 Many organizations struggle with their legacy IT infrastructures which are often plagued by high costs, slow response times and inconsistent management... Learn more »
TECHNOLOGY ASSESSMENT: The Impact of Virtualization Software on Operating Environments
 Virtualization is a potential game-changer for modern computing. This IDC Technology Assessment discusses how virtualization technologies impact operating environments, now and in the future... Learn more »
Reducing Server Total Cost of Ownership with VMware Virtualization Software
Technology purchases are often quantified simply by hardware and software costs. But there's more to it. This TCO study takes a holistic view—considering soft dollars too, like ongoing maintenance and... Learn more »
 
SPONSORED LINKS
 

Learn how to leverage virtualization for a 74% savings in TCO.

Find out how you can affordably consolidate applications with VMware.

ESG Research on Server and Storage Virtualization

Get help navigating the management challenges of virtualization.

Narrow the gap between virtualization's benefits and the management risks.

Cash in on the promise of virtualization

High-performance computing is no longer just for Big Business

Stories of real businesses that Virtualized their IT environments

Learn how companies are changing how they reach out to their most profitable customers.

Data Center ROI with RFID Asset Tracking

Improve Web-Enabled SAP Performance

Gartner on Data Deduplication Cost Savings

Data Protection Options Explained

Webcast - "Into the Wild: Managing Laptops Outside the Office"

Complementary BI: The New Approach to Business Intelligence

5 Steps to Successful IT Consolidation

Effective Security with a Continuous Approach to ISO 27001 Compliance

Optimizing Infrastructure Control

Configuration Assessment: Choosing the Right Solution

Boost your top- and bottom- lines.

Unified Communications & Collaboration: Game-Changing Business Results

Best Intel Info for IT Pros/Intel Premier IT Professional Program: Stay up to date with roadmaps, technologies & best practices

Make Hidden Trends, Inter-Relationships and Influences Visible.

Improve delivery of product information to customers.

Prudential Financial Protects its Brand with Symantec

Find out why IDC thinks virtualization is changing operating environments.

Explore the impact virtualization can have on your bottom-line.

Save with 0% Lease Offer on HP Servers and Storage

Find out how to manage virtualization's risks and reap the rewards.

Conquer the realities of managing virtualization

Expand High-Performance Computing (HPC) Capabilities

Power the Platform of Choice for Virtualization in the Enterprise

Virtualization: Simplify. Automate. Lower Costs.

The Right and Wrong Master Data Management Strategies to Start Small and Grow Big

How RFID Improves Data Center Efficiency

Determine the ROI of Web Application Acceleration Managed Services

Achieve a 50:1 Data Deduplication Ratio

Remote Infrastructure Management - What Your Peers are Thinking

Ponemon Study: How Much Does a Data Breach "Cost"?

Data Protection: Challenges for the Traveling User

Optimizing Infrastructure Control

File Integrity Monitoring: Secure Your Virtual and Physical IT Environments

Effective Security with a Continuous Approach to ISO 27001 Compliance

Leading university calls on Nokia for mobile unified communications.

Mobility is Growing: Survey Shows Why CIOs are Concerned

Learn what it takes to build a holistic digital collaboration platform

The ECM Paradox: Extending Local Flexibility to Strengthen Central Control

Customer Insight Yields Sales, Marketing Gains

7 Requirements of Data Loss Prevention

Learn About the Features of the Google Universal Search Solution.

 
 
RESOURCE CENTER
 
buy a link »
Ads by TechWords