Securing virtualization in real world environments

Download Securing virtualization in real world environments

Post on 19-Jan-2015




8 download




1. IBM Software January 2011Thought Leadership White PaperSecuring virtualization inreal-world environments 2. 2Securing virtualization in real-world environmentsContentsHowever, the key to successful virtualization is providing bene-ts like energy efficiency and performance without compromis-2 Introductioning security. Organizations typically struggle to stay ahead of3 Virtualization: Enjoy the ride, but dont forget to buckle up todays threats while also addressing various regulatory-basedcompliance standards. Adding new technologies such as5 Security implications of virtualization virtualization exacerbates this problem, making it essentialfor organizations to identify and address the new security gaps7 Securing virtualizationthat are introduced by virtualized environments.8 Virtualization security solutions from IBMFor example, in a physical server environment, if someone com-11 Summarypromises the security of one server, most organizations have thesecurity tools in place to address and contain that breach. But12 For more informationin a virtual server environment, where a single physical servercan be running multiple applications from different resources, aIntroductionbreach of one virtual server can potentially be a breach acrossIT organizations are under increasing pressure to deliver morea multitude of virtualized servers. And traditional security toolsfunctionality faster and with smaller budgets. Increasing costs cant help, because they werent designed to address virtualiza-attributed to power and cooling of servers, coupled with thetion. Its only a matter of time before a tremendous securityheadache of managing an expanding number of servers, makesbreach associated with server virtualization makes headlines.this a serious challenge requiring new advancements within thedata center.Given the potential for catastrophe, organizations must act now.The rst step is to take the time to understand how to properlyAt the heart of many data center transformations is virtualiza- integrate, deploy and manage security in virtualized environ-tion. Through its ability to consolidate workloads and reduce the ments. Without a baseline plan or a real understanding of virtu-amount of time and energy IT spends purchasing, installing andalization and security, IT groups may decide to disable manymaintaining racks of servers, virtualization allows the organiza- of the advanced features of virtualization for fear of unintendedtion to satisfy its goals with fewer physical resources and reduced consequences, or even worse, they might introduce more riskoperational costs. Early adopters of virtualization are alsointo the process.attaining additional returns on their investment throughsimplied systems management, automation and optimizedserver utilization. In short, both the expectations and benetsare very real. 3. IBM Software 3This white paper examines many of the security concerns associ- However, in addition to providing these benets, virtualizationated with virtualization and helps you understand and prioritizesignicantly impacts security. As data centers evolve into sharedthese risks, as well as describing the IBM security solutions and dynamic infrastructures, security concerns increase. Thethat can help you secure virtual environments and position your industry has already expressed anxiety over physical-to-virtualorganization to reap the full rewards of this exciting technology.migrations, security of the virtualization management stack, andvisibility into the virtual network. As virtual data centers becomeVirtualization: Enjoy the ride, but dont more complex, additional concerns around workload isolation,forget to buckle up multi-tenancy, mobility, virtual machine sprawl and trust rela-Virtualization has tremendous appeal for a variety of reasons.tionships are gaining visibility. Negatively impacting the overallMost notably, organizations are successfully reducing capital and security posture and increasing risk are never the intentions ofoperating expenses through server consolidation. By breakingIT groups deploying virtualization, but that potential readilydown silos of physical resources, organizations can center management and reduce server sprawl.Concerns over risk have the potential to limit the benets anWhile reducing data center costs has become the primary suc-organization will realize from virtualization. For example, manycess metric for organizations, investments in server virtualization companies have seen no change in the number of resourcesalso come with greater expectations. Organizations have addi- needed to manage virtual environments (see Figure 1). This istional goals of increased availability, automation and exibility likely the result of organizations not enabling automationthat are possible only with virtualization. Realizing these goals capabilities such as dynamic resource allocation and a critical step towards greater levels of service management Additionally, adopters of virtualization may not be changingthrough virtualization, including advanced IT service deliveryand ultimately improvingthe efficiency of server provisioningand strong business alignment. It also helps break the lock processes for fear of introducing risk or of moving out of com-between IT resources and business servicesfreeing you to pliance with security policies. Until these organizations enableexploit highly optimized systems and networks to furthermore advanced virtualization features, they will not realizeimprove efficiency. the enhanced manageability and availability benets thatvirtualization brings. 4. 4 Securing virtualization in real-world environments The security challenges of virtualizationTraditional threats Traditional threats can attackNew threats to VMVMs just like real systemsenvironments Virtual server sprawlAPPLICATIONS Dynamic state VIRTUAL Dynamic relocationManagementvulnerabilitiesMACHINEOPERATINGSecure storage of VMs SYSTEMand the managementdata MANAGEMENTResource sharingRequires new Single point of failureskill sets VMM OR HYPERVISOR Loss of visibilityInsider threatHARDWARE Stealth rootkits MORE COMPONENTS = MORE EXPOSUREFigure 1: The unique security challenges of virtualized infrastructures generate new risks for IT organizations, and the risk increases with the number ofcomponents involved. 5. IBM Software 5On the other hand, many early adopters have rushed to take controls, strengthen the platform and increase awareness ofadvantage of these technologies, often without fully understand- potential security implications, organizations will be able to real-ing the security concerns. For example, server consolidation ize more benets without adding new risk.increases overall efficiency, but also complicates matters byintroducing a new architecture with various technical andBefore we examine the solutions offered for virtualizationorganizational complexities. Both IT and security professionalssecurity, lets take an in-depth look at the major concerns.must adapt as consolidation forces change. Security implications of virtualizationAs network and server administration begin to converge, physi- Some characteristics and attributes of virtualization have inad-cal security devices and other security tools become less effective. vertent yet inuential consequences on information security.Even the most basic features of virtualization greatly impact thePhysical servers and other computer resources are heavilyday-to-day security responsibilities and processes used to achieve shared, barriers between virtual machines are logical, andand maintain compliance. workloads can move around the data centeren route to new servers or geographic locations in real time.Perhaps a lesson can be learned from the automobile industry inthat safety and security increase with maturity. The rst modern Understandably, people, processes and technology must adapt.automobiles were available in the late 19th century, but seat beltsTo do so, we must fully understand the new risks and securitywere not offered as standard equipment until 1958. Clearly,challenges unique to this technology. The following sectionstechnological advances allowing cars to travel much farther anddescribe several major security concerns of virtualizedfaster outpaced advances in safety. Likewise, new virtualization environments.capabilities are currently being introduced at a pace that chal-lenges risk mitigation solutions. While mature virtualizationIsolationplatforms have strengthened their inherent security capabilities In order to safely consolidate servers and allow a single physicalover time, new virtualization products with widespread appealserver to host multiple virtual machines, virtualization uses logi-and poorly understood security capabilities are now on the cal isolation to provide the illusion of physical independence.highway. No longer able to verify that machines are separated by network cables and other physical objects, we rely on the hypervisor andIn response, organizations must buckle up. They should under-other software-based components to provide these assurances.stand the new security risks that are introduced in virtualizedThis becomes increasingly important when workloads fromenvironments, and then evaluate new security solutions speci- users of different trust levels share the same hardware. Incally designed to address these new virtualization securityorder to properly contain information, administrators must paychallenges. Yes, virtualization introduces new concerns, but itspecial attention to conguration settings that affect virtualalso provides an opportunity to extend defense-in-depth to machines and network isolation, as well as continuously monitornew and unique areas of integration. As we optimize security the entire infrastructure for changes that could result in leakage of sensitive data. 6. 6 Securing virtualization in real-world environmentsServer lifecycle and change control conguration protocol (DHCP) environments. Static policiesPatch management and change control windows are vital toand other security mechanisms designed for traditional serverskeeping operations running smoothly and safely. This is done by and networks may become easily confused. The ability of secu-applying important security xes in a timely manner. In fact, thisrity products to operate intelligently across multiple physical andis so important that many IT organizations have built an exactvirtual environments, as well as to be more infrastructure-awarescience around server maintenance. Without question, a greatthrough integration of platform and management APIs, willamount of time and money are invested annually to maintainallow administrators to enforce control over the mobility ofservers in the data center. Virtualization adds to this complexityvirtual machines within various security changing the rules of the game. Servers are no longer con-stantly running; virtual machines can be stopped, started, paused Virtual network securityand even rolled back to a previous state. The speed at whichNetworks and servers are no longer two separate, distinct layersmachines are congured and deployed also dramatically of the data center. Virtualization allows for the creation ofincreases. What used to take hours now takes seconds or sophisticated network environments, completely virtualizedminutes. The result is a highly dynamic environment where within the connes of the server itself. These virtual networksmachines can be quickly introduced into the data center withfacilitate communications for virtual machines within the serverlittle oversight, and security aws can be absent or reintroduced and share many of the same features used by physical switchesbased on virtual machine state. Security professionals must and other traditional networking gear. A physical port in the datafully understand what virtual machines are being deployed,center that used to represent a single server now represents tenswhich are currently running, when they were last patched andor hundreds of virtual servers and drastically affects how wewho owns data center networks. Network traffic between virtualmachines within the same physical server does not exit theVirtual machine mobilitymachine and is not inspected by traditional network securityMobility, in the language of virtualization, refers to the ability of appliances located on the physical network. These blind spots,a virtual machine to automatically relocate itself and its resourcesespecially between virtual machines of varying trust levels, mustto an alternate location. This capability, while highly desirable,be properly protected with additional layers of defense runningcan also create problems. In a traditional data center, physicalwithin the virtual infrastructure.server A might be located on Row 5, Rack 8, Slot 3. In thehybrid data center, virtual machine B is not as easily locatable. Separation of operational dutiesAs part of a resource pool, server B could be spread across Separation of duties and the policy of least privilege aremultiple physical resources. If congured for mobility, the virtual important security principles used to limit the capabilities of ITmachine could relocate to another physical server, either auto- administrators as they manage resources and perform routinematically as part of a disaster preparedness plan or in responsetasks. Server management is usually handled by the serverto a performance threshold. administrator, and network management by the networkadministratorwhile security professionals work with bothThe mobile aspect of virtual machines means exibility, timeteams and handle their own specic tasks. Virtualization hasand cost savings for the data center, but it also introduces secu-rity concerns similar to laptop and large-scale dynamic host 7. IBM Software 7changed the natural boundaries and lines of demarcation thatthe same security technology. The reason we cannot is due to abuilt these divisions. Both server and network tasks can be fundamental shift in the way organizations plan, deploy andmanaged from a single virtualization management console,manage virtualization platforms. This shift requires, in somewhich introduces new operational challenges that must beinstances, a simple adaptation, and in others, a completely newovercome. Organizations must clearly dene proper identity andway of operating.access management policies, allowing administrations and secu-rity professionals to properly maintain and secure the virtualFor example, it is true that some of the threats exposed byenvironment without granting excessive authority to those who virtualization can be mitigated or reduced by using existingdo not require it.people, processes and technology. Traditional network and hostsecurity products for example, can be used to protect the net-Additional layers of software work, desktops and servers. Given a small adaptation, host intru-As virtualization is introduced into the data center, so are addi-sion prevention systems (HIPS) can also be installed on eachtional lines of code that make up the software needed tovirtual machine. However, what cannot be effectively protectedimplement itfrom the management consoles that controlby traditional processes and technologies is the virtual fabricvirtual machines to the hypervisors that provide the foundation composed of the hypervisor, management stack, inter-VM trafficfor the technology itself. As such, new vulnerabilities related toand virtual switch. While people, processes and technology arevirtualization software can be introduced, with some attributed recyclable, they also need to evolve to the new architecture andto the popularity, accessibility and relative immaturity of x86 concepts exposed by virtualization.virtualization. In addition, there is a heightened sensitivity fromvendors to analyze and disclose vulnerabilities. Many disclosures Change control and patching procedures are good examples.can be attributed to third-party code that is packaged with the The patching procedures for virtual machines certainly need tovirtualization software stack, and vendors are taking measures to adapt to uctuating running states and dormancy. Furthermore,reduce the footprint of their software and dependency on uncon- how do organizations use virtualization management suites totrolled code. However, it goes without saying that fault-free codereclaim the separation of duties lost when network and hostis largely unattainable, especially as vendors integrate complexadministration merge onto the virtualization platform?features into their platforms. Organizations should treat virtual-ization as they would any critical application and apply proper Deploying access control and applying the policy of least privi-defenses to stay ahead of these threats.lege to the management console, administrative roles and virtualimages are certainly not unique concepts; however, slowing theSecuring virtualization growth of virtual networks and preventing virtual server sprawlIBM believes that a foundation in security is the basis fromis. Administrators must also adapt to the concept of sharedwhich organizations can reap the most benet from virtualiza- resources and ensuring a fair distribution of RAM, CPU,tion. If many of todays virtualization security challenges simplystorage and bandwidth.mirror yesterdays challenges, logically, we should be able to use 8. 8 Securing virtualization in real-world environmentsAll of these practices are used in todays networksin someVirtualization security productsformto mitigate risk. Since even virtual networks are reallyIBMs virtualization security product offerings fall into threehybrid networks, these traditional solutions are still absoluteareas within the virtualization spectrum: Virtual environmentnecessities in the ght for security. However, organizations ready, virtual appliances and virtual infrastructure protection.should keep in mind that organizational security is only as goodas the sum of its parts. Defense-in-depth must be extended fromVirtual environment ready solutions utilize IBM securityphysical to virtual environments. In todays era of reduced cost offerings to protect virtual environments. With these solutions,and complexity, the value of a single suite of centrally managed IBM can protect virtual environments with proven technologiessecurity products that protects both physical and virtual net- that incorporate recommended policies from the IBM X-Forceworks and hosts is critical to achieving organizational security team, which is one of the oldest and best-known commercialand maximum return on research groups in the world. Certied by the International Computer Security Association (ICSA), andVirtualization security solutions from IBM developed according to National Security Services (NSS)Most organizations are running hybrid infrastructures with libraries for cross-platform security development, thesevarying percentages of physical and virtual hosts, applicationssolutions have the ability to block threats and provide seamlessand devices. While many are rushing headlong into virtualiza-integration with no interruption of your workows.tion, others are testing in laboratories or waiting until the valueof their servers and appliances have amortized. Regardless, theVirtual appliances such as IBM Security Network Intrusionstark reality of virtualization is that there is an adoption period. Prevention System help reduce operational expenses whileCurrent investments in security will not be thrown away but will increasing exibility for your security infrastructure by allowingbe recycled and reused. Without question, organizations will the reuse of assets you already own. These solutions can easilylook to cannibalize their existing investment in security in order migrate from older technologies without changing hardware,to effectively extend their investment.and they provide a foundation for future expansion. The same policies of the physical appliance can be reused, and there canIt is critical to understand that the true value of security is not in be numerous virtual appliances running on every virtualizationpoint products that address virtualization only, but in solutionsserver.that extend security to the new risks exposed by virtualizingproduction servers. Organizations interested in reducing costVirtual infrastructure protection solutions include IBM Securityand complexity while achieving enterprise-grade security mustVirtual Server Protection for VMware, an integrated threat miti-pay close attention to how solutions will ll the coverage gapsgation solution designed to allow organizations to fully exploitintroduced by virtualization.the benets of server virtualization while protecting critical virtualized assets (see Figure 2). It provides the same intrusionIBM is focused on providing best-of-breed, end-to-end security prevention capabilities of other network IPS solutions, but withsolutions for key control pointsnetwork, endpoint and server. the advantage of being integrated into the hypervisor throughIBM provides a range of virtualization security products, serv-the VMsafe interface made available by VMwarewhich meansices, and leading-edge expertise to help organizations maintainyou need to install only one instance for each virtualization serversecurity while realizing the promise of order to protect the entire virtualized infrastructure. 9. IBM Software 9 IBM Security Virtual Server Protection for VMwareIBM SecurityVM VMVM Virtual ServerWeb Server Host DesktopWeb Application Protection for VMware PolicyResponse ApplicationsApplicationsApplications EnginesHardened OS OSOSOSRootkitFirewallVMsafe Intrusion Virtual Detection PreventionNAC Hypervisor HardwareFigure 2: IBM Security Virtual Server Protection for VMware helps organizations operate more securely and cost-effectively by delivering integrated andoptimized security capabilities for virtual data centers. 10. 10 Securing virtualization in real-world environmentsIBM Security Virtual Server Protection for VMware automati- IBM Security SiteProtector System offers the industrys largestcally protects virtual machines as they come online or moveportfolio of centrally managed security products and is sup-across the data center, and it monitors traffic between virtualizedported on VMware ESX. Designed for simplicity and exibil-servers with a holistic view of the virtual network. In addition toity, Security SiteProtector System can provide centralizeddelivering IPS capabilities, the solution enables the security teamconguration, management, analysis and reporting for selectto search for malware by looking for rootkit activity in virtual-IBM security products.ized systems and to congure rewall rules and network access IBM virtualized infrastructure security provides virtual envi-control (NAC) rules. ronment awareness and forms a transparent plug-and-play threat protection solution to address security concerns associ-IBM Security SiteProtector System is integrated into Virtualated with virtual machine sprawl, lack of virtual networkServer Protection for VMware, providing a simple, cost-effective visibility, and mobility. Through integration with virtualizationway to manage security solutions for physical and virtualizedplatforms, IBM provides consolidated network-level intrusionsystems across the entire IT environment. Security SiteProtector prevention and auditing of the virtual environment, reducingSystem provides a central management point to control security the need for network traffic analysis in the guest operatingpolicy, analysis, alerting and reporting.system. Through this approach, organizations can limit the security footprint per guest OS, thereby eliminating redundantSecurity management solutionsresource consumption and reducing security managementIBM provides a wide range of security management offerings,complexity.from managed services to plug-and-play solutions: Solutions backed by IBM X-Force IBM Managed Security Services offers the option to outsource IBM security excellence is driven by the world-renownedthe deployment and management of your security products, X-Force team, which provides the foundation for IBMs preemp-thus reducing the cost and complexity of training and main-tive approach to Internet security. This leading group of securitytaining in-house staff. IBM Managed Security Services also experts researches and evaluates vulnerabilities and securityoffers an innovative and simple way to secure the virtualissues, develops assessment and countermeasure technology forinfrastructure by choosing to have IBM manage your securityIBM security products, and educates the public about emergingoperations from one of eight IBM operation centers aroundInternet threats.the world. Called the IBM Virtual-Security Operations Center(Virtual-SOC), this service is designed to ensure that allphysical and virtual security solutions are active and updatedwith the latest patches and software updates, including securityintelligence provided by the IBM X-Force research anddevelopment team. 11. IBM Software 11The X-Force team delivers security intelligence that customers Summarycan use to improve the security of their networks and data.Without a doubt, virtualization has changedand is changingRegardless of whether the product is a physical 1U appliance orhow organizations run, manage and store applications and data.a piece of software installed on a virtual machine, the same secu- New, complex technologies are rapidly increasing the potentialrity intelligence and threat content developed by the X-Forcefor more gaps in is installed on that IBM security device and helps managethe threat mitigation process. Virtualization security need not mean scrapping current security investments in IPS technology, rewalls or multifunctionIn addition to providing security content updates to IBM secu- devices. Networks will always have some amount of physicalrity products, the X-Force team also provides the IBM X-Forcehardware, and virtual security will always be limited by a niteThreat Analysis Service (XFTAS). The XFTAS delivers cus- amount of resources. But you do need to plan now and considertomized information about a wide array of threats that could how to best protect your physical and virtual resources.affect your network through detailed analysis of global threatconditions.IBM continues to develop solutions that not only help protect capital investments and condential data, but also make it easy to track, monitor, automate and manage your critical infrastructure resources, including those in the virtualization stack. 12. For more informationTo learn how IBM can help you enable secure virtualization,contact your IBM representative or IBM Business Partner,or visit To learn more aboutIBM virtualization solutions, visit Copyright IBM Corporation 2011 IBM Corporation Software Group Route 100 Somers, NY 10589 U.S.A. Produced in the United States of America January 2011 All Rights Reserved IBM, the IBM logo, and X-Force are trademarks or registered trademarks of International Business Machines Corporation in the United States, other countries, or both. If these and other IBM trademarked terms are marked on their rst occurrence in this information with a trademark symbol ( or ), these symbols indicate U.S. registered or common law trademarks owned by IBM at the time this information was published. Such trademarks may also be registered or common law trademarks in other countries. A current list of IBM trademarks is available on the web at Copyright and trademark information at Other company, product and service names may be trademarks or service marks of others. References in this publication to IBM products and services do not imply that IBM intends to make them available in all countries in which IBM operates. No part of this document may be reproduced or transmitted in any form without written permission from IBM Corporation. Product data has been reviewed for accuracy as of the date of initial publication. Product data is subject to change without notice. Any statements regarding IBMs future direction and intent are subject to change or withdrawal without notice, and represent goals and objectives only. The information provided in this document is distributed as is without any warranty, either express or implied. IBM expressly disclaims any warranties of merchantability, tness for a particular purpose or noninfringement. IBM products are warranted according to the terms and conditions of the agreements (e.g. IBM Customer Agreement, Statement of Limited Warranty, International Program License Agreement, etc.) under which they are provided. The customer is responsible for ensuring compliance with legal requirements. It is the customers sole responsibility to obtain advice of competent legal counsel as to the identication and interpretation of any relevant laws and regulatory requirements that may affect the customers business and any actions the customer may need to take to comply with such laws. IBM does not provide legal advice or represent or warrant that its services or products will ensure that the customer is in compliance with any law or regulation.Please Recycle SEW03016-USEN-01