Virtualization Has A Scary Side
August 15, 2010 Leave a comment
MDG NOTE: After this note (in bold & blue and somewhat long-winded) there is nothing within this post that I wrote, but I agree with it and as a virtualization expert find it interesting, and mandatory reading for virtualization administrators and IT Pros considering virtualization as a solution. As I have stated a thousand times, virtualization is often a huge benefit to an organization in terms of both one-time and recurring costs, but is never to be seen as a way to avoid managing, monitoring, and patching your systems including the virtualization hosts, be they Microsoft, VMware, XenServer, or any other. This excerpt is from an e-mail from WServerNews.com that I received last week.
Computerworld compiled a list of issues that IT executives are concerned with regarding the vulnerability of their virtualized architectures. The list of things that could be security problems is quite interesting actually. They range from virtual servers being "stolen", or being moved from a secure network segment onto physical hosts in an unsecured segment, to creating new, undocumented and perhaps unpatched virtual servers. The problem might be that you don't know you have a bunch of virtual servers out there.
Sure, virtualization saves large amounts of IT budget, but if 50% of your mission critical servers are running on VMs, are they all secure? To a large degree it boils down to adopting best practices, something we do not all have the time to do. In larger organizations, a single admin can roll out new VMs to their heart's delight, and the security team does not know about it until much later. Recipe for dropped balls.
Let's face it, VMs are not very visible, and the infrastructure to control them is only just getting mature. If some one hijacks a hypervisor and penetrates all the VMs that are riding on it, who would know? So, you have to make sure that system admin best practices are really being applied. The hypervisor must be patched just like any other OS system to plug security holes, says KC Condit, senior director of information security at Rent-a-Center. "VMware has issued nine significant security advisories already this year, and XenServer has also issued a number of security fixes," Like I said, this is an interesting article, and the excerpt above is only a teaser to get your interest. The best approach: Bake security in before you begin. Read More at http://www.wservernews.com/705BYL/100816-Virtualization