Virtual Machines != Security Virtual Reality

Post #1, Virtual Machines != Security Virtual Reality

PathMaker Group is introducing some exciting new technologies to the market that greatly reduce business cost of securing virtual environments and simultaneously increasing system efficiencies, measured in hard-dollar savings. In order to truly embrace the value of these innovative solutions and approaches, one needs to consider some of the obvious and not-so-obvious security issues rooming in virtual space today.

This post is the first of my multi-part series on securing virtual machine environments and I hope that it provides some additional insight into the security issues that I anticipate would concern every business using virtual machines, or considering using it.

The majority of security concerns found in virtual machines are very similar, if not identical, to those on physically separate platforms. However, virtual machines bring with them some very unique potential weaknesses as described below:

  1. Techniques such as clipboard sharing allows data to be transferred between multiple VMs, as well as with the host. This seemingly useful functionality can also provide a very dangerous bridge for transferring data between cooperating malware programs running inside VMs of different security levels, or to exfiltrate data to or from the host or VM operating systems.
  2. The operating system kernel that provides the VM layer has the ability to log keystrokes and screen updates passed across virtual terminals in the virtual machine. The keystrokes and screen updates are logged to files located on the host, allowing monitoring of even encrypted terminal connections inside the VM.
  3. Some VMs have no form of isolation whatsoever, giving the guests unfettered access of the host’s resources, such as the file system, and device resources. Such solutions tend to focus on running applications designed for one operating system on another operating system, and eschew the isolation that many VM users expect. VM users with significant security and isolation needs should invest some time to determine a proper approach toward isolation.
  4. The now common buzz-term, “virtual sprawl”, refers to a condition in which IT managers and, in some cases, even end users install virtual machines all over the enterprise, creating a dysfunctional mess that is hard to manage and in most cases introduces huge security gaps. As a result, systems of various security classes and purpose may be haphazardly found adjacent to one another, potentially exposing the most sensitive of information to the Internet. Virtual machines, especially temporary test VMs, may get sporadically created, used briefly, then lost and/or forgotten altogether.

In the next several posts, I will pick apart each of the four items (above) to elaborate further on these particular security issues and provide insight and security best practices to help head-off these potential disasters.

 

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply