|
June 9, 2008Mastering basic virtualization challenges, part four: SecurityBy Rich FreemanVirtualization opens potential security gaps. New tools and processes can help you close them.(This is the fourth article in a five-part series.)
Like management, security is a topic that newcomers to virtualization often neglect. “Most organizations tend to overlook some of the specific nuances of virtualization and ultimately end up being less secure than they think they are,” says Neil MacDonald, a vice president at research firm Gartner Inc. of Stamford, Conn.
MacDonald cites several potentially dangerous security-related issues as examples:
Hypervisor vulnerabilities: Hypervisors are no less susceptible to attack than other software applications. “Compromise of that layer is a worst-case security scenario, because it puts every workload on that server at risk,” MacDonald observes. Hypervisor makers generally patch vulnerabilities in their software quickly, but IT departments are often lax about applying those patches. Including your hypervisor in your company’s regular patch management routine is critical, MacDonald argues.
Internal traffic monitoring: Traditional network-based firewalls and intrusion prevention systems scrutinize traffic between physical devices, but are incapable of observing traffic between virtual machines inside a host server. To monitor those communications you’ll need specialized firewall and intrusion prevention applications designed for use in virtual environments. Reflex Security Inc. and Blue Lane Technologies Inc. are two of many vendors that offer such products.
Root administrative control: In conventional infrastructures, servers typically perform one function apiece. In a virtual environment, however, a single physical server usually contains a wide variety of virtual machines—and anyone with root administrative permissions for that host device can potentially weaken all of them. That means IT departments introducing virtualization must also introduce tighter controls over who receives root access privileges.
|
Interactive ResourcesLATEST SPONSOR CONTENT
Case study: TerremarkIT service provider leverages virtualization to deliver infrastructure on demand.HP and Oracle Business Intelligence solutions white paperAn introduction to HP reference configurations for Oracle 10g Data WarehousingData sheet: Oracle Business Intelligence Suite Enterprise Edition PlusOBIEE Plus provides insight that results in better decisions and more-efficient business processes.Business intelligence best practices: Simplifying the reporting landscapeRead this whitepaper to learn the latest best practices & innovations in production reporting.A new model of business intelligenceNew BI applications offer agility, ease of use and scalability. Read this paper to see how.Virtualizing Server WorkloadsTechnology advances are making it possible to virtualize a wide range of x86-based server workloads.Virtualization Solutions Partners: AMD & MicrosoftAMD and Microsoft technologies help enable businesses to manage virtualization environments.Case study: CCTV.comChinese media leader delivers the 2008 Beijing Games to hundreds of millions of viewers.Medical center reduces costs, increases application availability with virtualizationDartmouth-Hitchcock Medical Center uses virtualization to curb rising costs.HP server blade posts HP’s first Quad-Core AMD Opteron™ blade result on Oracle benchmarkSystem achieves superior results on Oracle E-Business Suite 11i Small Model benchmark. |
