How do you ensure cybersecurity for federal systems while embracing server virtualization, a key component of the Obama's Administration's Federal Data Center Consolidation Initiative? That's a question many federal IT pros are grappling with, and finding that the answer to creating secure server virtualization always involves steps to secure the hypervisor. A secure hypervisor, because it is central to controlling access to memory and the CPU, can go a long way toward securing both the physical server and its guest OSes.
In the physical world, you have to procure stuff, you have to build it ... . In the virtual world you can do all that instantaneously, so you can do good really fast and you can do bad really fast.
program manager for cyber and network securityNIST
The flip side is that the virtualized environment is a potential attack surface to gain unauthorized access to resources from guest operating systems, said Tim Grance, program manager for cyber and network security at the National Institute of Science and Technology (NIST). The key to minimizing this and other risks is securing the hypervisor.
The hypervisor can isolate resources, such as CPU, memory, storage and network, and impose logical and physical separation to make unauthorized access more difficult, Grance said. Specifically, the hypervisor can partition resources so that each guest OS can access its own resources but not other guest OS resources. As a result, it prevents one guest OS from injecting malicious code into another, such as infecting a guest OS's files or planting malware in another guest OS's memory. In addition, partitioning also can decrease the threat of denial of service attacks or conditions caused by excessive resource consumption in other guest OS's on the same hypervisor.
Because secure hypervisors are so critical to secure virtualization, the hypervisor has to be properly managed. "It has to be patched and it has to be a secure configuration," Grance said. "You have to protect the management interface so that you minimize the attack surface."
NIST experts offer the following recommendations to secure hypervisors:
- Install all updates to the hypervisor as they are released by the vendor--most hypervisors have features that will check for updates and install them automatically
- Disconnect unused physical hardware from the host system
- Disable all hypervisor services such as clipboard- or file-sharing between the guest OS and the host OS, unless they are really needed, as these services can provide a possible attack vector
- Use features in the hypervisor to monitor the security of each guest OS and activity occurring between guest OSes
- Carefully monitor the hypervisor itself for signs of compromise
Another risk is "virtual sprawl," according to Grance. "In the physical world, you have to procure stuff, you have to build it, you have to physically move it and connect it," he said. "In the virtual world you can do all that instantaneously, so you can do good really fast and you can do bad really fast."
Murugiah Souppaya, NIST computer scientist and co-author of the agency's draft Guide to Security for Full Virtualization Technologies (.pdf), expanded on this point.
"Because it's so easy to create new virtual instances of the system, people have a tendency to create more things and not [secure] them," he said. "It's so easy to request new resources, so if you don't manage that creation process properly, you could have lots of resources just sitting out there, unmanaged, unpatched and unsecured."
In fact, IT managers are learning that, on the one hand, server virtualization security entails the usual basics, it does require a series of steps to guard against security risks and vulnerabilities.
The bottom line on server virtualization is a bit of a paradox: "You have to keep in mind that it may be virtual but it's real," Grance said. "So you really have to do all of the [security controls] that you're supposed to do."
About the author:
About the author: Richard W. Walker is a freelance writer based in the Washington, D.C., area who has been covering issues and trends in government technology for more than 10 years.
This was first published in September 2010