Q
Problem solve Get help with specific problems with your technologies, process and projects.

How can a hypervisor deployment avoid security risks?

A hypervisor deployment can put the security of an organization at risk, but there are ways to make it secure. Expert Judith Myerson outlines how to make the process safer.

What are the risks of hypervisor deployment? Are there specific steps security teams should take for hypervisor...

protection?

The risks of a hypervisor deployment include faulty implementation of hypervisor modules and configuration errors. These risks stem from the multiple ways the hypervisor virtualizes hardware resources to execute multiple computer stacks or virtual machines (VMs). The stacks are used to run multiple OSes.

The hypervisor might allocate the same physical resources for one VM to another VM. Examples of simulated resources include storage buggers, CPU registers, and memory and network buffers.

If the hypervisor does not reinitialize the reallocated physical resources, the second VM will have access to data from the first VM. Some conventional security fixes may work for the hosts running a hypervisor, although it may not be possible to turn off a physical port shared by several running VMs. Add-ons to the hypervisors that have not been properly secured could let in hackers.

To better compare the architectures of different hypervisors, the National Institute of Standards and Technology identifies five baseline functions in its Security Recommendations for Hypervisor Deployment:

  1. Isolation of VM processes. VMs are scheduled for execution. The processes include CPU and memory management.
  2. Emulation of network and storage devices. Different VMs mediate access to the same physical devices.
  3. Execution of privileged operations for guest VMs. Certain operations are not being executed directly by the host hardware.
  4. VM lifecycle management. This function is more than controlling VM states and managing VM images by the administrators. It also involves VM migration, VM monitoring and policy enforcement.
  5. Management of the hypervisor. Values are set for configurations in the hypervisor and a virtual network inside the hypervisor.

After identifying tasks for each baseline, an organization should identify the assets associated with the hypervisor, including physical resources, and identify the potential threats against the tasks the hypervisor performs.

Finally, the organization should recommend countermeasures that provide assurance against exploitation of these threats. The benefits should outweigh the costs of implementing countermeasures in a hypervisor deployment.

Ask the expert:
Want to ask Judith Myerson a question about security? Submit your question now via email. (All questions are anonymous.)

Next Steps

Test your hypervisor type knowledge with this quiz

Discover the tools to best manage multiple hypervisors

Find out how much of a threat hypervisors actually are

This was last published in November 2017

Dig Deeper on Cloud Computing Virtualization: Secure Multitenancy - Hypervisor Protection

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

What steps does your organization take to secure hypervisor deployments?
Cancel

-ADS BY GOOGLE

SearchSecurity

SearchCloudComputing

SearchAWS

SearchCloudApplications

SearchServerVirtualization

SearchVMware

ComputerWeekly.com

Close