As for breaking out of the client image, Intelguardians, a consulting company, demonstrated just such an incursion into the host OS at last month's SANSFire show. Details of the vulnerability aren't public, so it's impossible to know what the attack was successful against, but you can bet these researchers aren't the only ones in this race.
The lesson is that organizations now need to assume that a sufficiently motivated attacker is capable of such an exploit, and plan accordingly. Defense in depth and proper VM layout and design, including not mixing VMs with different security postures and requirements on the same host system, are crucial.
To find out how prepared our readers are, we fielded a survey—and got some eye-popping results. We can't help thinking that the 43% saying they feel virtualized machines are just as safe and secure as traditional environments are whistling past the graveyard. Of the 384 IT operations and security professionals responding, a mere 11% have put formal strategies in place to protect their VMs.
Now, many say they're relying on their current IT policies and toolsets to manage and protect virtual servers, and that makes sense to a point. Virtualized environments do face the same operational threats and risks as traditional servers, but there are added gotchas, from intra-host threats to vetting third-party hypervisor driver add-ons to new checklist items for corporate information security policies.
Let's face it: If a traditional 1U server is compromised, you'll feel some amount of personal shame, regroup, assess damages, fix the problem and move on. Most shops have strategies in place to localize internal damage, with secondary and tertiary lines of defense to safeguard against a cascade of compromised systems. Problem is, few network monitoring and management tools are up to the task of securing guest VMs. When a traditional server gets slammed and begins displaying erratic or suspicious behavior, alarms will go off. But how effective are your tried-and-true netmon tools if all machine-to-machine communication is occurring between VMs inside your "data center in a box"? How much time will the bad guys have to probe, test and exploit intra-host weaknesses before you see what's happening?
And, is the current level of high security anxiety swirling around VM-specific environments justified? It's getting there, but that's the nice thing about smelling smoke—it warns that danger's afoot.
