Like a person who obsesses about being hit by lighting while driving without a seatbelt, it's the mundane dangers associated with virtualization that are most likely to bite you. For example, both fat and hypervisor-based hosts are at risk of having a guest OS compromised via traditional threat vectors and exploits. An unpatched or poorly protected public-facing server is at risk, period, whether it's running on a standalone box or as one of many VMs on a large hosted platform.
However, common sense dictates that an organization's exposure increases in tandem with its reliance on virtualization and server consolidation—the more VMs per platform, the greater the danger of an undetected intra-host problem spreading. For all practical purposes, intra-host threats are invisible to traditional off-box safeguards. External firewalls and other security tools cannot inspect or control intra-host traffic, where packets never leave the host to traverse wired infrastructure. Concerns common in the real world that are tough to catch in a complex hosted environment include extraneous or suspicious intra-host cross talk posing as legitimate traffic, which is indicative of port scans, virus behavior or other malware, and direct (targeted) or incidental denial of service attacks impacting other guest VMs due to consumption of CPU cycles, I/O resources or virtualized network bandwidth.
"The 'more eggs in one basket' risk, from a pure operational perspective, has less to do with evolving threat vectors than simply being no-duh IT," Shipley says, adding that IT groups saw the same dynamic with early SANs. "Most organizations can manage this risk by designing for extra capacity, running through virtual server migration drills and keeping up with patching."
The latter is a lesson worth repeating.
"Even though I think VMware has done a good job in reducing the attack surface, ESX/VI3 still an operating system, derived from Linux, and as such it needs to be patched," he says. "Problem is, patching ESX servers is a riskier and more intrusive proposition because you're not just taking down one OS, you're taking down all the OSes it hosts, too."
