GETTING SECURE
Help will probably come in two forms. First, it's likely that as virtualization becomes more mainstream, hardware vendors will design end-user systems from the ground up to provide administrator-controlled VM partitions and hypervisor layers, making it harder for malware to enter systems.
A better fix uses the Trusted Platform Module found in most new x86 based systems. Using the TPM, software authenticity can be tested and inter-VM traffic can more easily be encrypted. Using the TPM's ability to sign software makes it easier to determine that a system image has been altered and that it should be assumed to be compromised. Since the TPM is designed to be a tamper-proof hardware approach to encryption and software signing, it should help substantially in validating that software of all stripes hasn't been corrupted by malware or by other means.
The other substantive threat is a byproduct of how multiple virtual machines communicate with each other on the same system; that, along with the ability to move running VMs from machine to machine, renders most network-based security products much less effective.
One of the first production uses for x86 virtualization has been server consolidation. The idea is that a single powerful server running a number of VMs can replace potentially dozens of older, lightly loaded individual servers. With so many VMs running on a system, the amount of communication between them can be significant. For intraserver communication between VMs, all virtualization products create a virtual switch, which is then shared by all VMs on the server. External network security tools from firewalls to intrusion detection and prevention systems to anomalous behavior detectors are all, by definition, blind to network traffic that never leaves the physical server.
One approach to securing multiple VMs on a single server is to ensure that all the VMs are running similar operating systems and that each has been properly patched. The notion is that if all systems running on a given server are similarly secure, their communications will be, too. Security products like host-based firewalls should be in place to provide what security they can.
A better solution is to use tools that are specifically intended to improve the security of virtualized environments.
Virtual appliances are, as the name suggests, VMs with a minimized and hardened operating system that's been configured to precisely meet the needs of the appliance's one application. The idea is to minimize or eliminate any operating system configuration work on the part of the end user, permitting rapid and consistent deployment with relatively little expertise required from the installer. Applications for virtual appliances range from grid computing to SaaS to security.
Though a virtual appliance can be created for any virtualization environment, VMware is ahead of the field and has created a marketplace along with a try-before-you-buy Web site. More than 100 security-related virtual appliances are listed on the site. Only a fraction of those are from commercial vendors. The rest are applications created by internal groups or open source collaborations.
Among the vendors listed are Astaro, with a unified threat management appliance; Blue Lane, with a virtual patching appliance; Catbird, with a security agent; and Reflex, with an intrusion prevention appliance. As this group indicates, virtual appliances, much as their physical-world kin do for the legacy data center, can fill many of the security gaps created by a virtualized environment.
While the tools to create a secure virtualized environment are now showing up, it would be a mistake to think that virtualization security is just about buying a different set of security tools. Greg Shipley, CTO of security research company Neohapsis, offers this advice: "Take a hard look at what threats you actually think you're facing, and what tools or techniques (which might not involve a technology purchase!) are out there to help mitigate them." Shipley maintains a healthy skepticism of security software vendors. He "can't help but wonder if some of the vendors out there are simply looking at all the virtualization going on and saying, 'Hey, how do I sell security to all these VMware shops?' I think part of the burden on us users/consumers of the technology is to discuss what the true threat vectors are and then look to at tools."
Virtualization will change the face of computing from the desktop to the data center. Getting security right requires reassessing the approach to and goals for security. Platform and network security, which have been the mainstay of most security efforts to date, will give way to securing data and restricting its use to only those who are, by policy, allowed to use it.
