Virtualized environments are often overlooked when it comes to security – a bad practice considering such environments have been identified as one of the next big attack vectors, according to Bruce Cowper, senior program manager for Microsoft Canada.
Although virtualization is great for quickly deploying new machines by making use of a standard machine’s existing template, the challenge is the easy proliferation of virtual machines that such a process allows, said Cowper. “We need to make sure we have controlled environments so that not just anybody can deploy a virtual machine,” he said.
Virtual machines should be patched as if they were physical boxes because, he said, applying fixes to the host box alone will not secure the guest operating system.
Microsoft recently released a virtualization patch to counter an escalation of privilege vulnerability, whereby a user with host operating system privileges could escalate those privileges to obtain permissions on guest operating systems.
The vulnerability, however, is difficult to exploit, said Cowper.
Virtualization technology is great for facilitating deployment of new machines, but it’s also useful for ensuring the security of a company’s IT infrastructure, said Cowper. One use is to maintain production systems current and updated by taking a snapshot of the running machine so the patching won’t disrupt workflow.
“We find a lot of people are taking these machines in a virtualized environment, testing them, and getting them back online as fast as possible that way,” he said.
Some companies leverage virtualization technology to create honey pots – or traps – to lure attackers who might target a virtual platform because of its isolation.
Overall, virtualized environments provide IT with a central hub from which to manage security across an enterprise – an advantage for businesses with remote offices.
Just last year, Symantec Corp. announced it would develop security tools for Intel Corp.’s vPro virtualization technology, essentially allowing IT departments to manage security threats in an isolated virtual space instead of within the operating system.
This approach works well because one of the greatest vulnerabilities is having an operating system that is responsible for the actual protection mechanism, said Doug Cooper, country manager for Intel of Canada Ltd.
“If you can create a separate partition where the security is handled, then the risk of the threat actually co-opting the resources of the operating system drops dramatically,” he said.
The continued online threat to businesses from malware, coupled with the dramatically narrowed margin of time between the emergence of a threat and the availability of a patch, were the drivers behind building security tools to integrate with vPro, said Cooper.
Virtual environments, he said, make the management of security risks easier because such virtual appliances don’t use operating system resources. “It gets us much closer to a hardware-based protection mechanism.”
Cooper said despite some observers having highlighted the virtual space as the next target for malware, virtualization actually means a virtual environment is “pretty light” due to the typically meager use of software that’s protected outside of the operating system. This, he said, makes for a smaller footprint to protect.
