Security
Challenges to Consider
While virtualization can bring a
lot of benefits to users, there are a number of security issues which should be
consider. One of the most prominent of these is called "break out"
attacks, a situation in which criminals will escape from a virtual machine
designed for guests in order to launch attacks against the hypervisor, allowing
them to gain control over the host.
While there are many security
concerns that should be addressed, it has not yet become clear whether they are
larger than contemporary security concerns. Some people would argue that it
allows things to have a higher level of security, particularly via the hardware
since you are moving things about, and this makes it harder for people to
figure out the location of the virtual environment.
.
This is true for the network
servers as well. The issue of virtualization security has become more
pronounced in recent years. Many people are still not certain whether or not
virtual environments have higher levels of security than physical environments.
As of this writing, no one is quite
sure, and this includes the likes of Microsoft, which is one of the top
virtualization security vendors. Organizations such as the NSA will process the
applications it has on the identical physical server, and it does this so that
the virtual machines will become isolated in a manner that will allow the
virtual machine to be penetrated.
Security Functions
Because an organization as powerful
as the NSA makes use of this security measure, some believe that it is more
than good enough for them. Despite this, the technology is still in its
infancy, and it will take time for vulnerabilities and defense mechanisms to be
fully developed.
What this clearly means is that
security breaches are a potential reality for those who make use of
virtualization. The reason for this is because this technology makes use of
layers, and layers can always be exploited. The hypervisor itself is a very
prime target, much more so than one physical server. There is little doubt that
hackers somewhere in the world are looking to penetrate the hypervisor.
At the same time, as with any new
technology, it is important to be prepared to make the necessary trade offs.
The biggest trade off that you will make when dealing with virtualization is
its utility. There is the risk benefit analysis, and each organization must go
through it. The good news is that the benefits of using virtualization outweigh
the risks by a very large margin. For example, if you have a total collection
of 2,000 servers, and you are making use of a layer 2 network that is connected
between two data centers, it is very likely that you want all of the virtual
machines to be transported from a single data center to another.
What you will give up in terms of
security, you will make up with flexibility. When you consider the standard
setup, either one of the virtual machines could be stored inside of any one
physical machine, and if this physical machine is approaching its maximum
capacity, it is possible to move the virtual machine away from it.
At the same time, mobility comes
with a number of different problems. While flexibility and mobility are
generally good things, enterprises could get in trouble with regulators. Laws
such as the Sarbanes-Oxley Act need the enterprises to have policies set in
place which designate the applications that may run, and the other applications
they function with.
reference:
Here are a few of the
key virtualization security issues that matter most to your organization:
1.
Oversight. One of the grey areas that virtualization has created is that of
server oversight. Who’s ultimately responsible for virtual servers is sometimes
up in the air. While physical servers are, as a matter of course, under the
direct purview of the data center, it’s not as straightforward for virtual
servers. Whether it’s the business unit that uses the server, the closest IT
manager to the actual physical server, or a central system admin, someone needs
to have clear authority to act and responsibility to manage the virtual server.
2.
Maintenance. Flowing
out of that oversight confusion is the issue of upkeep and patching. Virtual
servers tend to be launched and then their image tucked away, and it may or may
not be recreated when patches or configuration changes take place. Taking
regular snapshots of a virtual server so as to keep current with things like
patches and antivirus reduces risk.
3.
Visibility. One
of the risks involved with having significant virtualization is that those
network controls that used to segment specific applications off due to reasons
of compliance and security often aren’t virtualized. Indeed, virtual servers
develop something of an invisible network between them, quite apart from the
normal firewalling and monitoring controls that take place between physical
servers. This, of course, can lead to issues with HIPPA and other security
regulations. Compounding this problem is the fact that the virtualization
vendors haven’t yet implemented the kind of robust sniffer, tracking, and
firewalling tools that the physical server world has.
reference:
Virtualized environments can be
just as secure as physical server environments, but you need to make sure
you’re aware of the unique concerns that virtualization poses
--------------------------------------------------------------------------------------------------------------------------------------------------------------
be carfull when use this technology .
to learn more show the following link :
----------------------------------------------------------------------------------------------------------
because this topic is very important many witter write about this
like this book
and this book
ليست هناك تعليقات:
إرسال تعليق