Roger's Security Blog

As Chief Security Advisor of Microsoft EMEA - lets share interesting security information

Security Risks of Virtualization

Security Risks of Virtualization

  • Comments 2
  • Likes

One fact strikes me pretty often: Companies have the problem that they have legacy software running on legacy operating systems (e.g. NT4) running on legacy hardware. This is a severe problem as you all know. Now, these companies look into virtualization so solve this problem. From all the three "legacy" up there, only the hardware problem can be addressed by the use of virtualization – definitely not the OS and the application piece (obvious). Now, there are still a lot of people thinking that if they embed the legacy machine in a state-of-the-art virtual environment that the machine itself might be more secure. This can be true – if you do not connect it to the network. Otherwise, the OS and the application are as vulnerable as before.

This is all clear and in the meantime known to a lot of people. Virtualization gives us a lot. I think, it is a great technology to address quite some challenges (especially the challenge of having servers that are mainly "idlein" in the computer room) – but it does not address the challenge above. On the contrary, it adds additional risks.

I just read a very good article on that on Information Week: Virtualization Has A Security Blind Spot. In there, they mention five laws published by Burton Group:

  1. All existing OS-level attacks work in the exact same way.
  2. The hypervisor attack surface is additive to a system's risk profile.
  3. Separating functionality and/or content into virtual machines (VM) will reduce risk.
  4. Aggregating functions and resources onto a physical platform will increase risk.
  5. A system containing a "trusted" VM on an "untrusted" host has a higher risk level than a system containing a "trusted" host with an "untrusted" VM.

So, manage the risks and have fun with virtualization!

Roger

Comments
  • As far as the risks considered here is concerned, the LivePCs available by MokaFive can work to much extent and help in solving many of these issues. You may check the technology at their website:

    http://www.mokafive.com/

  • Help me understanding this: This technology to me seems similar to VMVare or VirtualPC. At the end of the day, if the virtualization software has vulnerability, this might impact the guest as well

    Roger

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment