August 18, 2008 By Hilton Collins
with virtual machines No. 21 and No. 22, and you want to see what packets - formatted data blocks - are being exchanged. The solution is to find an application that lets you monitor traffic and provides the visibility you need.
"There are a couple of folks, and VMware's one of them, that have built net flow interfaces, which give you the ability to view what traffic is moving between all the different virtual machines within a specific hardware enclosure," said Mike Rothman, president and principal analyst of Security Incite, an independent information security firm.
Other vendors, including Microsoft, Blue Lane Technologies and Altor Networks, also have applications designed to monitor virtual traffic. These applications let people block, stop or analyze traffic. However, with so many vendors selling security-monitoring products, it's not easy to pin down an industry leader or select a solution.
"Right now, no one vendor can solve all the virtualization issues on [the] security side," said Stefan Nguyen, a consultant for the Florida Department of Transportation who works on servers that support the central department office. Though these vendors' software solutions all promise to monitor security, they don't all do it the same way. "Each piece of software plays a [certain] role, so you can't combine everybody. That's why you have to use your own best practices."
Best practices are helpful, but sometimes customers are so in love with virtualization's benefits - cost savings and energy reduction - that best practices become afterthoughts.
"There [are] a lot of industry guidelines and platform providers' suggestions, best practices, for securing virtualized environments," said Christopher Hoff, chief security architect at Unisys. "It's amazing how many people don't do them."
Managing virtual networks is similar to managing physical ones. In fact, a good first step to securing a virtual infrastructure is securing the software that runs it. A properly configured physical network lays the foundation for a safe, properly configured virtualized one.
"I don't differentiate between my virtual and physical infrastructure," said Ramsey, who recently received certified chief information officer accreditation though the University of Florida. In Charlotte County, Fla., he has eight physical servers that run 109 virtual machines. "You apply all the same methodologies and checks and balances that you would whether you're dealing with a virtualized server or a physical server," he said.
As a beginning point, Mulchandani recommends securing the software that runs the virtualization platform.
"When you move your machine from a physical machine - say you run on a Windows server or a desktop - and you [create] a virtual machine out of it, the security products and security of your machine are unchanged," Mulchandani explained. "Meaning, if you were running antivirus software on your physical machine, it actually continues to run unchanged in your virtual machine."
Virtual World Attackers
Software that manages virtual machines is called the "hypervisor." When installed on a host machine or operating system, the hypervisor sorts the host system's processing power and other resources to support the various virtual machines. Some experts wonder if it's a prime target for malicious programmers to corrupt or penetrate to gain access or control of scores of virtual machines.
"The probability is high that we will see exploits targeting the hypervisors," Unisys' Hoff said. "The possibility really depends upon how well these vendors do in securing the underlying hypervisors themselves."
Hoff said inevitably hackers will target virtual environments specifically, but vendors have done a decent job of securing hypervisors' underlying code.
"There haven't been any attacks against the hypervisor, so all of this talk and discussion is theoretical," Mulchandani said. "What makes it hard to attack the hypervisor is the fact that the hypervisor is actually a very small piece of code. It has few interfaces to
You may use or reference this story with attribution and a link to