Does not make virtualization the best choice for server security

Server virtualization requires only a small amount of hardware resources to run multiple applications and operating systems, allowing users to quickly allocate new resources as needed. However, these flexibility also causes network and security managers to worry that security risks in the virtual environment will spread throughout the network. If a problem occurs with the server management program, it will soon spread through the Virtual Machine throughout the network. Next, let's take a look at the problems related to server virtualization from the following four aspects:

1. Virtual Machine overflow causes security problems to spread. security risks in the management program design process can infect virtual machines on the same physical host. This phenomenon is called "Virtual Machine overflow ".

Currently, technical engineers usually isolate virtual machines to ensure the security of the virtual environment. The traditional way to ensure the security of virtual environments is to set up a firewall between databases and applications. They save the virtualization environment offline from the network to help ease security concerns. This is a good method for virtualized environments.

If the virtual machine can be detached from the environment of the Management Program, intruders will have the opportunity to access the management program that controls the virtual machine, thus avoiding the security control system specially designed to protect the virtual machine. Security issues in the virtual world are trying to get out of the control of virtual machines. Although no company would allow security issues to spread and spread across virtual hosts through hypervisor technology, such security risks still exist. Because intruders or security vulnerabilities can make trouble between virtual machines, this will become a problem that developers must face during the development process.

2. The number of virtual machines doubles, increasing the burden of patch updates

IT management people also agree that patches are critical in a virtualized environment, but the real difference between virtual machines and physical server patches is not a security issue, but a matter of quantity. Like physical servers, virtual servers also require Patch Management and routine maintenance. At present, companies in the world have adopted three virtualization environments-two inside the network and one in the isolation zone DMZ)-about 150 virtual machines. However, such arrangement means that the hypervisor adds an additional layer for Patch Management. But even so, it still cannot change the key issues of physical machines or virtual machines.

Another security risk for virtual machines is that virtual machine patching faces greater challenges, because as the speed of virtual machines increases, patch fixing problems also multiply.

In addition, when the server grows exponentially, it also puts a certain amount of pressure on technical engineers to increase the number of patch servers in a timely manner. They are increasingly concerned with the birth of automated tools to achieve this process.

3. Run the VM in the isolation zone DMZ.

Generally, many IT administrators do not want to place virtual servers in the isolation zone DMZ. Other IT managers will not run critical applications on the DMZ virtual machines in the isolation zone, or even those servers protected by the company's firewall. However, it is also feasible to take proper security measures. You can run Virtualization in the isolation zone DMZ, even if the firewall or isolation device is on a physical machine. Many IT managers are dedicated to separating their virtual servers and placing them under the protection of the company's firewall, another practice is to place virtual machines in the isolation zone-only run non-critical applications on it. In most cases, it is safer to separate resources for server hosting. In this case, both the isolation zone and the non-isolation zone can establish a virtual environment, which restricts access in the virtual resource cluster. "Each cluster has its own resources and portals, so it cannot be connected back and forth between clusters," he explained.

4. New Features of hypervisor technology are vulnerable to hacker attacks. Any new operating system may have vulnerabilities and flaws.

5. virtualization is essentially a brand new operating system, and there are many aspects that we don't know yet. It will affect each other between the preferred hardware and the use environment, making the situation messy.

6. Does this mean that hackers have the opportunity to discover virtual operating system defects and initiate attacks. Industry observers suggest that security maintenance personnel always be cautious about virtual operating systems. They may cause vulnerabilities and security risks. It is not enough for security maintenance personnel to repair by manual patches.

Virtualization management programs are not the security risks that people imagine. Based on the knowledge of Microsoft's popular patch Windows operating systems, virtualization vendors such as VMware are also working on developing management program technologies to control the possibility of security vulnerabilities.