What are the security risks in the virtual machine environment

Virtualization reduces costs and reduces the number of servers that need to be maintained. Can virtualization also create security vulnerabilities? It is clear that people can never use a virtual server to do things that a physical server cannot do. However, the nature of the virtual machines may cause special security problems.

New Applications view virtualization as the Holy Grail of enterprise computing. Virtualization enables the consolidation of separate servers and databases to provide more economical operations. Running a consolidated computer with a single virtual machine also eliminates the power to keep standby servers and data processing machines running waste.

However, a virtual computing environment can also set up unexpected security barriers. For example, virtualization sometimes bypasses network security standards that rely on hard connections to work.

Another security vulnerability is that some virtual machines can be "hidden" to prevent security authorities from discovering them because the virtual machines do not always boot up. As a result, secure network scans often miss unsafe virtual servers because they do not have to be started and run to be discovered when they are scanned.

The mobility of virtual environments can also pose a security challenge. Virtual machines can "go away": because their containers can be downloaded to a desktop computer and placed on a storage stick, mobile virtual machines can leave the physical security environment with the storage rods.

Eric Mandel, chief executive of Blackmesh, the managing host services company, says virtualization can be implemented. The system is as secure as it can run in a local environment. The idea behind using virtualization is to create multiple system mirrors on a physical machine. The same security concept applies to virtual mirrors, just as it does for local systems, except that the host system must also be locked. Security risk issues must be considered in any environment.

A real quarantine?

Theoretically, the computer processes running in a virtual environment are isolated from other virtual machines running on the same physical hardware. Each virtual machine instance can be stored on a physical hard drive, shut down and carry away to continue isolating and securing. In practice, however, security concerns are not always that simple.

A virtual machine is defined by this host system. There is only one host system on each physical server. However, the same host system can create many virtual machines.

Once a virtual machine is defined, the virtual machine can be run in its own instance. It may be able to access resources that are allowed to be accessed by other virtual server machines, such as virtual hard disks, CD/DVD drives, tapes, and so on. This means that each virtual machine can be completely independent of the other virtual machines on the same physical hardware. However, this virtual environment is set up to allow virtual machines to share these same resources.

In this case, Mandel says, a virtual machine instance can infect shared data, which in turn affects the virtual machines that are sharing the same resources. This host system is isolated from this problem because it has a separate hard disk that only it can access.

Mandel warns that the most common, real-world hosted multiple virtual servers have an impact on a physical server that is competing for system resources between virtual instances. The resources that multiple virtual servers can use on a single physical server typically include hard disk input/output, memory, processors, and so on.

Not convincing.

Not all the hype about virtualization technology believes that virtualization is a security issue. Virtual software vendors are developing tools to prevent security problems.

' We've heard about these concerns, ' said Dirk Morris, chief technology officer at untangle company. There are no real virtual security vulnerabilities. The risk of a virtual machine is small compared to the benefits. His company provides open source software network gateway devices.

Morris added that untangle has virtualized its data center and has not encountered any problems. His company runs 20 different servers on a virtual machine. Virtualization does change the way things are backed up, he says. Virtualization can pose a security problem. However, we have not encountered so far.

There are differences of opinion

However, there is no conclusion as to what virtualization might look like when used in conjunction with other computing devices. In general, it is the virtualization vendors who advertise that there are no security issues. "Virtualization does not add anything to the security environment," said Scott Montgomery, vice president of global technology strategy at Secure computing company. It is a powerful tool for cost savings. But virtualization is not a panacea. It doesn't solve all your problems. Virtual machines do not reduce security. It just makes the security situation different from the original. VMware's people say virtualization increases security. I won't go that far.

Montgomery for example, if a virtual machine is not connected to the network for one months. When it is reconnected to the network, all security measures are out of date. This is a specific problem with virtualization. How do you fix outdated virus characteristics? He points out that some vendors have the tools to do this.