Security experts believe that virtualization makes the system more vulnerable to hacker attacks.

Virtualization technology enables multiple operating systems to run application software on the same computer, which can better manage and use IT resources, thus attracting the attention of IT managers.

However, some IT managers and security researchers have warned enterprises that the technical problems presented after virtualization will make their systems more vulnerable to hacker attacks.

Chad Lorenz C, a technical security officer at a financial service company, said IT security and compliance projects for virtual machines are far more complex than servers that run a single operating system and application software.

"Currently, we cannot find a single solution to solve the security problems in the virtual environment. It should be considered from the perspectives of customers, processes, and technologies ."

Virtualization technology enables enterprises to integrate application software running on multiple systems of a single server, which simplifies management requirements and makes IT hardware resources more available. However, although this technology has existed for many years, IT enterprises have not been very interested in this technology until recently. At the same time, companies such as Intel, AMD, VMware, Microsoft, and IBM have also developed many products.

George Gerchow, a technical analyst at a security company, said they must understand that merging multiple servers into one would not change their security requirements until IT architecture is switched to virtualization tools.

In fact, he noticed that each virtual server is facing the same threat as a traditional server. "If a host is vulnerable to attacks, all virtual clients and enterprise application software on these virtual machines are also at risk," George said ."

Therefore, a server running a virtual machine faces more risks than a physical server.

He noted that virtualization software makes it easier for developers, quality assurance teams, and other enterprise users to establish virtual machine programs and avoid technical vulnerabilities. If it administrators do not start to control it, such virtual machines may suddenly appear, be transferred between systems, or disappear completely.

"The IT department is often not ready to cope with this complex system, because they do not know which server the virtual machine exists on, I do not know which server is running and which is not running." Because you do not know the running status of the virtual machine, the company generally cannot patch or upgrade the system as necessary.

Complexity of patching the system

Even if IT employees do understand the running status of virtual machines, they still face the problem of installing patches or taking the system offline for regular security upgrades. As the number of virtual machines increases, the risks of system patches and application software upgrades also increase one by one.

Lorenz recommends that enterprises install tools that can quickly check and discover virtual machines when creating virtual servers. He also suggested that enterprises adopt strict policies to control the expansion of the number of virtual machines. At the same time, an important point for IT managers is to have a clear understanding of the operation of each enterprise's application software in a virtual environment. Enterprises should establish separate patch processes for virtual machines, create strict improvement management policies, and restrict access to virtual environments.

We are still at this stage: we must mature some operational processes in this field by improving management and technology.

BT Radianzd's chief security officer, Lloyd Hession, said virtualization also revealed a potential network access path control problem. He noted that this technology allows different application software servers with multiple access needs to run on a single host with a single IP address. Therefore, IT administrators should adopt appropriate access path control methods to ensure that a network license corresponds to a virtual server on a host.

Currently, most networks are not virtualized. Many network license control technologies make the "enter" and "Do Not Enter" decisions unknown, whether a server is a virtual machine or not.

Security experts also noted that the Extended features from major providers of virtualization tools provided hackers and security researchers with a bunch of unresearched code to detect security vulnerabilities and system attacks.

This month, Microsoft released a patch to handle a vulnerability in its virtualization software-users can access the operating system and application software without control, microsoft regards this defect as important rather than critical.

Security experts said that with the popularization of virtualization technology, more such vulnerabilities will emerge in software packages.

Possible Defects

Kris Lamb, head of the X-Force Team of the IBM Network System Department, uses the virtual machine control tool-management system virtualization function as a powerful potential platform for hackers to attack virtual machines.

As the dividing line between hardware and different virtual machines on the host, the virtual machine Manager uses the console to manage host resources.

According to security experts, the control software is usually only at a certain hardware level, used to launch imperceptible attacks on operating systems and application software. In fact, security researchers say they have demonstrated how control software can launch Virtual Machine attacks. For example, Microsoft and University of Michigan researchers discovered SubVirt early this year, which can use "root Files" to install virtual machine controllers in an operating system, this behavior enables researchers to fully control virtual machines.

A similar attack method called Blue Pill was developed by Joanne Rutkowska. Rutkowska's "root file" attack method is based on AMD's security virtual machine, and the code name is Pacifica. IT uses a method similar to SubVirt to attack the virtual system, but IT has not been discovered by IT personnel.

For hackers, such software provides them with a target.