Virtual Server security challenges: data theft and destruction
Virtual servers do not have many built-in security mechanisms. Although intruding into the server has become a very difficult task, it is not surprising that data is successfully stolen from the virtual server.
Despite the possibility of single point of failure (spof) and security vulnerabilities in the virtualization environment, it also reduces the scope of the equipment to be protected. With the integration features provided by virtualization technology, the enterprise's hardware equipment scale is shrinking. This trend can help reduce high availability requirements related to the network and power supply.
Virtualization technology uses smaller, uninterrupted power lines and generators to ensure continuous power supply. Reducing the number of physical network interfaces can reduce the risk of network attacks, you can even add monitoring on active ports. Although this method can reduce hardware-related security problems, it unfortunately poses a great threat to software resources. Users can easily create and deploy virtual servers and networks without prior approval in some cases.
Of course, the idea of relying solely on a malicious server or vswitch can paralyze the entire infrastructure is far-fetched. However, if an unregistered system enters a controlled infrastructure, its existence does pose a threat to the stability of the infrastructure. Malicious systems will become a crack in the data center Protection Armor, which is becoming more and more common, because deploying new systems in a virtualized environment does not face restrictions such as physical hardware overhead. In the past, before the project began, you had to apply for funds to purchase physical servers in advance. Finally, this process became a security measure to defend against malicious deployment.
However, in a virtualized environment, you only need to click a few clicks to create a large number of virtual servers. Previously, cost restrictions no longer exist. To protect the infrastructure, You need to first understand which components are included, but it is becoming increasingly difficult to do this. Each newly added virtual machine may become a possible crack in data center armor. Limiting user permissions in virtual environments and preparing audit reports is the best way to prevent the deployment of malicious systems.
Data theft is another security problem that traditional hardware environments will not encounter as a result of virtualization technology. In the past, data thieves had to spend some time cracking the operating system's security protection mechanism before trying to obtain sensitive data from the server. This is because thieves generally do not have other available methods: they can only access hardware or copy data physically, while hardware is usually placed in a closed environment and monitored using cameras and security guards, data and software are encrypted and protected by the operating system. Stealing data after logging on to the operating system is a more challenging method. If someone wants to access the protected data, it may trigger monitoring alarms, and the access information will be recorded. Of course, this does not mean that data theft will not happen again in the future, but the implementation difficulty has been greatly improved.
After the emergence of virtualization technology, the server is no longer a hardware device, but a series of files in the storage device. Like any other type of file, we can copy any data in the operating system without affecting the normal operation of the original server. This feature is not a bug, but a new feature that helps deploy virtual machines. After copying all the virtual machine files, you can rename them and start the system again, or transfer them to other sites for disaster recovery. Unfortunately, this portability brings new risks. Although the size of the Server File is very large and not easy to move or copy, it is not completely impossible.
Since the copied data is not active, you can easily download and copy the data to a pluggable USB device, and then use these files to build a new virtual machine. Although thieves require additional permissions to access the virtualized environment, they do not need all administrator permissions. Virtualization technology makes it possible to steal the entire server or even the entire data center. Thieves no longer need physical access to steal servers or disrupt existing security protection mechanisms.
Data destruction
As mentioned earlier, virtual machines are a collection of files, which means that some users can delete these files in addition to copying them. Whether it is intentional-such as employee revenge, or abnormal application processes-such as out-of-control snapshots, your virtual machines are very fragile in the face of these operations. VMware and other vendors have multiple mechanisms to protect and recover data, but in essence, your virtual machine is still a collection of files that can be easily deleted.
Data theft and destruction may occur in multiple IT systems, whether based on hardware or software. However, if the server is in a hardware environment, there is a natural protection mechanism that is subject to the number and spread of virtual machines to provide data security. In a virtualized environment, most of these protection mechanisms no longer exist. In fact, many tools and features we use incorrectly may cause data theft and data loss events. Virtualization technology will not disappear in a short time. Therefore, IT departments are required to rethink system redundancy, availability, and security from different perspectives.