Q
Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Do individual VMs bring virtualization security issues?

Don't treat physical and virtual machines' security differently. Since VM security issues threaten the whole infrastructure, here's how to stop spreading malware.

For security purposes, system administrators would be wise to think of their virtual machines as physical mach...

ines.

Administrators tend to dismiss virtualization security issues, largely due to the nature of the technology. When a VM is infected with malware, early detection usually means the threat is restricted to that VM. The sys admin simply deletes the infected VM and builds and configures a new one; the physical host remains completely unaffected. This is an extreme simplification of an all-too-common scenario, but it sheds light on why virtual security issues don't receive the same urgent attention as physical server security.

But what if the malware spreads beyond the "patient zero" VM?

Virtual machines, while easily scalable and easy to delete and rebuild, are also network-connected devices. They are capable of taking packets in and pushing them out. So once a virtual machine is infected with malware, the malware could very well propagate throughout the rest of the network.

Data centers need a security mechanism in place to avoid this contagion scenario.

System administrators in each enterprise network should take the time to secure VMs in a manner similar to that of physical machines.

Some organizations install host-based antivirus/antimalware software on each virtual machine. While this yields a secure VM, it can also cause licensing issues if you have to delete and rebuild the machine or VM cluster.

Others place host-based intrusion detection systems on each physical machine that supports virtualization.

Some choose a mix of different security mechanisms, such as network- and host-based intrusion detection systems, in accordance with need and network infrastructure.

About the author:
Brad Casey is an expert on network security with experience in penetration testing, public key infrastructure, VoIP and network packet analysis. He also covers system administration, Active Directory and Windows Server 2008, with interest in Linux virtualization and Wireshark captures. He spent five years in security assessment testing for the U.S. Air Force. Contact him at brad1505@hotmail.com.

Next Steps

Use secure VMs to contain a watering hole threat

Next-gen malware is sneakier, more sophisticated

Patch virtualized servers effectively

This was last published in April 2015

Dig Deeper on Virtualization and private cloud

PRO+

Content

Find more PRO+ content and other member only offers, here.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

2 comments

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

How does your enterprise avoid or handle virtualization security issues?
Cancel
Much of this depends on what I am using the virtual machines for. Since I am a tester, most of the virtual environments I spin up are for testing purpose, and by their very definition, are going to be subject to nefarious actions. Fortunately, they don't stay around long enough to become time bombs to my network, but the longer lived machines, or those I need to keep to perform heterogeneous environment testing with, those I make sure to treat like any other production server.
Cancel

-ADS BY GOOGLE

SearchWindowsServer

SearchServerVirtualization

SearchCloudComputing

Close