Nmedia - Fotolia

Do individual VMs bring virtualization security issues?

Don't treat physical and virtual machines' security differently. Since VM security issues threaten the whole infrastructure, here's how to stop spreading malware.

For security purposes, system administrators would be wise to think of their virtual machines as physical machines.

Administrators tend to dismiss virtualization security issues, largely due to the nature of the technology. When a VM is infected with malware, early detection usually means the threat is restricted to that VM. The sys admin simply deletes the infected VM and builds and configures a new one; the physical host remains completely unaffected. This is an extreme simplification of an all-too-common scenario, but it sheds light on why virtual security issues don't receive the same urgent attention as physical server security.

But what if the malware spreads beyond the "patient zero" VM?

Virtual machines, while easily scalable and easy to delete and rebuild, are also network-connected devices. They are capable of taking packets in and pushing them out. So once a virtual machine is infected with malware, the malware could very well propagate throughout the rest of the network.

Data centers need a security mechanism in place to avoid this contagion scenario.

System administrators in each enterprise network should take the time to secure VMs in a manner similar to that of physical machines.

Some organizations install host-based antivirus/antimalware software on each virtual machine. While this yields a secure VM, it can also cause licensing issues if you have to delete and rebuild the machine or VM cluster.

Others place host-based intrusion detection systems on each physical machine that supports virtualization.

Some choose a mix of different security mechanisms, such as network- and host-based intrusion detection systems, in accordance with need and network infrastructure.

About the author:
Brad Casey is an expert on network security with experience in penetration testing, public key infrastructure, VoIP and network packet analysis. He also covers system administration, Active Directory and Windows Server 2008, with interest in Linux virtualization and Wireshark captures. He spent five years in security assessment testing for the U.S. Air Force. Contact him at [email protected].

Next Steps

Use secure VMs to contain a watering hole threat

Next-gen malware is sneakier, more sophisticated

Patch virtualized servers effectively

Dig Deeper on Virtualization and private cloud