Nmedia - Fotolia
For security purposes, system administrators would be wise to think of their virtual machines as physical machines.
Administrators tend to dismiss virtualization security issues, largely due to the nature of the technology. When a VM is infected with malware, early detection usually means the threat is restricted to that VM. The sys admin simply deletes the infected VM and builds and configures a new one; the physical host remains completely unaffected. This is an extreme simplification of an all-too-common scenario, but it sheds light on why virtual security issues don't receive the same urgent attention as physical server security.
But what if the malware spreads beyond the "patient zero" VM?
Virtual machines, while easily scalable and easy to delete and rebuild, are also network-connected devices. They are capable of taking packets in and pushing them out. So once a virtual machine is infected with malware, the malware could very well propagate throughout the rest of the network.
Data centers need a security mechanism in place to avoid this contagion scenario.
System administrators in each enterprise network should take the time to secure VMs in a manner similar to that of physical machines.
Some organizations install host-based antivirus/antimalware software on each virtual machine. While this yields a secure VM, it can also cause licensing issues if you have to delete and rebuild the machine or VM cluster.
Others place host-based intrusion detection systems on each physical machine that supports virtualization.
Some choose a mix of different security mechanisms, such as network- and host-based intrusion detection systems, in accordance with need and network infrastructure.
About the author:
Brad Casey is an expert on network security with experience in penetration testing, public key infrastructure, VoIP and network packet analysis. He also covers system administration, Active Directory and Windows Server 2008, with interest in Linux virtualization and Wireshark captures. He spent five years in security assessment testing for the U.S. Air Force. Contact him at firstname.lastname@example.org.
Use secure VMs to contain a watering hole threat
Next-gen malware is sneakier, more sophisticated
Patch virtualized servers effectively
Dig Deeper on Virtualization and private cloud
Related Q&A from Brad Casey
Allowing users to tunnel through a firewall to access any site creates a security risk. How big of a risk is it? It depends on how much you trust ... Continue Reading
Our IT organization needs to secure customer names, but also needs to conduct searches on the entire customer database to match and merge records. Continue Reading
I have only seen companies deploy a NetBackup master server on a physical server. Are there any drawbacks to using a VM as a NetBackup master server? Continue Reading