Externalization is Key to Virtual Scalability

By Robert Grapes
published: Thursday, January 07 2010

The trend toward operating in a virtual environment is led by its business benefits as virtual machines can operate over open systems, platforms and protocols, and are portable across systems.  Implementing the appropriate security controls in a virtual environment must account for the dynamic nature of virtual machines (VM) themselves - while simultaneously overcompensating for the barrage of novel exploits that are sure to follow the new technology platform.  As a result, the security complexities facing virtualized infrastructures can be easily overlooked - and potentially catastrophic.

Many companies don’t realize that the success of large scale virtualization efforts depends on the degree to which services required to operate the virtual machines can be externalized. As more services are included within a VM, the amount of management and maintenance required significantly increases for that machine. While small deployments may be able to manage the burden, large scale deployments often buckle under the pressure and fail.

In a physical server environment, a security approach is formed around the chipset, firmware, operating system, networking, application settings and the available external services. Typically, virtualization projects are designed for a particular application or departmental need and rarely tap into the broader services offered across the corporate network. As more and more of these virtual applications were designed and deployed, organizations recognized the scale that could be realized by tapping into the services available to the physical counterparts. As a result, virtualization design and deployment standards came into effect. Running on top of the existing hardware platform, these simple virtual machines embed their own operating system, file system, access controls, credential management, network interfaces, databases, application servers, web servers and more.

Analysts predict that as companies rush to benefit from virtual systems and applications, more than 60% of virtual machines deployed will be less secure than their physical counterparts. As virtualization becomes the standard against which all applications will be deployed, companies must be able to rationalize and normalize the services used by the virtual environment.

Driven by the potential cost reductions gained through server consolidation, the virtualization movement has delivered multiple benefits and proven deployments over the past few years. Yet without proper security planning, virtualization could come at a cost that greatly outweighs the potential savings.  By proactively addressing these security concerns, companies can save a tremendous amount of administrative overhead and close several potential security gaps.

Authentication and Access Controls

Authentication and access control are the fundamental components of any security design. Knowing who, or what, is connecting to your system and what permissions they have is critical to secure the system and its data. With virtualization, several decisions need to be made to ensure that the appropriate controls are put into place:

• How does the access control system on the physical host impact the access control of the virtual host?
• If the virtual machine is portable and can operate across many physical hosts, how are those access controls made portable too?
• Can a virtual machine snapshot be copied and executed on any physical machine?
• If a virtual machine is copied across multiple physical machines are its accounts and passwords being replicated as well, potentially becoming unsynchronized and creating account lock-outs?
• Should an application be allowed to access another application or database from any physical host?

Additional questions like this could and should be asked as part of a thorough threat and risk assessment. Ultimately, gaining answers to as many questions as possible will allow for a more secure system and eliminate potential deployment barriers.

Externalizing the authentication of users through the use of an LDAP/Active Directory based identity management system, the implementation of an SSO system, or use of two-factor tokens will remove the need to manage separate authentication stores on each virtual machine. While this works fine for the end-user community and is the recommended approach, it does not completely solve the challenge of administrator and application access. Many but not all applications include support for pluggable authentication; that is, they are capable of interacting with external authentication stores through the installation of the appropriate software modules. For those applications that do not support external authentication, but rather fall back to basic authentication using identities (ID’s) and passwords, the organization is stuck with maintaining a user store for that specific application. To make matters worse, any program that needs to interact with that application or its data may require the hard-coding of IDs and passwords -  which in this day and age of compliance and audit requirements is rapidly becoming a taboo practice.

Basic authentication to any access control system is achieved using a valid ID and password. All operating systems and applications include support for basic authentication. Even when pluggable authentication has been enabled for end-users, administrators and programs still use shared ID’s and passwords. Common arguments against the use of passwords have been that they are generally poor at defending against a dedicated attack because of their short length, weak composition and the fact that they are infrequently changed – holding to the belief that long, strong and regularly maintained IDs and passwords will provide an adequate control for the authentication to systems. Passwords also eliminate the cost and complexity of deploying two-factor token or biometric authentication approaches. Maintaining the administrator and program IDs and passwords, or privileged accounts, across the physical, virtual and application environment poses a much bigger challenge to organizations.