Virtualization offers a sound way for government agencies to meet almost insatiable demands for service without increasing costs. The technology reduces both IT spending and the data center footprint by sharing hardware resources among multiple, diverse workloads.
Unfortunately, the performance and financial benefits of virtualization also come with new risks.
Multiple guest operating systems run on a single hardware platform. A component known as the hypervisor manages access to memory, storage and processing hardware. Ideally, each of the virtual servers running on a hypervisor should be unaware of each other’s existence and not have access to resources on other virtual machines. The hypervisor manages that environment and maintains the isolation between VMs. Sometimes, that security breaks down, which means administrators must pay careful attention to the risks inherent in virtualized platforms.
The good news? Agencies can deploy a robust set of controls specifically designed to secure virtualized environments.
1. Agency Cybersecurity Teams Should Patch Hypervisors Regularly
With the hypervisor isolating the VMs, in theory, even if attackers compromise a single virtualized system, they should not be able to leverage that vulnerability to access resources belonging to other virtual systems.
But in a “VM escape” attack, hackers exploit hypervisor vulnerabilities to gain direct access to the underlying hardware resources, which also means that they can view or alter sensitive information belonging to another virtualized host.
Those critical flaws have the potential to undermine the security of large swaths of any data center, so virtualization vendors are quick to release patches for any vulnerability that may lead to hypervisor compromise; however, patches only work when organizations apply them promptly. Agency cybersecurity and virtualization teams should place a high priority on monitoring virtualization vendor security newsfeeds for patch announcements and apply them as quickly as possible to minimize exposure.
2. Secure Management Interfaces to Protect the Data Center
Virtualization platforms may bring efficiency and cost-effectiveness to government data centers, but they also add complexity in the form of an additional management interface to defend. Agencies must secure their management interface to ensure that even if attackers gain administrative access to a system, they can’t take control of a major portion of the data center and manipulate hardware resources at will.
The best defense here is to tightly restrict access. In addition to requiring strong multifactor authentication for the interface, security teams should ensure that it is only accessible from a virtual local area network dedicated to that purpose. When an administrator requires access, he or she first must connect to the dedicated VLAN through either a VPN or jump box, which greatly reduces the risk of a compromise by preventing attackers from stumbling across the interface during routine network scans.
3. Segregate Network Traffic with Virtual Switching Tech
In a legacy data center, network administrators use switches to prevent network eavesdropping. Switched networks route traffic directly to the destination machine without broadcasting it for other machines to hear. In a virtualized network, the switch cannot play that role, because much of the traffic on the network never touches a physical switch, routed instead by the hypervisor between systems on the same virtualization platform.
That doesn’t mean that network traffic segregation is impossible, but it requires alternative techniques. Most virtualization platforms offer virtual switching technology that allows administrators to replicate switch functions within the virtualization platform, ensuring VMs will not eavesdrop on each other’s network traffic.
Administrators should also ensure that when that traffic reaches the physical data center network, it remains segregated. Bundle network uplinks into like security levels before physically connecting them to different switch ports connected to VLANs, dedicated to traffic of that security level.
4. Monitor Networks Carefully for Warning Signs
Even the most carefully designed security controls sometimes fail. One of the key tasks for agency cybersecurity teams is to monitor networks and systems for signs of compromise. That requires a robust set of technologies and processes, including intrusion detection and prevention systems, detailed logging and security information and event management systems, which correlate collected information. When designing monitoring strategies, pay particular attention to monitoring virtualization platforms for signs of compromise, such as unusual inter-VM network activity or administrative connections from unusual sources.