Virtualization has become an important tool for many organizations as they look for ways to optimize existing servers and infrastructure. Yet for all its benefits, there is concern that virtualized environments may not be properly addressed in an organization's network security policy.
A network security policy is the high-level document developed by management to transmit the guiding strategy and philosophy of management to employees. Management and business process owners are responsible for the organization and for designing security policies that will guide it toward success. Policies apply a strong emphasis to words spoken by management. Network security policies should spell out who is responsible for security and what needs to be protected in the virtualized environment, as well as define an acceptable level of risk. Some of the key areas to be addressed by the security policy for a network virtualization environment include the following:
- Authorization and accountability
- Replication, fault tolerance and failover
- Host security
- Shared resources
- Incident response
Setting access rights
Authorization has to do with determining who is responsible for setting access rights for the host servers and associated virtualized systems. For small organizations, the policy may allow the host server and virtualized server manager to be the same individual. In larger entities, these roles should be divided so that different roles are separated into such categories as host administrators, backup operators, virtual network administrators and end users. With the importance of virtualization in most large environments, the need for logs on most, if not all, components within the environment should be obvious. Audit logs should be detailed, confidential and include integrity controls. The policy should also discuss review and retention times.
Implementing required replication, fault tolerance and failover controls requires a clear understanding of service dependencies. For example, if a single virtualized server should fail, it can be replicated quickly. But if several host servers fail, what's the plan to replicate those systems and their virtualized clients? The major advantage of virtualization is high availability; your network security policy, then, should address the high availability options of VMware, Hyper-V and XenServer. If your policy addresses this, you can have a fully redundant device with the exact some configuration standing by in the event that it's required to take over processing.
Host security is a critical component
Host security is critical. There is a big difference between physical and virtual systems: Virtual systems are really just a collection of files that can be stolen, copied and manipulated. This is much different from physical systems. Because attackers can potentially copy these files, access control must be closely reviewed. Policy must also address the potential for malware spreading from one virtualized system to another.
Shared resources are another key area of concern. A single virtual system user has potential access to RAM, CPU and possibly even the network interface card (NIC) of the physical system. That opens the possibility that data can be mined from shared resources or that network taps or sniffers could be used to intercept traffic traversing the physical NIC.
Backup, in the meantime, may appear to be something that you're already taking care of since you are already backing up the entire physical system. However, since virtualization almost always makes use of large-scale, shared storage environments, by backing up the host's hard drive the data is now being saved as one contiguous file. If a small portion of this file becomes corrupted, you might lose virtual systems. Each virtual system may need to be backed up using native virtualization replication. At the least, your network security policy must determine this.
Have an incident response plan in place
While we all hope nothing ever goes wrong, the fact of the matter is that bad things do occur. Before they do, ensure you have a good incident response plan in place to deal with any potential problems. That plan must address the virtual environment. Consider this scenario: The FBI moves to seize one virtual system for a civil court case. If agents remove the entire hard drive, what happens to the other systems on the shared drive?
Don't overlook training. Your policy must address what employees can and cannot do. Training should also be used to enforce good security practices. An improperly trained employee might accidently provide a password to a potential hacker. Without proper training, employees are generally unaware of how their actions or activities can affect the security of the organization. One of the weakest links in security is the people who work for the company.
An enterprise's policy for network security for a virtualized environment must take into account the many changes that virtualization has brought to the workplace. A virtualized network security policy is needed because existing security policies, some of which are developed in a pre-virtualized environment, are not sufficient.
Today's virtualized policies must touch on both technology and people. The technology side of the policy must address the many unique attributes in a virtualized environment and encompass audit, backup and host security. The people side of the policy, in the meantime, not only must include training on good security practice, but also an understanding among employees about how their actions can affect the security of their organizations.
About the author:
Michael Gregg, CISSP, CISA, CISM, CASP, is an "ethical hacker" who provides cybersecurity and penetration-testing services to Fortune 500 companies and U.S. government agencies. He's published more than a dozen books on IT security and is a well-known speaker and security trainer. Gregg is chief operations officer of Superior Solutions Inc., headquartered in Houston.