Government Technology - August 2008 - (Page 52)

security virtual traffic can lead to security lapses and “blind spots” — areas people can’t see in the infrastructure. It’s not unusual for networks to be so vast that people lose track of which virtual machine runs what application. This problem can be solved, but at times, it may not be that pressing of an issue. “There are very rare cases where customers need full visibility of every sort of piece of traffic going between machines,” said Nand Mulchandani, VMware’s senior director of product management and marketing. In normal physical data centers, no one views traffic because it’s not cost effective. “So when you move to a virtual environment, the loss of that visibility is actually not that big a deal,” Mulchandani said. In this example, one physical server acts as several virtual machines. Virtual Machines App. OS App. OS App. OS Virtual World Attackers Software that manages virtual machines is called the “hypervisor.” When installed on a host machine or operating system, the hypervisor sorts the host system’s processing power and other resources to support the various virtual machines. Some experts wonder if it’s a prime target for malicious programmers to corrupt or penetrate to gain access or control of scores of virtual machines. “The probability is high that we will see exploits targeting the hypervisors,” Unisys’ Hoff said. “The possibility really depends upon how well these vendors do in securing the underlying hypervisors themselves.” Hoff said inevitably hackers will target virtual environments specifically, but vendors have done a decent job of securing hypervisors’ underlying code. “There haven’t been any attacks against the hypervisor, so all of this talk and discussion is theoretical,” Mulchandani said. “What makes it hard to attack the hypervisor is the fact that the hypervisor is actually a very small piece of code. It has few interfaces to the outside world and does not communicate or have users checking e-mail and browsing the Web on it.” But just how do you secure the hypervisor? There are applications that reduce its attack surface, and methods include embedding the hypervisor deeper within the network or limiting the number of network channels. Attacking the hypervisor may be worth the trouble for only the most sophisticated hacker. After all, if you’re going to burglarize a house, why smash through the concrete foundation when you could break open the door or a window? “A Windows machine running on your Dell box in your physical data center and a virtual machine look identical because they have an IP address,” said Mulchandani. Consequently most hackers won’t care much about the hypervisor when they can use their regular tricks to attack the machines directly. Hoff feels the same way. “Attackers are lazy. They go after the low-hanging fruit,” he said. “Why would I bother deploying virtualized rootkits when I can just essentially exploit a poorly configured server?” This takes the same amount of effort it would take to infect a system with malware once someone clicks on a link they shouldn’t. Hypervisor Server SOURCE: VMWARE Security and Management Suppose you’re an IT manager who wants to see what happens in a section of your network. Virtual machine No. 20 is communicating with virtual machines No. 21 and No. 22, and you want to see what packets — formatted data blocks — are being exchanged. The solution is to find an application that lets you monitor traffic and provides the visibility you need. “There are a couple of folks, and VMware’s one of them, that have built net flow interfaces, which give you the ability to view what traffic is moving between all the different virtual machines within a specific hardware enclosure,” said Mike Rothman, president and principal analyst of Security Incite, an independent information security firm. Other vendors, including Microsoft, Blue Lane Technologies and Altor Networks, also have applications designed to monitor virtual traffic. These applications let people block, stop or analyze traffic. However, with so many vendors selling security-monitoring products, it’s not easy to pin down an industry leader or select a solution. “Right now, no one vendor can solve all the virtualization issues on [the] security side,” said Stefan Nguyen, a consultant for the Florida Department of Transportation who works on servers that support the central department office. Though these vendors’ software solutions all promise to monitor security, they don’t all do it the same way. “Each piece of software plays a [certain] role, so you can’t combine everybody. That’s why you have to use your own best practices.” AUG_08 Best practices are helpful, but sometimes customers are so in love with virtualization’s benefits — cost savings and energy reduction — that best practices become afterthoughts. “There [are] a lot of industry guidelines and platform providers’ suggestions, best practices, for securing virtualized environments,” said Christopher Hoff, chief security architect at Unisys. “It’s amazing how many people don’t do them.” Managing virtual networks is similar to managing physical ones. In fact, a good first step to securing a virtual infrastructure is securing the software that runs it. A properly configured physical network lays the foundation for a safe, properly configured virtualized one. “I don’t differentiate between my virtual and physical infrastructure,” said Ramsey, who recently received certified chief information officer accreditation though the University of Florida. In Charlotte County, Fla., he has eight physical servers that run 109 virtual machines. “You apply all the same methodologies and checks and balances that you would whether you’re dealing with a virtualized server or a physical server,” he said. As a beginning point, Mulchandani recommends securing the software that runs the virtualization platform. “When you move your machine from a physical machine — say you run on a Windows server or a desktop — and you [create] a virtual machine out of it, the security products and security of your machine are unchanged,” Mulchandani explained. “Meaning, if you were running antivirus software on your physical machine, it actually continues to run unchanged in your virtual machine.” 52 http://www.govtech.com

Table of Contents Feed for the Digital Edition of Government Technology - August 2008

Government Technology - August 2008 Contents Point of View The Last Mile Big Picture On the Scene Four Questions for... Net Gains A Government Technology® Industry Profile: CA CA Contents IT Network Management: State and Local Governments Face New Challenges MyFloridaNet Arkansas Department of Information Systems Hartsfield-Jackson Atlanta International Airport Government Tightens Its Belt Rocking the Vote High-Speed Portal Project On Track Wi-Fi on a Shoestring From Paintball to Video Virtually Vulnerable How It Works Products signal:noise

Government Technology - August 2008

For optimal viewing of this digital publication, please enable JavaScript and then refresh the page. If you would like to try to load the digital publication without using Flash Player detection, please click here.