Study: Virtual Boxes Aren't Locked Up Tight Enough
Virtualization has come to be the hot pick for consolidating and cutting hardware costs. All those machines within machines raise questions about the safety of what's inside, though, and according to a recent study, some are seriously lacking in good answers.
The analysts at Gartner have been pondering virtualization lately, with particular emphasis on how migration affects security. According to their research, that effect is considerable: They estimate that some sixty percent of virtual servers are less secure than the original boxes.
How could such a situation arise? Several ways, it turns out.
Topping the list is poor planning, though not necessarily the way one would think. Many teams, they say, fall victim to the assumption that "nothing has changed" — the new virtualize machine does exactly what the old one did. However, a well-thought-out security strategy that worked on the old machine doesn't necessarily take into account all the elements introduced by the virtualization environment.
Compounding the lack of pre-planning are the actual vulnerabilities themselves. According to Gartner, the virtualization layer should be treated "as the most critical x86 platform in the enterprise data center," keeping it "as thin as possible, while hardening the configuration to unauthorized changes." They go on to note that "Above all, organizations should not rely on host-based security controls to detect a compromise or protect anything running below it."
Gartner also pointed to issues between separate machines running on the same host as key vulnerabilities, particularly where multiple permission layers are involved. Though the company believes only forty percent of machines are currently secure, they estimate that percentage will reach seventy by 2015.
Justin Ryan is a Contributing Editor for Linux Journal.
|Android Candy: Copay—the Next-Generation Bitcoin Wallet||Sep 03, 2015|
|The True Internet of Things||Sep 02, 2015|
|September 2015 Issue of Linux Journal: HOW-TOs||Sep 01, 2015|
|September 2015 Video Preview||Sep 01, 2015|
|Using tshark to Watch and Inspect Network Traffic||Aug 31, 2015|
|Where's That Pesky Hidden Word?||Aug 28, 2015|
- Using tshark to Watch and Inspect Network Traffic
- Problems with Ubuntu's Software Center and How Canonical Plans to Fix Them
- Android Candy: Copay—the Next-Generation Bitcoin Wallet
- September 2015 Issue of Linux Journal: HOW-TOs
- The True Internet of Things
- Firefox Security Exploit Targets Linux Users and Web Developers
- Where's That Pesky Hidden Word?
- A Project to Guarantee Better Security for Open-Source Projects
- Concerning Containers' Connections: on Docker Networking
- My Network Go-Bag