Study: Virtual Boxes Aren't Locked Up Tight Enough
Virtualization has come to be the hot pick for consolidating and cutting hardware costs. All those machines within machines raise questions about the safety of what's inside, though, and according to a recent study, some are seriously lacking in good answers.
The analysts at Gartner have been pondering virtualization lately, with particular emphasis on how migration affects security. According to their research, that effect is considerable: They estimate that some sixty percent of virtual servers are less secure than the original boxes.
How could such a situation arise? Several ways, it turns out.
Topping the list is poor planning, though not necessarily the way one would think. Many teams, they say, fall victim to the assumption that "nothing has changed" — the new virtualize machine does exactly what the old one did. However, a well-thought-out security strategy that worked on the old machine doesn't necessarily take into account all the elements introduced by the virtualization environment.
Compounding the lack of pre-planning are the actual vulnerabilities themselves. According to Gartner, the virtualization layer should be treated "as the most critical x86 platform in the enterprise data center," keeping it "as thin as possible, while hardening the configuration to unauthorized changes." They go on to note that "Above all, organizations should not rely on host-based security controls to detect a compromise or protect anything running below it."
Gartner also pointed to issues between separate machines running on the same host as key vulnerabilities, particularly where multiple permission layers are involved. Though the company believes only forty percent of machines are currently secure, they estimate that percentage will reach seventy by 2015.
Justin Ryan is a Contributing Editor for Linux Journal.
|Non-Linux FOSS: libnotify, OS X Style||Jun 18, 2013|
|Containers—Not Virtual Machines—Are the Future Cloud||Jun 17, 2013|
|Lock-Free Multi-Producer Multi-Consumer Queue on Ring Buffer||Jun 12, 2013|
|Weechat, Irssi's Little Brother||Jun 11, 2013|
|One Tail Just Isn't Enough||Jun 07, 2013|
|Introduction to MapReduce with Hadoop on Linux||Jun 05, 2013|
- Containers—Not Virtual Machines—Are the Future Cloud
- Non-Linux FOSS: libnotify, OS X Style
- Linux Systems Administrator
- Validate an E-Mail Address with PHP, the Right Way
- Lock-Free Multi-Producer Multi-Consumer Queue on Ring Buffer
- Senior Perl Developer
- Technical Support Rep
- UX Designer
- Introduction to MapReduce with Hadoop on Linux
- RSS Feeds