Free Internet Security

Mobile and handheld security is in demand, but the days of virtual security are not far away.

Each and every organization around the world is in some way or the other experimenting with the virtualization technology and the days are not far where most of these organizations will end up adopting the virtual environment.

This point could be easily proved over the fact that the recent RSA security conference held at San Francisco had the security in virtual environment as one of the hot topics of discussion.

According to a November 2010 report by Gartner, it is estimated that by 2012, 50% of the world load in the data centers around the world would be running on virtual environments or in the cloud and nearly 40% of all the security software that are responsible for controlling the insides of the data centers will be virtualized by the year 2015.

Security in virtual environments is completely different from that in the physical world. There are times where the intrusion prevention systems cannot be tuned well enough based on IP, MAC or geography.

Also inside virtual environments, it is always a challenge to first of all maintain the count of the number of VMs (Virtual Machines) running and then secondly, maintaining the correct patch levels of each and every VM.

So before considering the jump towards virtualization, it is recommended to go through the below question and look for a favorable answer.

1. Loading multiple copies of a security solution or a single

The reason for this question here is the fact that even though we are talking about virtual network, the concept of security solutions doesn’t change.

It is true that virtual environments make best use of the physical resources, but this doesn’t tell us how best to deploy the security solutions.

Consider a scenario where there are 50 VMs running on a server. Having individual copies of antivirus software running on each system will bog down the server to some extent as there are 50 copies of the software running and they indeed will take up resources of their own.

On the other hand if only a single copy of the software is loaded at the server level there will be obvious advantages of cost savings, processing time savings, etc., but the question then arises. Will this approach be secure enough?

So the point here to be made is security vs. efficiency of the VMs. The question that haunts us all in the physical world still poses at the same in the virtual world as well.

It is for the company or the organization to decide at the end which method of security solution deployment suits their needs at the best of levels.

2. Encryption for communication between VMs

In virtualized environment as we all know there are multiple VMs running on a single server. There might be scenarios wherein the single server is hosting server VMs which in turn are servers and clients of a single domain or application infrastructure that need to interact with each other.

This poses a question to the fact that is it safe to allow VMs to communicate with each other in plain text or is it necessary to have encryption.

In the above mentioned case, there is always a chance that as the whole server (collection of VMs) is being by a single organization the risks are not that evident. But consider the scenario of the Cloud where the VMs are like neighbors in a flat.

There might be different companies renting the cloud services from a single server and it becomes eminent that the information getting sent across doesn’t get intercepted and misused.

The use of encryption becomes eminent and without that the companies that are currently compliant with ISO standards will lose their compliance and certifications. So encryption between communicating VMs is of paramount importance in those scenarios.

At the end again, considering the performance hit these VMs will take when encryption is introduced, companies and organization will have to weigh the pros and cons of encryption in VMs and further decide the course of action.

3. Control over access to data

In the physical world, access controls, are applied to resources based on either MAC address or IP address or usernames. When Security policies are linked with either MAC or IP, they don’t work very well in the virtual environment.

Username based access it not that much of a question here.

But when VMs need to decide what resources are to be provided based on MAC and IP, there is this annoying question of How do we handle that in Virtual environment?

Strong enforcement of security policies are of paramount importance here as there might be cases where in a user will be authorized to access the data, but at the end with a presumably secure connection over an unsecured WiFi connection would give away all the confidential data in a jiffy.

VMs should and would have to enforce the security polices of companies as it is done in the physical world. The decision needs to be made in terms of the data that is requested and not in regards to the IP or the MAC that is requesting the data.

4. Reading between the lines or should be say links?

Virtual environment means virtual machines on top of a host operating system. Whether it be a Citrix Xenserver  or Hypervisor or Microsoft Windows 2008.

These can be attacked by VM aware malware that is on the rise. Malware infection doesn’t only take the route of the Internet. VMs can infect one another internally as well once one VM is compromised. This case is especially true when the VMs are configured to fail over with the help of another link. So the question arises, is this other dedicated link protected enough?

So effectively there has to be control over the data communication that occurs between VMs through these channels and where ever possible encryption and scanning should be employed.

NIST i.e National Institute of Standards & Technology has been working on security in virtual environment and has come up with a set of guidelines which can be viewed at http://www.nist.gov/itl/csd/virtual-020111.cfm.

The gist of the guidelines is:

• Security on the hypervisor should be as strong as the ones in the servers in the physical world.

• Guidelines should be established for security configuring the VMs.

• The patch and vulnerability management systems of the physical world need to be extended to fit the virtual world.