Security - Baseline
Home arrow Security arrow Page 3 - 5 Laws of Virtualization Security















Renew Your Subscription

Security



5 Laws of Virtualization Security



By Baselinemag
2008-04-30
Article Views: 16488
Article Rating:starstarstarstarstar / 1

  Table of Contents:
  1. 5 Laws of Virtualization Security
  2. Rules of the Game
  3. Putting the Laws into Practice
  4. Security Benefits
  5. Attacking Virtualization
  6. The Impact on Risk
  7. Security Safeguards

Virtualization technology can deliver cost savings and improve IT performance, but it also introduces new security concerns.  In this summary of a Burton Group report, security expert Pete Lindstrom examines the security considerations unique to virtualized IT environments.

Rate This Article:
Poor Best
Add This Article To:

5 Laws of Virtualization Security - Putting the Laws into Practice


( Page 3 of 7 )

 

Putting the Laws into Practice

The answer to the question of security rarely has an absolute value. Instead, it is a matter of degrees. For most enterprises, the decision is not whether to virtualize, because virtualization is here now. The decision involves determining where and when to apply controls that are sufficient in the environment based on risk tolerance. Ultimately, whether virtualization is bane or boon for security depends on how the systems are configured, deployed and managed.

To manage these new security concerns, it’s important to understand the underpinnings of today’s virtual systems.

The primary components of a virtual environment are:

  • Virtual Machines and their accompanying guest operating systems: These are the core components of the virtual architecture.
  • Virtual Machine Monitor (VMM): The software component responsible for managing interactions between the VM and the physical system.
  • Hypervisor and/or host operating system: The software that handles kernel operations.

A virtualized environment consists of a VMM and one or more VMs. The VMs and VMM interact with either a hypervisor or a host operating system to access hardware, local I/O and networking resources. In addition to these components, virtualization architectures leverage virtual networking, virtual storage and terminal service capabilities to complete their architectures.

This minimum set of components makes up virtual environments in several distinct ways:

  • Type 1 Virtual Environments are considered full virtualization environments and have VMs running on a hypervisor that interacts with the hardware.
  • Type 2 Virtual Environments also are considered full virtualization environments, but work with a host operating system instead of a hypervisor (though sometimes the VMM is called a hypervisor).
  • Paravirtualized environments make performance gains by eliminating some of the emulation that occurs in full virtualization environments.
  • Other designations include hybrid virtual machines (HVMs) and hardware-assisted techniques.

From a security perspective, the most important thing to remember is that there is a more significant impact in a Type 2 environment where a host operating system with user applications and interfaces is running outside of a VM at a level lower than the other VMs. Because of the architecture, the Type 2 environment increases risk through its incorporation of potential attacks against the host operating system. For example, a laptop running VMware with a Linux VM on a Windows XP system inherits the attack surface of both operating systems, plus the virtualization code of the VMM.




 
 
>>> More Security Articles          >>> More By Baselinemag
 



Sponsored Links
  • Get up and running in as quickly as 30 days with BI. Learn how today.

  • FREE Securing Smartphones & Tablets for Dummies Book from Sophos
  • 5 New Technologies That Will Change Enterprise ITAdvertisement
  • Build an IT Infrastructure That Delivers the Future
     
    		•
     
    FEATURED SPONSORED ARTICLES
    FEATURED SPONSORED VIDEOS

     

    Related Content

    Articles Labs/How-To Multimedia


    LATEST STORIES
    - Five Ways to Put Mobile Technology to Work
    - Ten iPhone Apps that Will Save You Money
    - Mobility Transforms the Customer Relationshi...
    - BPM Keeps Pace With Business Changes
    - Speech Recognition Speaks To Businesses


     

     

    Advertisement
    rss graphic
           Baseline Newsletters

    Baseline:  

    Issue Index | Contact Us | About | Magazine Customer Service | Navigation Guide

    Quick Links:  

    Project Planners | Enterprise Resource Planning | Network and Online Security | Data Analysis | Process Management | Storage Devices| Link to Us

    Ziff Davis Enterprise Home | Contact Us | Advertise | Link to Us | Reprints | Magazine Subscriptions | Newsletters
    Tech RSS Feeds | White Papers | Tech Podcasts | Tech Video | VARs | System Builder

    Baseline | Careers | Channel Insider | CIO Insight | DesktopLinux | DeviceForge | DevSource | eSeminars |
    eWEEK | Enterprise Network Security | LinuxDevices | Linux Watch | Microsoft Watch | Mid-market | Networking | PDF Zone |
    Publish | Security IT Hub | Strategic Partner | TechDirect | Technology White Papers | Windows for Devices

    Developer Shed | Dev Shed | ASP Free | Dev Articles | Dev Hardware | SEO Chat | Tutorialized | Scripts |
    Code Walkers | Web Hosters | Dev Mechanic | Dev Archives | igrep

    Use of this site is governed by our Terms of Use and Privacy Policy

    Copyright ©1996-2012 Ziff Davis Enterprise Holdings Inc. All Rights Reserved. eWEEK and Spencer F. Katt are trademarks of Ziff Davis Enterprise Holdings, Inc. Reproduction in whole or in part in any form or medium without express written permission of Ziff Davis Enterprise Inc. is prohibited.