Virtualized architectures are, by design, rather secure. However, its important to software, patching, and proper firewalling to safeguard both the host and guest (children) in your virtual architecture.  (Source:
Virtualization is a secure technology, but it is not without its security considerations

Security in virtualization is a touchy topic for some.  Virtualization tends to improve security, so some wince at a lengthy discussion of vulnerabilities.  The bottom line is this -- current virtual machine host software from the industry's leading players have not been widely attacked.  However, security researchers have shown proof of concept attacks, so rather than bury our heads in the sand, it makes sense to assess potential threats and what precautions can be taken to avoid them.

Virtualization brings new protections, but also new risks.  One basic danger is the possibility of guest-to-host attacks.  Some businesses have to host virtual machines from several businesses or users, some of which may not be trustworthy, on the same host system.  Recently, Microsoft discovered and patched a vulnerability in its Virtual PC and Virtual Server products that would allow a guest virtual machine to gain administrative access and thus gain access to the other virtual machines living on the system. 

The key here is that Microsoft patched the flaw -- thus, the single most important thing you can do to secure a VM is the same as any system -- to make sure your underlying operating system software is patched and up to date.  Its also important to remember that the host administrator has the equivalent of physical access to all guest VMs in most virtualization schemes, so avoid use of VMs on potentially malicious hosts.

Don Simard, the commercial solutions director at the U.S. National Security Agency, also warns that attacks on system hardware itself could eventually pose a threat.  He explains, "graphics cards and network cards today are really miniature computers that see everything in all the VMs."

Mr. Simard says that while no such attacks currently exist (to his knowledge), it is important to keep your firmware up to date.  AMD and Intel's latest CPU offerings not only offer improved virtualization support, but also new protections against improper hardware use.  These products allow you to set permissions of what flows of data between hardware devices are not allowed.  If you have the latest hardware and the you spend the time to manage these permissions, you can sufficiently safeguard yourself for even the most demanding security-essential networks.

Another solid rule of thumb is to not become overly comfortable due to the isolation of the virtual machines.  While it may be hard to break that layer, failing to patch or maintain the latest security software on individual virtual machines opens the door to losing information on those machines, and potentially more dangerous attacks like those previously mentioned.  Via security software, firewalls (as needed), and patching, you can ensure that your virtual machines each receive an appropriate level of protection.

A final consideration, is that even if your virtual machine is fully secured and your host server is well maintained, you often need to prove it.  Regulatory mandates such as the Payment Card Industry data security standards (PCI DSS), federal Health Insurance Portability and Accountability Act healthcare security requirements, or the European Union's data-privacy rules require careful accounting.  For this reason logging software like RSA enVision, virtual machine management suites, and configuration management software can be valuable assets both for simplifying internal security and proving compliance.

Ultimately, virtual machines tend to improve security.  If a single OS gets infected with viruses or malware, it can be quarantined and will be less likely to be able to infect the other virtual machines on the host.  Furthermore, one of the virtual machine's most powerful and potentially risky components -- the hypervisor -- is protected due to its inherent complexity and the fact that only three vendors in the world -- Xen, Microsoft, and VMware -- have written one.  Thus the lack of knowledge on them represents a degree of protection. 

The other key layer that touches all the VM's on a system and could be potentially compromised to give access to them, the security layer, represents a greater potential risk.  However, as previously mentioned, by properly firewalling network-connected VM's and keeping VM's antivirus software and patching up to date, attacks on guest can be minimized.  And by implementing the latest security steps available on recent hardware, keeping your firmware up to date, and patching your virtualization host software, you can protect the insulating level below as well.

"I modded down, down, down, and the flames went higher." -- Sven Olsen
Related Articles

Most Popular ArticlesSuper Hi- Vision Will Amaze the World
January 16, 2017, 9:53 AM
Samsung Chromebook Plus – Coming in February 2017
January 17, 2017, 12:01 AM
Samsung 2017 Handset’s Updates
January 17, 2017, 12:01 AM
Comparison – Surface Pro VS Tbook X5 Pro
January 21, 2017, 7:00 AM
Comparison – iPad Mini Vs Huawei MediaPad M3
January 19, 2017, 2:08 AM

Latest Blog Posts
Some new News
Saimin Nidarson - Jan 23, 2017, 8:59 AM
What is new?
Saimin Nidarson - Jan 22, 2017, 7:00 AM
Saimin Nidarson - Jan 20, 2017, 7:00 AM
News of the World
Saimin Nidarson - Jan 19, 2017, 7:00 AM
Some tips
Saimin Nidarson - Jan 17, 2017, 12:16 AM
News of the Day
DailyTech Staff - Jan 16, 2017, 12:10 PM
Tech News
Saimin Nidarson - Jan 15, 2017, 12:32 AM
Here is Some News
Saimin Nidarson - Jan 14, 2017, 12:39 AM
News around the world
Saimin Nidarson - Jan 12, 2017, 12:01 AM
Rumors and Announcements
Saimin Nidarson - Jan 11, 2017, 12:01 AM
Some news of Day
Saimin Nidarson - Jan 7, 2017, 12:01 AM
News 2017 CES
Saimin Nidarson - Jan 6, 2017, 12:01 AM

Copyright 2017 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki