• Home
  • Archive
  • Tools
  • Contact Us

The Customize Windows

Technology Journal

  • Cloud Computing
  • Computer
  • Digital Photography
  • Windows 7
  • Archive
  • Cloud Computing
  • Virtualization
  • Computer and Internet
  • Digital Photography
  • Android
  • Sysadmin
  • Electronics
  • Big Data
  • Virtualization
  • Downloads
  • Web Development
  • Apple
  • Android
Advertisement
You are here:Home » Security Concerns of Server Virtualization and Solutions

By Abhishek Ghosh May 18, 2015 7:09 pm Updated on May 18, 2015

Security Concerns of Server Virtualization and Solutions

Advertisement

Recent discovery of VENOM and related critical bugs in the Xen, KVM, and native QEMU virtual machine platforms again brought the topic Security Concerns of Server Virtualization in to lime light. VENOM was unknown, from Heartbleed, what we have learned is quite clear – frankly there is nothing to do with the unknown, undiscovered bugs till they are discovered and the patch is discovered. But, definitely, there are other security issues which we can take a bit precaution. A smallest sense of taking precaution and based on the usage or need, using certain add-on services can prevent a major disaster. In 2010 Gartner predicted that 60% of virtualized servers will be less secure than the physical servers while they will be replaced and it will decline to 30% at the end of this year – 2015.

Table of Contents

  • 1 Introduction
  • 2 Cloud Computing Vs Virtualization
  • 3 Commonest Risk Factors
  • 4 Infographics
  • 5 Awareness
  • 6 Solutions

 

Security Concerns of Server Virtualization : Relationship Between Cloud Computing and Virtualization

 

As like we have discussed before, Cloud Computing is user based model, virtualization is the enabling technology. Just for example with OpenStack and current concern with VENOM – OpenStack (and its components including Nova, Swift, Neutron, Raksha etc.) is running on the top of the virtualized layer. When we are using an IaaS service, of which the commonest face is known as “Public Cloud” has some parts controllable only by the cloud service provider (Rackspace, HP Cloud, IBM for example) and some depends on the users. Just to recall our old topic – Cloud Computing is multitenant in nature. IaaS is one of the model among the three cloud computing service models of Public Cloud – IaaS, PaaS and SaaS. Public Cloud is most commonly used as PaaS and SaaS frankly depends on IaaS.

Advertisement

---

So, along with the traditional server virtualization, this new concept of Cloud Computing has added huge number of virtualized servers. It is quite obvious, any compromise of this virtualization layer can bring disaster to all the work loads.

Security-Concerns-of-Server-Virtualization

 

Security Concerns of Server Virtualization : The Commonest Risk Factors

 

These risk factors are almost taken as standard recognized risks. These are six in number :

 

  1. Compromise of the virtualization layer is the compromise of all hosted workloads
  2. Lack of visibility and controls on internal virtual networks can blind the security policy enforcement
  3. Workloads of different trust levels are consolidated without practical separation
  4. Lack of adequate control on the virtual machines
  5. Risk out of loss of separation of needed for network and security
  6. Lack of information security related to the projects

Go To Top of This Article

 

Security Concerns of Server Virtualization : Estimation of Awareness

 

Kaspersky Labs ran a survey to check the awareness of the security threats which virtual environments can face. From that study these data got revealed – 36% of the IT professionals think that the security concerns facing virtual servers are significantly lower compared to the physical servers and 46% believe that the virtual environment can be protected using the security solutions which are used for the traditional physical servers. 50% indicated that their employer companies are not using any virtualization or public cloud specific virtualization server security solution.

Apart from the listed risk factors related issues, there are chance of attacks like Denial of Service (DoS), VM Jumping and Host Traffic Interception. Microsoft suggested 10 steps for increasing the security of virtualized environment, which are exactly as follows :

 

  1. Harden the Host
  2. Harden the management and VM operating systems
  3. Ensure configuration of all user roles with least privilege access
  4. Use administrator roles to implement separation of Host, RP, and VM management
  5. Secure VM files, including hard disk, backups, and archives
  6. Enable auditing
  7. Patch archived VMs
  8. Use VLANs and multiple network interface cards (NICs) to isolate management and VM access
  9. Use virtual networks to isolate VMs on the same host
  10. Manage proliferation

Gartner after publication of the data, commented, that the security professionals need to realize that risk that is not actually acknowledged and communicated cannot be managed. Almost all the major GNU/Linux distro, virtualization software providers has good amount of resources on maintenance of security for the workstation, datacenters and virtual machine. In general, search around the terminology is quite lesser and horribly declining.

 

Security Concerns of Server Virtualization and Solutions

 

Many of the commonest issues and attacks in virtualization can be solved by employing simple processes but that existing solutions can not protect the virtual fabric layer consisting with the hypervisors, management systems and the virtual switches, routers etc.

An easy to use approach is to use a third party service from any known, standard security company. Nowadays these solutions are delivered in as a service model. These services usually provides services for physical, virtual and cloud servers. These easy to use approaches must not replace the typical guidelines advocated for maintaining the tight security. These can be thought as an additional layer of security over the advocated methods, exactly what we advised for protection from DDoS for the IaaS. Indeed, using a DDoS protection plan also increases the security of the virtualization layer.
Go To Top of This Article

Tagged With concern of virtualization , security concerns of uzbekhstan , virtualization concerns
Facebook Twitter Pinterest

Abhishek Ghosh

About Abhishek Ghosh

Abhishek Ghosh is a Businessman, Surgeon, Author and Blogger. You can keep touch with him on Twitter - @AbhishekCTRL.

Here’s what we’ve got for you which might like :

Articles Related to Security Concerns of Server Virtualization and Solutions

  • Cloud Computing Articles – List With Description of all we have Published

    Cloud Computing Solution penetrating as business solution and in day to day usage. Here is list of all articles on Cloud computing we have published so far.

  • Types of Virtualization and Cloud Computing and Their Differences

    Types of Virtualization and Cloud Computing and their differences focuses on the underlying technology, analyzes the perspective of resources in easy words.

  • Virtualization Requirements for DevOps : Part 2

    Here is Second Part of Virtualization Requirements for DevOps. We will give brief idea about the benefits of virtualization as continuation of the first.

  • Virtualization

    Virtualization refers to the methods, which allow a computer’s resources to split. The term Virtualization is used differently in many different applications.

performing a search on this website can help you. Also, we have YouTube Videos.

Take The Conversation Further ...

We'd love to know your thoughts on this article.
Meet the Author over on Twitter to join the conversation right now!

If you want to Advertise on our Article or want a Sponsored Article, you are invited to Contact us.

Contact Us

Subscribe To Our Free Newsletter

Get new posts by email:

Please Confirm the Subscription When Approval Email Will Arrive in Your Email Inbox as Second Step.

Search this website…

 

Popular Articles

Our Homepage is best place to find popular articles!

Here Are Some Good to Read Articles :

  • Cloud Computing Service Models
  • What is Cloud Computing?
  • Cloud Computing and Social Networks in Mobile Space
  • ARM Processor Architecture
  • What Camera Mode to Choose
  • Indispensable MySQL queries for custom fields in WordPress
  • Windows 7 Speech Recognition Scripting Related Tutorials

Social Networks

  • Pinterest (24.3K Followers)
  • Twitter (5.8k Followers)
  • Facebook (5.7k Followers)
  • LinkedIn (3.7k Followers)
  • YouTube (1.3k Followers)
  • GitHub (Repository)
  • GitHub (Gists)
Looking to publish sponsored article on our website?

Contact us

Recent Posts

  • Affordable Earphone/IEM for Audiophiles: HiFiMan RE-400 WaterlineOctober 2, 2023
  • What is Hardware Security Module (HSM)September 30, 2023
  • Transducer Technologies of HeadphonesSeptember 28, 2023
  • What is Analog-to-Digital Converter (ADC)September 27, 2023
  • Comparison of Tube Amplifiers and SemiconductorsSeptember 26, 2023
PC users can consult Corrine Chorney for Security.

Want to know more about us?

Read Notability and Mentions & Our Setup.

Copyright © 2023 - The Customize Windows | dESIGNed by The Customize Windows

Copyright  · Privacy Policy  · Advertising Policy  · Terms of Service  · Refund Policy