Skip to main content

Securing the virtualised environment

CNETAnalysis: More and more small companies are virtualising their infrastructure, but many fail to realise that such systems are as likely to be prone to hacking and cyber attacks as their physical counterparts. This means that as far as security is concerned, the IT manager has to put as much thought into securing virtual servers as they would with physical servers. While the environment is virtual, the threats are very real. More and more cyber criminals have virtualised infrastructure in their sights. According to Srinivas Mantripragada, Vice President of Technology at network security firm Infoblox, one such example of malware attacking virtualisation is the Storm Worm. This uses virtual machine detection techniques to put itself to sleep in VMware or Microsoft virtual environments. Other threats include hardware virtualisation rootkits, such as the Blue Pill identified by security researcher Joanna Rutkowska . “The supposed threat embodied by Blue Pill is that one could create a piece of malware that also was a virtual machine monitor (VMM),” says Mantripragada. “If the VMM could take over the host operating system, then it could potentially hide a virus from that virtual machine by remaining within the VMM. “The reality is that the very infection technique to which the creator alludes can be used to discover and disarm the exploit.” Lack of knowledge There is evidence that companies are not taking these threats as seriously as they should. A poll carried out by IT security firm Kaspersky in June of last year found that 42% of firms thought their virtual servers were more secure than physical ones, despite one in three admitting their knowledge of virtualisation was basic. David Emm, Senior Security Researcher at Kaspersky Lab, says that while the potential security risk to the physical server is acknowledged, the risk to virtualised systems running on it is overlooked. There is a belief ! that their security is somehow built-in, or they are protected behind the physical computer’s security. “It is vital that virtual systems are considered in the same way as physical servers when developing a business security policy,” Emm says. “The server may be virtual, but the data is real and must be secured.” Smaller businesses may not have the dedicated personnel on hand to fully understand virtualised infrastructure and how it can be safeguarded. So what can IT managers here do to ensure virtual workloads run safely? Mantripragada says that IT professsionals should ensure that the right combination of processes and products are put in place to minimise risks. “Anti-virus software should be deployed across all systems commonly at risk of being affected by malicious software, particularly personal devices and servers, and with special attention given to hypervisors,” says Mantripragada. Cloud challenge Andrew Carr, UK and Ireland chief executive at Bull says that bringing a private cloud and pervasive virtualisation to reality is invariably a daunting task, particularly for small to midsized businesses. “They need to ensure they understand the requirements of business critical applications on their private cloud and that they can meet service level agreements (SLAs) by adopting an approach based around flexibility, agility and security,” Carr says. He adds that the Holy Grail for most organisations looking to establish a secure virtualised environment will be something that is “ready to run”, which keeps IT infrastructures simple while meeting the SLAs required for any type of application. “Critically too, from the security perspective, any platform chosen needs to embed the highest levels of security to ensure controlled access, secure connections and monitor safeguarding of data,” he says. Lee Newcombe, Managing Information Security Consultant at Capgemini, says that in a purely physical environment it can be straightfor! ward to i! dentify security domains and associated boundaries, but it is more problematic in the virtualised world. “An organisation can virtualise its networks, devices, operating systems and storage, but there remains an issue around whether any virtualised boundaries are adequately secured to meet the requirements of the business,” Newcombe says. “There is a fundamental prerequisite to make sure that there is a common understanding of the security requirements.” He says that, depending on the requirements of the business, some defined security boundaries can be put in place. The organisation can then start to make sensible decisions about the suitability of virtualising specific components and the relevant controls to apply. “Tools are available to monitor traffic traversing virtual networks and to control or monitor traffic between virtual machines sharing a physical host,” Newcombe says. “As ever, the trick is in identifying the correct tool to meet the underlying requirement. Traceable security architecture can be very helpful.” But it is not just the external threats that need to be looked at. The biggest threats to both physical and virtual environments are internal, says Paul Marsh, Senior Director, Technology Infrastructure at Avanade UK. “This does not mean there is a tendency for employees to be malicious but that mistakes can happen which could have big repercussions,” he says. “SMBs in particular have small IT teams or outsource parts or all of their IT, which means that they really need to ensure that they’re in control of their virtualised environments to


Facebook Recommendations

Followers Partner

Add to Technorati Favorites

Politics blogs

My Zimbio

Email Subscribe

Enter your email address:

Watch online Live TV

Popular posts from this blog

Dheere Dheere Se Meri Zindagi Mein Aana

Dheere Dheere Lyrics by Yo Yo Honey Singh: The song is sung, composed and written by Yo! Yo! Honey Singh featuring Hrithik Roshan, Sonam Kapoor. It's an alternate version of "Dheere Dheere Se" from Aashiqui, composed by Nadeem-Shravan and lyrics by Rani Malik.
Singer / Composer / Lyrics: Yo Yo Honey Singh
Video Features: Hrithik Roshan, Sonam Kapoor
Music Label: T-Series

Dheere Dheere Lyrics Har pal meriyaan yadaan
Yadaan vich ae tun
Dil di gal main dassa
Te dassa fir kinnu (x2)

Teri meri, meri teri ik jind'di
Ik jind'di what to do
Jhoomu main naachu main gaaun ke likhun
Tere liye main kya karun

Dheere dheere se meri zindagi mein aana
Dheere dheere se dil ko churana (churana..)
Tumse pyaar hume hai kitna jaane jaana
Tumse mil kar tumko hai batana

Sham wahi, kaam wahi
Tere bina o sanam
Neend nahi, chain nahi
Tere bina o sanam (x2)

Teri meri, meri teri ik jind'di
Ik jind'di what to do?
Jhoomu main nachu main gaaun ke likhun
Tere liye main kya karun


Biology Notes of Second Year

Download Biology XII Notes Board of Intermediate education Karachi ( BIEK ) 

Class 2nd Year Biology Notes Board of Intermediate Education Karachi. That Application is helpful all the 2nd year Science Students, Model College for Girls is the best Place for Science Students, That Private college to Promote a new technique of Education. That is very helpful to all Science student. In this Application That all of Topics are Included.
Support and Movement
True and False - Zoology
Zoology Fill in the Blanks
Botany True and False
Botany MCQs

Download PTI Songs (Mp3 Audio List)

PTI Audio SongsDownload/Listen to official & Unofficial tracks for PTIInsha Allah Naya PakistanArtists: Junaid Jamshed, Salman Ahmad, Nusrat Hussain & Shahi Hasan
Download Audio
Tabdeeli Aagayi Hai YaaroArtists: Waqqas Qadir Sheikh & Atif Ali
Download Audio

Challo Imran Ke SathArtist:Rahat Fateh Ali Khan
Download Audio

Dil Naik Ho Neyat SaafPTI Official Anthem
Download Audio
Uth Jawana (PTI Version)Band: Soch
Download Audio
Main Baghi HoonArtist: Shahram Azhar
Download Audio
Banay Ga Naya PakistanArtist: Attaullah Khan Esakhelvi
Download Audio


Show more