Virtual machines and the emergence of virtual threats

By
Page 2 of 2  |  Single page
Virtual machines and the emergence of virtual threats
"The fact that VMs are portable is another issue, because they can be easily taken out of the security zone, beyond the remit of intruder detection systems (IDS) or firewalls. VMs can be placed on USB sticks and literally walked into the data centre before being plugged in, for example".

And while virtualisation is complex, there is little automation. This means that a lot of manual management and control activity is required, and staff need to have a certain level of proficiency to make appropriate decisions.

“There is increased potential for human error combined with less potential for auditing and tracking individual systems,” warns Lynch.

Even where attacks do bring VMs crashing to a halt, Page believes it is very easy to both isolate those threats and get systems back up again to minimise system downtime.

“With a virtual machine it is possible to have a replica of any one system back at base and backed up systems on servers that can be brought back up very quickly in the event of problems,” he says.

The nature and size of any security threat to virtualised systems will vary according to the level of segmentation within any one environment. But Lynch says it is important for IT security staff to at least acknowledge that virtual systems need to be treated in a different way, and that security measures applied to physical systems will not necessarily suffice.

“They need to start thinking about what they have to do to control VMs, consider how isolation aspects break down, and what policies they need to put in place to protect against potential threats," he reports.

"The last thing anybody wants to do is re-architect their security profile to accommodate virtualisation, and the security guys are only just waking up to realise that there are substantial differences between physical and virtual servers".

Lynch admits that issue has not flashed up on most IT leaders' radar yet, but says government and financial companies – who tend to be more security conscious – are those listening hardest. Nevertheless, IT leaders should be preparing their defences today, he warns.
Previous Page 1 2 Single page
Got a news tip for our journalists? Share it with us anonymously here.
Copyright © 2010 Computing
Tags:

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers

Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies

Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames

Victoria's Secret pulls down website amid security incident

Victoria's Secret pulls down website amid security incident

Log In

  |  Forgot your password?