Many people now days depend on Virtualization of Servers to increase their efficiencies and increase their Management Flexibility. Though it decreases the Total cost it increase the security risks.By 2009 60% of Virtual Private Servers will be subjected to Security Risks than their physical counterparts.
Now lets see what are the Security challenges that we have lookout for:
* Dependency on IP Address: This effects because the IP addresses keep on changing due to migration, creation or cancellation of Virtual Private Servers. This does not help the Traditional Protection Mechanisms.
* Sprawl in Virtual Private Servers: VPS can be easily created from the previous images which are available on the old servers. But the only risk in that is, many of the VPS are not maintained properly and have many security vulnerabilities. These vulnerable VPS serve as a launch pad for attacks on other VPs on the same server.
* Incapability to monitor intrahost traffic: VPS have the concept of “soft switch” which allows VPs to communicate with other VPS on the same hosting server. To monitor these communications we require special tools and also there is limit in availability of these tools.
* Silo approach to security policy: Now what is Silo approach, silo approach is “recommending different diverse solutions with different Kinds of management requirements”. Neil MacDonald an analyst at Gartner has this to say “Most security problems in the virtual world will be introduced through misadministration, mismanagement or just plain old mistakes. The fact that we use different tools in the physical world than the virtual world compounds that problem.”
Now that we know what the limitations that we have with VPS are, we need a completely different approach towards securing VPS. We need a cross-platform which will help us secure both VPS and Physical servers. A cross-platform Security tool for VPS can help to impose direct Security Policies across all the Data Centers and eliminate the Security Benefits that we have with Virtualization.
We also need anywhere deployment of cross-platform virtual security tools anywhere on the network and that to with delegated authority to maximize flexibility. Now what to these virtual security tools do, they write detailed log data to syslog and Windows events log and enable easy integration of the tools with existing management controls.
By eliminating the IP address dependency of exiting security policies, the cross-platform virtual security policies can be enforced regardless of location or platform of the VPS. This helps eliminate the Operating expenses that come with rule changes faced by the Security Administrators. The existing policies enforce and persist on variety of Situations:
1) While moving servers and endpoints within different locations on the network.
2) When Physical servers and Endpoints are converted to VPS.
3) When VPs are migrated from one physical host to another.
The Cross-platform virtual security allocates separate spaces for Physical and VPS into logical security zones and helps protect VPS against Sprawling. It ensures that VPS which are not a member of the security zone cannot communicate with the VPS in the Security Zone and reduces the platform for attacks on VPS.
The cross-platform is based on a P2P architecture that increases scalability to hundreds of thousands of instances. Policy management can be completed by just a few mouse clicks.
The Other Benefits which come with the cross-platform include;
- Elimination of complex situations, that comes with the Silo Approach. It enables protection of hosts through a single console for Data centers.
- Satisfaction of the regulatory body with no reconfiguration of the network.
- Operational costs that come with firewalls and Virtual LAN’s are eliminated.
- It eliminates bottlenecks and single points of failure within the architecture.
The following are the points that you need to consider while considering a cross-platform virtual security solution for Data centers;
- Most of the solutions will support x86 operating systems which are common in VPS environments as well as the less used Solaris, AIX, HP-UX, RedHat, Windows and IP-based non-server devices.
- The solution should be able to enforce security regardless of the IP address of the Server or VPS; this enables security even in case of migrations.
- It should be able to eliminate communication between VPS which are not a member of the same security zone but are on the same physical host.
- It should be able to cope up with growth without introducing bottlenecks.
- Always look out for a Single point security management to increase efficiencies.
- Always look out for solution hat can be enforced at the Host level.
- Always look out for a solution that uses X.509 v3 certificates to ensure that the operator credentials cannot be spoofed.
- The solution should be able to create detailed logs for activity data and should be able to create an audit trail for servers and endpoints as well as administration consoles.