VMware Security Overview

VMware has become very popular and is nowadays used to build huge virtual environments. The virtual nature of VMware is creating new potential security issues. That said, VMware security has improved a lot over the years. Here is an overview of VMware security.

Securing an VMware environment is a complex task, this is especially true for large virtual environments. At the same time, VMware security is very important for organisations that use VMware as one of the cornerstones in their virtualization strategy. A security flaw in VMware could make it possible to compromise all systems in the Cloud.

The success of VMware has also made it an interesting target to attack. In the early days, security on the hypervisor level was not much of an issue. It was more important that the guest operating systems, such as Windows, were secured. Very few attacks on the hypervisor level had been reported. One reason for this was that very few people had enough knowledge about VMware to be able to find ways to attack it.

Nowadays, VMware releases security patches regularly. Attacks on VMware sites are nothing odd any longer. VMware also had an embarrassing problem, parts of the confidential VMware ESX source code has turned up on the Internet. Some people were looking for help from experts who could find security flaws in the source code.

So what kind of potential security issues exist in a virtual environment like VMware? There are a number of especially operational threats. New virtual machines can be created quickly and easily, which is very handy but from security point of view this is a big problem. A VM (virtual machine) which has not been hardened can compromise the whole virtual environment. The virtual networks are seldom monitored which can let attackers collect sensitive data for a very long time without anyone noticing the security problem.

Another practical problem is who should administer what in a virtual environment. This is an issue which can quickly turn into a political battle when different teams try to maximize their control of the environment. Sometimes administrators have full control over the whole virtual environment which is bad practice from security point of view. Granular access is good for security but it is taking time to introduce the concept in the VMware world.

What about VM Escape? This refers to the scenario where malicious code running on one VM can escape out of the VM and infect the whole virtual environment. No real examples of VM Escapes have been found and it is thought to be impossible to achieve. But there has been incidents there malicious code in one VM has managed to propagate itself to other VMs, albeit only in special cases and with limited success.

As mentioned earlier, VMware viruses and malware used to be unknown but with the increasing popularity of VMware such programs have started to become VMware-aware. One reason for this is that many anti-virus companies check out viruses and malware on VMs, after all VMs are very useful for such purposes. Due to this, some viruses check if they are running in a virtual machine and if that is the case, they exit or at least change their behavior from what it would be on a physical machine.

Leave a Reply