Virtualization and Security - Essay Example

Virtualization and security Virtualization and Security Introduction Currently, expansion in the level of technology has facilitated computer users to cultivate virtual programs into their computers that look like real machine. Encroachment in information technology has led to increase in issues treated in a more zeal and interest than virtualization. Virtualization refers to the process of generating virtual version of something that relates to its actual version. It includes designing virtual operating system, computer hardware, and computer resource network or storage devices. Virtualization also refers to scheming technologies to run abstraction layer among computer hardware and systems. It involves providing coherent operation process instead of physical computer view resources. Virtualization helps in facilitating many things possible since it allow computer users trick operating system to think that groups of servers operate like single pool. Virtualization can also allow running of multiple operating system in a single machine (Roemer, 2011, p. 2). The intrinsic advantage linked to virtualization shows various threats attraction that limits unlimited use when such system operates in open platforms. Setting strategic threat prevention measures act as effective dealings for virtualized infrastructure. Subsequently, the paper explores domineering strategies of that effectively eliminate potential threats to virtualized infrastructures. Classifications of Virtualization Storage Virtualization This classification of virtualization involves merging of physical storage system mainly obtained from multiple server networks storage located in the web. The merging of physical storage will make the device to appear as a single data storage device. It also creates more space in the device that increases the storage more information virtually (Grubor, Ivanis, 2012, p. 5). The Virtualization of Serve Virtualization of server describes the process whereby the server hide physical resource from the system. The physical resources hidden from the server include operating system, resources from software running them to create more space for data storage. This process has effective nature since only the user can locate data storage location thus preventing unauthorized access. This protects data from malware and hacking. (Buttyan, Bencsath, 2013, 1). The Network Virtualization This type of virtualization refers to amalgamation of network within the computing resources to form a single source. The process allows spilling of available bandwidth to form independent channels for data transmission within the network to allow faster data transfer. This independent channel also facilitates assigning of particular device or server in real-time to allow the transmission of data immediately once received. The process of network amalgamation allows server to increase rate of data transfer to storage devices on real time basis without delay (Roemer, 2011, 2). Important of Virtualization development Virtualization demonstrates importance or benefits of tangible resources by broadening their value in enterprise used at each step. The steps include the following: Consolidation of the server Most industry analyst reports that between 60-80 percent of information technology department pursues and performs server project consolidation. Server consolidation process helps in reducing the type and number of servers, which support the business application. This result to saving significant profit since organization does not need to incur cost of purchasing many servers. They can use a single server to perform multiple tasks within the organization thus improve their performance activities (Ict4yuo, 2015, 1). Load dynamic balancing Virtualization remains imperious in conveyance of dynamic balancing relating to loads throughout manifold computers and file systems. This balancing is crucial in ascertaining that the processing bottleneck has occurred within the old-fashioned computing system. Balancing of the process guarantee reduction and continuously deterrent or disruption. Consequently, it produces quality output at faster rate. Application of these systems are mostly applicable and importantly in critical business activities (Roemer, 2011, 2). Reduction in power consumption Virtualization facilitates less consumption of power by the server during operation process. It also allows cooling of server and facilitates full use of existing system to avoid wastage. This underutilization of power in computing resources helps and translates server into longer life for data storage. It also allows the system to store data at faster rate since the server has enough space (Buttyan, Bencsath, 2013, 1). Provision of better security measures Virtual machines help in segregating processes from malware and attackers thus making the system and its applications challenging for fruitful attack. The access of some application also has tight control since virtualization helps in isolating special applications from the end-users applications. This make the authorization of data stored access more difficult to people with bad intensions in destroying and obtaining information without permission. The extent to which virtualized information has an attack by malware and attack refer to as attenuated (Zeadally, Hunt, 2013, 3). Other benefits resulting from virtualization includes The organization’s capability to maintain serves systems without shutting them down due to occurrence of inconveniences. It also allows failover function and ability for pooling computing resources. Virtualization helps in creating virtual machine, which serve like a container for delivering application. Virtualization can have several purposes, which enables the system to carry on the application faster without destruction thus obtaining the quality standard of data (Ict4yuo, 2015, 1). Various Data security Threats in Virtualization Environment Most business organization evolves or develop their data center to include cloud computing and virtualization. This evolution helps in improving utilization of resources, array computer resources, reduce costs and accelerate development. The adoption of this new boards open additional pathways for threats beside system, reputation and data. The representation of these threats revolves around same type of attack that includes web threat, data stealing, trajons, worms, spyware, spam, bots, phishing and viruses. However, cloud computing and virtualization has raised new infrastructure disputes which security provider should consider while generating foundation to prevent and protect threats. Some securities issues concerning virtualization include inter virtual machine attack, mixed trust level virtual machines and communication blind spot (Ict4yuo, 2015, 1). Communication Blind Spot When using virtualized environments, appliances of old-fashioned security network have blind communication between virtual machines on the same host. Communication can only take place if routed outside host machine to a separate appliance. This security introduces a significant lags in time while transferring data to external host. To eradicate blind spots while reducing lags in time involves dedicating scanning security virtual machine on host to coordinate the communication between virtual machines. The solution works well in virtualized environment than on physical system. The dedicated scanning security incorporates with hypervisor to communicate to other virtual machines guest (Infosec Institute, 2015, 1). Inter- Virtual Machine Attack Most virtualized servers use the same web application, enterprise application and operating systems as physical servers. This gives the attackers ability to exploit vulnerabilities to these applications and system that forms a significant threats to virtualized environment. Once an attacker comprises single element of virtual environment, the other elements automatically compromised if security measures not implemented. Another mode of attack involves hypervisor that act like software, which enables multiple virtual machines to run in a single computer. Hypervisor may control aspects of virtual machines which run on the hardware thus create a need to secure them (Buttyan, Bencsath, 2013, 1). An attack known as hyperjacking malware, which has penetrated one virtual machine, may attach hypervisor. When guest virtual machine attempt to attach hypervisor its known as guest virtual machine escape since the guest VM escapes its isolated environment to attack the host hypervisor (Zeadally, Hunt, 2013, p. 3). Mixed Trust Level Virtual Machine This security threats results when a Virtual Machines and less critical data reside on the same host. At times, an enterprise may attempt to segregate different data to secure information using a separate host but in most cases this defeat purpose for virtualized environment. The enterprise has to ensure that the mission for protecting critical information show some benefits in virtualization. VMs may remain save with self-defending VM security even when exposed to mixed environments. This involves the use of protection such as firewall, log inspection, antivirus capabilities, integrity monitoring, intrusion detection and prevention (Trend Macro, 2013, 1). Instant-On Gaps These form vulnerabilities beyond consolidation of the server where enterprises take advantage of dynamic nature on virtual machines by quickly cloning, provisioning and decommissioning. A challenge arises when VMs become activate and inactivated in quick cycles without given time to compute the information obtained (Minjie Zheng, 2015, 1). This may result to a server threat since it has less time to compute the sent data. Availability of Resource Controversy The application of pattern file updates regular antivirus scans on VMs, which designed for physical environment results to extreme loading of the system. An antivirus storm may result due to regular use of antivirus and updates on the virtual machine. This storm will act like a bank underlying virtualized resource pool of storage memory and CPU. The performance of this antivirus may hamper the server applications and virtual machines environments. However, virtualization technology awareness is necessary to minimize or lower the usage of resources and increase virtual densities (Infosec Institute, 2015, 1). Control Measures Against Data Security Threats in Virtualization Environment To enhance sufficient control measure against threats security for data in virtual environment, various approaches needs consideration. These approaches give easier understanding of different ways to solve various threats affecting data security. It ensures that all categories of data threats have control measures. These approaches for control measures include physical security, cryptography, operation security, access controls and security management practices. Other approaches include security Architecture, telecommunication networks and application systems. The control measures for these approaches discussed in details within the paper (Zeadally, Hunt, 2013, 3). Physical Control approach Physical control involves protecting the physical destruction of data stored in the server. Various physical threats include theft of data and unauthorized entry of restricted areas. The control measure for this threat involves the use of security guard to take care of the data storage room to ensure that unauthorized staffs do not enter the room. The organization can also install alarm in various strategic positions to detect the entry of individuals not authorized to the place. The organization should ensure that windows and doors grilled to ensure that thief’s does not break them easily (Jahankhani, 2010, p.19). Access Control approach Access control provides critical protection against virtualized platform to ensure that data has effective control measure. It allows the organization protect privileged users from accessing database, applications and network devices on virtualized environment. Access control also simplifies the user’s management as it allows single authority across the operating system (Zeadally, Hunt, 2013, 3). Various ways to undertake access control includes: Segregation of Duties Access control provides grainy duties segregation to advantaged users to limit and give them minimal set for them to perform job function. The segregation of duties reduces the risk of exposing confidential information to unauthorized user, as they do not perform that task. It also involves assigning a particular task such as account to specific personnel and other parties have no room to access that work. For instance, access control may limit effective operations of certain server systems including VMware ESX to situations including applying patches but deny VM file system from accessing (David, 2012, p. 101). Security Management Principle Management has an imperative responsibility in securing data within the organization against threats. The management can secure data through monitoring user investigation and activity reporting. The management should ensure that user’s activities lie within the expectation of the organization. They should make sure that each employee performs the activity assigned and that they do not access activities done by other persons. Moreover, the management should ensure that each user account have user account, security policies and password to prevent the access by other party (Jahankhani, 2010, p. 19). Operation Security Approach Operation security involves taking control measure against the organization operation to ensure minimization of security threats. This security measure can take place through hardening of operating system to improve isolation. The advanced hardening platform features enables the access control provide extra layer for data security. This layer protects virtual machines, privileged partitions and hosting operating system against malware attack and Trajons. In addition, it minimizes and standardizes out network traffic, originating sources, time, connection methods and network attributes (Kyriazis, 2013, p.232). Cryptographic Approach Use of cryptographic key enables the management to secure operation and verification of data stored. This remains imperative in locking down and subsequent hardening of a virtualized network mainly with the aim of preventing access of hypervisor storage of data by non-trusted users (Raghavendran and Groves, 2013, p. 1). The aforementioned key significantly reduces exposure of data since only the users have the authority to access. Telecommunication and Network Approach Other threats of data including hacking and cracking of computer system remain highly reliant within telecommunication and network sector. The most imperative subdue technique against the aforementioned threats relates to encryption of data mainly to guard such information from unauthorized transfer via other non-trusted network. In addition, establishing of strong passwords enhances inherent desired security against cracking of data stored by malicious personnel. The users have to know that an individual cannot avert others from using the network. Consequently, they have to formulate security techniques to ensure effective protection of data stored (David, 2012, p. 101). Conclusion In conclusion, most of organization nowadays adopts the method of storing data in virtual server instead of using physical server. Virtualization involves the process of creating virtual version instead of actual thing. This enables individuals to store information in internet servers rather than using physical server. These methods of storage increase the speed of data access and lower cost. The user should take caution against threats against virtualization such as theft, virus hacking, Trajons and several others. The user needs to install Security control measure such as data encryption, segregation of duties, use password and other measures to prevent data loss. The use of threat control measures guarantees the organization security, as they remain assured of their information safety. Bibliography Dimosthenis P Kyriazis. 2013. Data intensive storage services for cloud environments. Hershey: Business Science Reference, 2013 Grubor, G, & IvaniŠ, N 2012, Forensic Investigation Of "Trojan Defense" In Virtual Environment, Singidunum Journal Of Applied Sciences, 9, 2, pp. 14-20, Business Source Complete, EBSCOhost, viewed 8 April 2015. Ict4yuo. 2015. Threats to data security. April 8, 2015. Web. Retrieved from http://www.ict4u.net/security/threats.php Infosec institute. 2015. Virtualization security. April 8, 2015. Web. Retrieved from http://resources.infosecinstitute.com/virtualization-security-2/ Magalhães, S. T., Jahankhani, H., & Hessami, A. G. 2010. Global Security, Safety, and Sustainability. Berlin: Springer-Verlag Minjie Zheng. 2015. Virtualization Security in Data Centers and Clouds. April 8, 2015. Web. Retrieved from http://www.cse.wustl.edu/~jain/cse571-11/ftp/virtual/ Pearce, M, Zeadally, S, & Hunt, R 2013, Virtualization: Issues, Security Threats, and Solutions, ACM Computing Surveys, 45, 2, pp. 17-17:39, Business Source Complete, EBSCOhost, viewed 8 April 2015. Pearce, Pék, G, Buttyán, L, & Bencsáth, B 2013, A Survey of Security Issues in Hardware Virtualization, ACM Computing Surveys, 45, 3, pp. 40:1-40:34, Business Source Complete, EBSCOhost, viewed 8 April 2015. Raghavendran, A, & Groves, N. 2013, Offline Management in Virtualized Environments, Communications Of The ACM, 56, 4, pp. 75-81, Business Source Complete, EBSCOhost, viewed 8 April 2015. Roemer, K 2011, Virtualization, Networkworld Asia, 8, 2, p. 40, Business Source Complete, EBSCOhost, viewed 8 April 2015. Rosado David G. 2012. Security engineering for cloud computing: Approaches and tools. Hershey, Pa: IGI Global, 2012 Trend Micro. March 5, 2013. Virtualization-specific challenges could threaten data security. April 8, 2015. Web. Retrieved from http://www.trendmicro.com/virtualization-specific-challenges-could-threaten-data-security/ Read More