Hypervisor security is the process of ensuring the hypervisor, the software that enables virtualization, is secure throughout its life cycle. This includes during development and in implementation. Common security practices for hypervisors include limiting the users in a local system, limiting attack surfaces and keeping all systems updated.
A hypervisor is a software process which will separate a computers operating system (OS) from underlying physical hardware. Virtual machines (VMs) can be created and managed by system administrators through a hypervisor such as Hyper-V Manager and VMware vSphere. In a VM, a hypervisor will emulate hardware such as CPUs, memory and RAM. The emulated hardware can be shared numerous times to create multiple instances of the VM.
However, having multiple VMs on a single server has its downsides because security with hypervisors can become a large concern. For example, if an attacker gains unauthorized accesses to the hypervisor, virtual machine monitor (VMM) or the software which orchestrates the virtual environment, then they would have access to every VM under the hypervisor’s control. The attacker could then gain access to all the data stored in each VM. Additional points of vulnerability include shared hardware caches, the network, as well as access to the physical server.
Implementing hypervisor security will help security professionals and administration ensure the protection against such intrusions during development, implementation, provisioning, management and de-provisioning.
Hypervisor security techniques and best practices
Numerous methods exist to help protect hypervisors, including practices such as using additional monitoring and network security tools, minimizing attack surfaces, setting access privilege, updating the hypervisor and keeping the physical server out of reach from unauthorized individuals.
Using monitoring and network security tools will allow administrators to monitor their virtual environments and detect any unusual behavior early on. Monitoring tools from vendors such as SolarWinds Inc. and VMware can help monitor and detect attacks. Administrators can use additional tools such as firewalls for network security tools.
Minimizing potential attack surfaces will make it more difficult to access a virtual system by decreasing potential access points. Many operating systems or hypervisors will have additive features that an organization may not need or use which will increase the attack surface of a VM. To minimize threat surfaces, administrators should disable unnecessary services and only allow services needed for successful operation. This includes disconnecting unused physical hardware from host systems.
A system administrator should also set restrictions to who can have remote and console access to the hypervisor. This practice will also limit who can control the settings of the hypervisor and will prevent unauthorized users from changing or accessing information. Most hypervisor platforms allow multiple access types, including SSH, RDP, specialized management client and server connectivity.
Installing patches and updates to the hypervisor as the vendor releases them is another way to ensure hypervisor security. Updates released by the hypervisor’s vendor may contain security patches or additional security features. Automatic updates are a setting available to most hypervisors for users.
Blocking access to physical servers is another best practice, as access to the physical server is a relatively easy way to access the hypervisors.
Implementing these techniques will help ensure a secure hypervisor and all fall under the term of hypervisor security.