Virtualized Servers Vulnerable to DOS & Online Data Theft

Virtualized servers are vulnerable to critical security threats like Denial-of-Service (DoS) and data theft. Meanwhile, the normal defenses like firewalls and other security appliances are not prepared for virtualization, as reported by onestopclick on February 18, 2008.

In a virtualization process, physical features of computing resources are hidden in such a manner in which the rest of the computers on the network, programs, or end users communicate with those means. This involves making any one physical means like server, an operating system, software, and storage device as to function as various logical means.

An attractive characteristic of a virtualized server is its ability to copy virtual servers to fulfill its demand. However, this is causing a great concern about security of data theft or DoS conditions, according to the subject under discussion to be held at the U.S. Black Hat DC 2008 conference during the third week of February 2008.

Ph.D. candidate Jon Oberheide at the University of Michigan, who would give the brief on the scheduled talk, said that during migration of a virtual system from server to server, the machine can be attacked in several ways. This is primarily because of weak authentication between systems and unencrypted virtualized computer traffic being transmitted among physical machines.

Oberheide said that the attack can be easy, provided the servers and the attacker relate to a single network. He also said that a short-lived cure is to load encryption software onto physical systems that might have virtual systems migrating through them.

The study by Oberheide involves shooting man-of-the-middle attacks from open source VMware and Xen virtualization platforms. According to Citrix, the company that sells Xen's commercial version, the problem can be resolved if the management server is made to work like an external party to establish validity between original and destination servers.

While server virtualization helps in security, virtualized environments have their own security problems that can originate both internally and externally. And since it is difficult to thwart these virtualized threats, computer viruses can spread, data get stolen, DOS get created, and regulatory compliance come to contradict within virtualized conditions.

Related article: Virtual Cyber Attack finds Flaws in Cyber Security

» SPAMfighter News - 2/25/2008