you're reading...

Network Security with Virtualization Best Practices

On October 23rd, at the Gartner Symposium ITxpo in Orlando, Florida, our own Cory Nachreiner will be speaking on virtualization best practices for network security. His session – Securing Networks in a Virtual, Cloudy World: Virtualization Best Practices – will highlight what you need to know about network security in today’s virtualized IT environment.

Neal MacDonald of Gartner Group has estimated that “60 percent of virtualized servers will be less secure than the physical servers they replace.” MacDonald also identified some of the most common security risks for data center virtualization projects:

  • Information security isn’t initially involved in the virtualization projects
  • A compromise of the virtualization layer could result in the compromise of all hosted workloads
  • Workloads of different trust levels are consolidated onto a single physical server without sufficient separation. Adequate controls on administrative access to the hypervisor (Virtual Machine Monitor) layer and to administrative tools are lacking
  • There is a potential loss of Separation of Duties (SOD) for network and security controls

Traditionally, network security has been designed as a ‘one appliance, one application’ model and designed with physical networking in mind. Firewalls and UTM appliances are leveraged in network designs based on the fundamental notions of:

  • Perimeter enforcement – protecting the “inside” from the “outside” – with network architectures that are built on this separation
  • All traffic flows over physical networks, so security can be implemented by interposing physical devices on the wire

With virtualization, these fundamental assumptions may not be true:

  • Network architectures blur the definition of the “perimeter” with private resources spanning locations in arrangements leveraging VPNs
  • Multiple organizations and applications within a business, and multiple businesses hosted by a service provider, can be on the same side of a physical perimeter
  • Compliance and privacy requirements make it necessary to offer security and auditability between entities within the same virtual infrastructure
  • Mobile users can easily bring malware into a shared infrastructure
  • For service providers, the ability to offer full protection is even more critical when multiple customers are hosted on the same server farm – or even on the same server
  • Physical appliances cannot offer in-line protection in a dynamic virtual infrastructure
  • High-availability and live motion capabilities can mean that applications do not always run on the same physical servers
  • Traffic can pass over virtual-only networks within a server, making it impossible to interpose a physical device

In his presentation, Cory will touch on what you need to know about securing your virtual network, and showcase our latest network security solutions designed for virtualization infrastructures, including the XTMv and the XCSv. So mark your calendars and be sure to stop on by.


No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: