Opinion

Virtualisation could invite devastating attacks, warns ISACA

attack.jpg

Here's an artist's impression of what the end of the world could looklike, if cyber terrorists exploit the weaknesses of virtualisation

The world's IT infrastructure could be taken out by a three pronged attack on an insecure virtual framework, warns a new white paper by security experts ISACA.
"Virtualization: Benefits and Challenges" outlines how the forces of cyber evil could combine to attack a trio of weak points in virtualised environments. The paper predicts that three hacksmen of the apocalypse could attack the virtualisation structure, virtualisation features and exploit the lack of compliance and management.
In the doomsday scenario, hyperjacking and virtual machine (VM) jumping could be rife. Though hyperjacking is a theoretical attack scenario, it has earned significant attention because of the major damage that could be caused when the theoretical and virtual combine.
"When virtual meets theoretical, you'd better shut away your intangibles," said one terrified security manager.
In the nightmare to come even features like VM migration and virtual networking functions will not be safe. Meanwhile, plague and pestilence will rot away at the framework of compliance and management. The number and types of VM can easily get out of hand and we could witness VM sprawl. Dormant VMs will make it a challenge to get accurate results from vulnerability assessments, patching and auditing.
To combat these risks, ISACA called on security managers to harden their hypervisors, get physical with virtual segments and start using transport encryption - before it's too late.
 "Virtualisation has become a more common practice," said report author Ramsés Gallego. But they must consider the security risks and governance considerations.

This was first published in December 2010

Join the conversation Comment

Share
Comments

    Results

    Contribute to the conversation

    All fields are required. Comments will appear at the bottom of the article.