Virtual server deployment spanning security zones
By castlebbs on Friday 18 September 2009, 23:02 - General - Permalink
Following a question on the cissp mailing list on the risks of virtual server deployment spanning security zones, here is the answer I posted:
Vmware
has released a best practice guide about DMZ virtualization. I don't know
if your project is with vmware, but I suppose that most of this document
is still valuable even with other virtualization tool.
http://www.vmware.com/files/pdf/dmz_virtualization_vmware_infra_wp.pdf
Basically, I think that any option can offer the same level of security
but involves different skills and amount of work to mitigate the potential
vulnerabilties.
In the second and third option of the document,
guest systems from different DMZs are hosted in the same host server.
These options can create vulnerabilities mainly because of the increasing
complexity that can lead to misconfiguration. There is also issues to
enforce separation of duties since the VMWare administrator can modify
virtual network settings.
The points above can be mitigated but involve more requirements than the
solution with physical separation of trust zones.
With DMZ virtualization, it is even more important that the below is done
and this will be very depending on the level of maturity of Information
Security and IT in general in each organisation:
- The relevant IT people should be well trained on the virtualization tool the company uses
- The VMware systems have to be hardened following best practices, Management zones should be connected on a separate network that is only available to the relevant people.
- Vmvare patches have to be applied in a timely manner (this can be an issue since all guest systems may need a reboot)
- Regular configuration audit have to be done to ensure that no misconfiguration has been introduced
- Stringent change management must be in place in the organisation and no change to the virtual infrastructure should be done outside the change process
