Network security in virtual environments

[Fanishwar]

I am not knowing about the network security that can be observed in virtual environments. I am having very little idea about the virtualization. Virtualization lets you run multiple applications and operating systems simultaneously on a single server. Given the flexibility of allocating computing power, it is possible to consolidate applications and servers. Companies benefit from saving space result in server rooms and a significant reduction of energy consumption. Ultimately, this solution simplifies the computer has administration and reduces costs. Whatever the flexibility, efficiency and ease of use of virtual systems, they are still facing the same security issues as physical networks. So is there over there who can provide some useful information about the network security in virtual environments. Any other details regarding the topic would be helpful.

[Suzane]

The security policies for virtual systems are different from their physical counterparts. The manufacturers are therefore working hard on new concepts. These manifest themselves in virtual virtualized security appliances and distributed switches. The virtualization of servers requires a change in the IT business concepts. This particularly applies to the concept of security that when using a virtual infrastructure is subject to entirely new rules. In the traditional physical world, for example, often a security appliance in the communications channel between two server systems introduced. As a security appliance is in the context of this statement apply any safety device such as a firewall, a malware scanner, intrusion detection and prevention system, or a VPN gateway.

[Pollock]

Following the trend of virtualization will follow the manufacturer but now about to recreate their former physical security appliances virtual. The security applications then run in a virtual machine on a hypervisor. But that is not without impact on the overall security status. The security of a system is viewed from two different angles: the attacks and against the failure of the service. The former was achieved in the past, usually through the familiar and traditional security tools such as firewalls and intrusion detection systems (IDS). The safety against failure, in turn, thus ensuring business continuity was a domain of backup / restore, disaster recovery and failover facilities. This distinction between resilience and protection from attacks has traditionally been limited. The issues are to flow into each other but in the future. This makes sense only for that reason alone, because from the perspective of the user makes no difference whether the service due to a virus attack, a DoS attack, a temporary overload or server failure was caused.

[Shutdown]

Most traditional security solutions such as firewalls and intrusion-prevention systems (IPS) are hardware-based and connected as a protective barrier for a system. If now a part of it virtualized, the protective mechanisms are still - but only for data traffic between the physical and the virtual plane. Data streams and applications that are only within the virtual environment, however, invisible to traditional firewalls and IPS. The complete virtual level "of safety to the" black box. For this reason, it is not enough to rely on physical security systems. Rather requires a virtual infrastructure and virtual firewalls and IPS, which move at the same level. Thus they also have the virtual traffic in sight. In a virtual environment, a variety of applications and servers running on a connected system. From the outside it looks still like a classic infrastructure with servers, switches and IP addresses. This is also how the hacker is looking for its attack on the weakest point in the corporate network. Whether it is here in the physical or the virtual plane, it will not notice. If the virtual environment is not protected with suitable mechanisms, it is useful for the hacker as a basic system for attacks. Once entered, it can move it further and uncontrolled attack a variety of adjacent systems, applications and databases without disabilities. Hardware-based firewalls or IPS to take them is not it - only when infected traffic leaving the virtual environment. But then the damage is usually already large.

[Jevin]

The consolidation of multiple servers to a virtual account does not trust the various zones of the former physical systems. The lack of segmentation by the virtualization can lead to that previously unauthorized person suddenly get access to protected databases and servers. Segmentation is also important especially for listed companies must comply with strict guidelines such as the SOX and similar regulations. This requires the segmentation of the internal network according to the organizational areas such as recruitment, development, distribution and finance. The setting up of safe zones by means of firewalls and IPS helps both external and internal threats to business and to avoid unauthorized access. In a virtual environment, employees need for multiple applications and services can register. This can be a significant security event, if companies do not provide strong authentication at the user level. To mitigate this risk, are "single sign-on" functionality (SSO) is required. This allows users with a single login to access multiple applications and services - from outside the company. Using SSE, companies can optimize their security management and ensure a strong authentication within the virtual environment.