I was in the City the other day, listening to a somewhat interesting talk on computer security. For my readers who are not from the area, let me explain. When we NJ dwellers say “The City” (in capitals), we mean a certain nearby city of York. This of course means skyscrapers, smog, hellish traffic, crowds, noise and dirt. I love big cities, they remind me of home. The are the only places where you can see the stark juxtaposition of a sharply dressed businessman in Armani suit stepping over a homeless bum sleeping on the sidewalk as he is hailing a cab. These places pulsate with life, and purpose and have this strange intensity. You can almost feel the weight of the accumulated human experience all around you. If the stone walls of the skyscrapers could talk, they would sing us a moving story about love, commitment, betrayal, hate, strife, happiness, sorrow – about hearts and dreams being broken or fulfilled every day on the busy streets. That said, I totally don’t mind living in the quiet and lazy suburbia.
The whole shindig was targeted more at the managerial types so it was sort of dumbed down out of necessity. You see, when you do a presentation of IT people or programmers you talk about technology. You throw it out there, say what it does, why is it good, and then you dive in and show how it works, how it can be broken, and how to hack it into submission. That’s what excites us. When you do a presentation for the decision makers, you briefly describe the technology, then you talk about “business scenarios”, costs, benefits, risks and tell “industry stories” and then try to sell them “solutions”. Abridged transcript would be as follows: “blah blah blah, interesting stuff, money money money money, risk, money money, opportunity, money money, buy buy buy!”
Still, the gist of the talk was interesting and I was able to sneak in one or two technical questions at the end so it was not a total loss. In fact I found it worth sharing here.
There are pretty much 2 ways to secure your machines. On the small scale you simply run a client antivirus, and software firewall on each desktop. On a large scale, you put trusted machines behind a big bad firewall, or perhaps build tiered architecture with firewalls between each tier. Both methods have flaws. The big scale method, ironically doesn’t scale well because large companies tend to have dynamic network architectures due to growth, mergers and work is more and more often done from beyond the firewall due to mobility of the workforce. So your firewall infrastructure end up looking like swiss cheese full of holes, exceptions, and strange rules no one remembers creating.
The small scale approach is similarly vulnerable. Your security applications are running in the context of the operating system so if the OS gets compromised by a new zero day exploit that installs a root kit you are dead. If you can’t trust your OS, how can you ever be sure every little piece of malicious code was removed? How can you even attempt to remove that stuff if the malware is actively killing all the anti-virus threads it can find? There are many cases when the best thing to do when it you get compromised is to reformat and start from scratch.
The new idea the talk tried to introduce was to run your security software in a virtual machine. This virtual machine would be a minimalistic, stripped down OS, which would act as your internet gateway, firewall, IPS and anti-mallware scanner. The idea is to divorce your security software from the host OS to make it less susceptible to attacks on that system. Instead of running a big static OS installation with many services, applications and points of attack, you are now exposing only a small, hardened, special force OS that provides no services to the outside network. It poses a much smaller target, and it is easier to aggressively patch and upgrade virtual machines than full blown operating systems that perform mission critical tasks. Furthermore a compromised virtual security layer can be easily switched odd, and “rolled back” to a “clean” state at any time. This is naturally not foolproof, but it does seem to offer slightly higher degree of protection than the traditional approach.
The point they were really trying to sell to us was the impact this has on large scale network architectures. They juxtaposed it against more traditional data center philosophy of putting physical firewalls between different parts of your infrastructure (ie. forward facing web servers are kept on a separate network from application and database servers. Using vitualization is like giving each machine it’s own dedicated hardware firewall and ips shielding it from everything else. The products they are selling are supposed to make it easier to organize machines into dynamic server pools, which can be reorganized on the fly using global policies, and the like.
There is a downside to this – running a security VM on each box is expensive in terms of performance. However, in the day and age of ubiquitous quad-core processors it is may not be such a huge concern. If you dedicate a single core and say 512 MB of RAM to run the VM you still have a 3-core powerhouse with 3GB of RAM on your hands. At least for now. I’m sure that the next version of Windows will probably need all 4 cores, and all your RAM to actually draw windows on the screen, but that’s a whole different story.
[tags]security, virtualization, vm, virtual machine[/tags]