Shulou(Shulou.com)06/01 Report--

Security is a sword hanging over cloud computing. For example, the centralization after virtualization brings fatal drawbacks. Once there is a problem with the computer system that hosts the virtualization platform, the enterprise office will be affected, and in serious cases, the whole system may be paralyzed.

Do you think it's safe to buy a cloud security platform? Nothing more than the use of drainage technology to direct traffic to the resource pool with traditional security equipment image for "traffic cleaning, behavior identification, feature analysis." That's all.

1. The interaction between virtual machines.

Traditional IDS devices, using the port mirroring feature of the switch, can monitor the behavior of the external DMZ zone and different servers within the DMZ zone. However, in a virtualized environment, the communication between different virtual machines located on the same virtual machine (physical server) no longer passes through the network switch, invalidating the traditional * * detection devices. At this time, internal or external personnel can initiate × × to other virtual machines on this physical server through the control of a virtual machine, thus gaining control of the entire server farm.

two。 Different security levels cannot be merged

In the process of information security construction, the division of security domains is an important process, in which a series of security technologies are used to prevent the spread of risks between security domains with different security levels. In the process of virtualization, when servers distributed in different security domains are consolidated, they are usually faced with the problem that they cannot be merged because they cannot adopt isolation technology.

3. Host-based security policy cannot be deployed

After being used online on a large scale, any kind of platform will become the object of the vast network, and virtual machines are no exception. At present, security software based on virtual machines is developed based on physical machines. Its protection methods are all with the help of traditional methods, and if each virtual machine is installed with security software, it takes up a large amount of storage space and memory resources of physical servers. The original intention of the virtual machine is green environmental protection, low carbon and energy saving. The virtual machine can be turned off when no business is running, and the virtual machine can be turned on when the business is restored, but during the shutdown period, the virus code cannot be updated. Once started, multiple antivirus software updating a virus code at the same time also has a great impact on network bandwidth. At present, network security devices do not have the ability to monitor the communication flow between virtual machines. Advanced virtual platforms with traditional prevention strategies undoubtedly affect the use of virtual platforms. Network × × × and internal × × × can make use of large-scale × × × virtual machines during this period, and with the help of a single virtual machine × × × virtual machine cluster, the business system crashes at any time.

4. Protective gap that starts at any time

In addition to server consolidation, enterprises use the dynamics of virtual machines for test environments, periodic maintenance, disaster recovery, and to support "task workers" who need on-demand computing resources by configuring and unconfiguring virtual machines on demand. As a result, when virtual machines are activated and deactivated at a faster frequency, it is not possible to quickly and consistently configure security measures for these virtual machines and keep them up to date. Dormant virtual machines eventually deviate from the simple baseline of introducing a large number of security vulnerabilities. Even new virtual machines built with templates that include antivirus capabilities cannot immediately protect clients without configuring client and virus library updates. In short, if the virtual machine is not online during the deployment or update of antivirus software, it will be in an unprotected hibernation state and will be subject to × × once activated and online.

5. Mixed security levels of virtual machines

Multiple virtual machines on the same physical server can communicate with each other, causing security risks in the communication process, because external network security tools, from firewalls to detection and protection systems to abnormal behavior monitors, cannot monitor the traffic inside the physical server. if a virtual machine is conquered, it can be used to * * other virtual machines on the same server. in addition, Virtual machines migrate between different servers, and this migration is often done automatically, which may cause some important virtual machines to migrate to insecure physical servers, resulting in security risks. in addition, some virtual machines used for testing purposes may exist in the same virtual LAN as important virtual machines, which also brings opportunities.

6. Resource conflict

Resource-intensive operations such as conventional antivirus scanning and virus code update will lead to excessive system load in a very short time. If antivirus scanning or periodic updates are started on all virtual machines at the same time, it will cause an "antivirus storm". This "storm" is like a bank run, where the "bank" is a basic virtualized resource pool of memory, storage, and CPU. This performance impact will hinder the proper operation of server applications and virtual desktop / VDI environments. The traditional architecture will also cause memory allocation to increase linearly with the increase in the number of virtual machines on a single host. In a physical environment, antivirus software must be installed on every operating system. Applying this architecture to virtual systems means that each virtual machine takes up a lot of memory, resulting in unnecessary consumption of server consolidation efforts.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.