|
A virtual firewall (VF) is a network firewall service or appliance running entirely within a virtualized environment and which provides the usual packet filtering and monitoring provided via a physical network firewall. The VF can be realized as a traditional software firewall on a guest virtual machine already running, a purpose-built virtual security appliance designed with virtual network security in mind, a virtual switch with additional security capabilities, or a managed kernel process running within the host hypervisor. == Background == So long as a computer network runs entirely over physical hardware and cabling, it is a physical network. As such it can be protected by physical ''firewalls and fire walls alike''; the first and most important protection for a physical computer network always was and remains a physical, locked, flame-resistant door.〔("Physical network security key to fighting low-tech threats" ) Morisey, Michael. SearchNetworking.com, Feb 2009.〕〔("Physical Network Security" ) Rodriguez, Erik. Skullbox.com May 2005.〕 Since the inception of the Internet this was the case, and structural fire walls and network firewalls were for a long time both necessary and sufficient. Since about 1998 there has been an explosive increase in the use of virtual machines (VM) in addition to — sometimes instead of — physical machines to offer many kinds of computer and communications services on local area networks and over the broader Internet. The advantages of virtual machines are well explored elsewhere.〔("The Pros and Cons of Virtual Machines in the Datacenter" ) Chao, Wellie, DevX.com Jan 2006〕〔("Transform your Business with Virtualization" ), Vmware Virtualization Basics〕 Virtual machines can operate in isolation (for example as a guest operating system on a personal computer) or under a unified virtualized environment overseen by a supervisory virtual machine monitor or "hypervisor" process. In the case where many virtual machines operate under the same virtualized environment they might be connected together via a virtual network consisting of virtualized network switches between machines and virtualized network interfaces within machines. The resulting virtual network could then implement traditional network protocols (for example TCP) or virtual network provisioning such as VLAN or VPN, though the latter while useful for their own reasons are in no way required. There is a continued perception that virtual machines are inherently secure because they are seen as "sandboxed" within the host operating system.〔("Does a sandbox or virtual machine help protect your privacy?" ) Notenboom, Leo. Oct 2008〕〔("Virtual machine security threat levels; don’t believe the hype" ) Botelho, Bridget. IT Knowledge Exchange. Nov 2008〕〔("Meditations on a virtually secure world" ) Korelc, Justin and Ed Tittel. SearchEnterpriseLinux.com Apr 2006〕 It is often believed that the host, in like manner, is secured against exploitation from the virtual machine itself〔("Core Security Technologies Discovers Critical Vulnerability In Vmware's Desktop Virtualization Software" ) Core Security Technologies, Feb 2008〕 and that the host is no threat to the virtual machine because it is a physical asset protected by traditional physical and network security.〔 Even when this is not explicitly assumed, early testing of virtual infrastructures often proceeds in isolated lab environments where security is not as a rule an immediate concern, or security may only come to the fore when the same solution is moving into production or onto a computer cloud, where suddenly virtual machines of different trust levels may wind up on the same virtual network running across any number of physical hosts. Because they are true networks, virtual networks may end up suffering the same kinds of vulnerabilities long associated with a physical network, some of which being: * Users on machines within the virtual network have access to all other machines on the same virtual network. * Compromising or misappropriating one virtual machine on a virtual network is sufficient to provide a platform for additional attacks against other machines on the same network segment. * If a virtual network is internetworked to the physical network or broader Internet then machines on the virtual network might have access to external resources (and external exploits) that could leave them open to exploitation. * Network traffic that passes directly between machines without passing through security devices is unmonitored. The problems created by the near invisibility of between-virtual machine (VM-to-VM) traffic on a virtual network are exactly like those found in physical networks, complicated by the fact that the packets may be moving entirely inside the hardware of a single physical host: * Because the virtual network traffic may never leave the physical host hardware, security administrators cannot observe VM-to-VM traffic, cannot intercept it, and so cannot know what that traffic is for. * Logging of VM-to-VM network activity within a single host and verification of virtual machine access for regulatory compliance purposes becomes difficult. * Inappropriate uses of virtual network resources and bandwidth consumption VM-to-VM are difficult to discover or rectify. * Unusual or inappropriate services running on or within the virtual network could go undetected. There are security issues known only in virtualized environments that wreak havoc with physical security measures and practices, and some of these are touted as actual advantages of virtual machine technology over physical machines:〔("A Survey on Virtual Machine Security" ) Reuben, JS. Helsinki University of Technology, undated〕 * VMs can be deliberately (or unexpectedly) migrated between trusted and untrusted virtualized environments where migration is enabled. * VMs and/or virtual storage volumes can be easily cloned and the clone made to run on any part of the virtualized environment, including a DMZ. * Many companies use their purchasing or IT departments as the IT security lead agency, applying security measures at the time a physical machine is taken from the box and initialized. Since virtual machines can be created in a few minutes by any authorized user and set running without a paper trail, they can in these cases bypass established "first boot" IT security practices. * VMs have no physical reality leaving not a trace of their creation nor (in larger virtualized installations) of their continued existence. They can be as easily destroyed as well, leaving nearly no digital signature and absolutely no physical evidence whatsoever. In addition to the network traffic visibility issues and uncoordinated VM sprawl, a rogue VM using just the virtual network, switches and interfaces (all of which run in a process on the host physical hardware) can potentially break the network as could any physical machine on a physical network — and in the usual ways — though now by consuming host CPU cycles it can additionally bring down the entire virtualized environment and all the other VMs with it simply by overpowering the host physical resources the rest of the virtualized environment depend upon. This was likely to become a problem, but it was perceived within the industry as a well understood problem and one potentially open to traditional measures and responses.〔("IT Audit for the Virtual Environment" ) SANS.org, Dec 2009〕〔("POWER5 Virtualization: How to work with VLANs using the IBM Virtual I/O Server" ) IBM Inc. Nov 2008〕〔("Secure Virtual Networks" ) Wettern, Joern. Redmondmag.com Feb 2009〕〔("Why Hyper-V virtual networks are less secure than physical networks" ) Shields, Greg. TechTarget SearchNetworking, Oct 2009〕 抄文引用元・出典: フリー百科事典『 ウィキペディア(Wikipedia)』 ■ウィキペディアで「Virtual firewall」の詳細全文を読む スポンサード リンク
|