Virtualisation and security concerns

Virtualisation is the need of the hour, but one cannot negate the fact that security concerns are on rise in the present scenario.

“An important feature of a robust Unified Threat Management (UTM) device is the ability to virtualise. Virtualisation technologies incorporated in UTM devices enable administrators to assign different "virtual" UTM devices to different network segments or user groups,” Nagendra Venkaswamy notes.

“The entire system can then be managed through a single interface. This important feature helps administrators cope with different types of access requirements, compartmentalising user groups and traffic types with their own security policies, in a safe and simple manner.“

“Virtualization essentially simulates having multiple devices on the network, without the overhead and complexity of physically doing so,” he opines.

Some of the virtualisation technologies include:

Security Zones: They represent logical sections of the network, segmented into logical areas. Security zones can be assigned to a physical interface, or the entire appliance can be assigned to a virtual system. In this latter arrangement, multiple zones share a single physical interface to lower ownership costs by effectively increasing interface densities.

Virtual Systems: This is an additional level of partitioning that creates multiple independent virtual environments. Each of the virtual environments has its own set of users, firewalls, VPNs, security policies, and management interfaces. By allowing administrators to quickly segment networks into multiple secure environments managed through a single appliance, virtual systems enable network operators to build multi-customer solution with fewer physical firewalls and reduced administrative efforts. This reduces both capital and operational expenses.

Virtual Routers: This feature enables administrators to partition a single device, which will then function as multiple physical routers. Each virtual router can support its own domains, ensuring that no routing information (and risk of traffic confusion) is exchanged with domains established on other virtual routers.

Virtual LANs: They are a logical, rather than physical, division of a sub-network that enables administrators to identify and segment traffic at a granular level. Security policies can specify how traffic is routed from each VLAN to a security zone, virtual system or physical interface. This makes it easy for administrators to identify and organize traffic from multiple departments and define what resources each can access.