Explain virtualization security management.
Historically, the development and implementation of new technology has preceded the full understanding of its inherent security risks, and virtualized systems are no different. The global adoption of virtualization is a relatively recent event, threats to the virtualized infrastructure.
A virtual machine (VM) is an operating system (OS) or application environment that is installed on software, which imitates dedicated hardware. The Virtual Machine (VM), Virtual Memory Manager (VMM), and hypervisor or host OS are the minimum set of components needed in a virtual environment.
Based on the minimum set of components, we classify the Virtual Environments in the following distinct ways.
- Type 1 virtual environments are considered “full virtualization” environments and have VMs running on a hypervisor that interacts with the hardware.
- Type 2 virtual environments are also considered “full virtualization” but work with a host OS instead of a hypervisor.
- Para virtualized environments offer performance gains by eliminating some of the emulation that occurs in full virtualization environments.
- Other type designations include hybrid virtual machines (HVMs) and hardware assisted techniques.
- These classifications are somewhat ambiguous in the IT community at large. The most important thing to remember from a security perspective is that there is a more significant impact when a host OS with user applications and interfaces is running outside of a VM at a level lower than the other VMs (i.e., a Type 2 architecture). Because of its architecture, the Type 2 environment increases the potential risk of attacks against the host OS. For example, a laptop running VMware with a Linux VM on a Windows XP system inherits the attack surface of both OSs, plus the virtualization code (VMM).
Virtualization Management Roles:
The roles assumed by administrators are the Virtualization Server Administrator, Virtual Machine Administrator, and Guest Administrator. The roles assumed by administrators are configured in VMS and are defined to provide role responsibilities.
- Virtual Server Administrator — This role is resp onsible for installing and configuring the ESX Server hardware, storage, physical and virtual networks, service console, and management applications.
- Virtual Machine Administrator — This role is res ponsible for creating and configuring virtual machines, virtual networks, virtual machine resources, and security policies. The Virtual Machine Administrator creates, maintains, and provisions virtual machines.
- Guest Administrator — This role is responsib le for managing a guest virtual machine Tasks typically performed by Guest Administrators include connecting virtual devices, adding system updates, and managing applications that may reside on the operating system.
Explain briefly about virtual threats.
Some threats to virtualized systems are general in nature, as they are inherent threats to all computerized systems (such as denial-of-service, or DoS, attacks). Other threats and vulnerabilities, however, are unique to virtual machines. Many VM vulnerabilities stem from the fact that vulnerability in one VM system can be exploited to attack other VM systems or the host systems, as multiple virtual machines share the same physical hardware.
Some of the vulnerabilities exposed to any malicious-minded individuals regarding security in virtual environments:
Shared clipboard — Shared clipboard technology allows data to be tra nsferred between VMs and the host, providing a means of moving data between malicious programs in VMs of different security realms.
Keystroke logging — Some VM technologies enable the logging of keystr okes and screen updates to be passed across virtual terminals in the virtual machine, writing to host files and permitting the monitoring of encrypted terminal connections inside the VM.
VM monitoring from the host — because all network packets coming from or going to a VM pass through the host, the host may be able to affect the VM by the following:
- Starting, stopping, pausing, and restart VMs.
- Monitoring and configuring resources available to the VMs, including CPU, memory, disk, and network usage of VMs.
- Adjusting the number of CPUs, amount of memory, amount and number of virtual disks and number of virtual network interfaces available to a VM.
- Monitoring the applications running inside the VM.
- Viewing, copying, and modifying data stored on the VM’s virtual disks.
Virtual machine monitoring from another VM — Usually, VMs should not be able to directly access one another’s virtual disks on the host.
Virtual machine backdoors — a backdoor, covert communications channel between the guest and host could allow intruders to perform potentially dangerous operations.