Virtualization

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
12 hours 57 minutes
Difficulty
Intermediate
CEU/CPE
13
Video Transcription
00:00
>> Virtualization. We've seen it before,
00:00
but now we're going to talk about it again in
00:00
the context of infrastructure security.
00:00
In this lesson, we want to review
00:00
the importance of virtualization,
00:00
talk about the risks that are
00:00
associated with virtualization
00:00
>> and cloud infrastructure,
00:00
>> and talk about some
00:00
>> of the security controls that can be
00:00
>> implemented to mitigate or reduce
00:00
the risks associated with virtualization.
00:00
As we talked about before,
00:00
virtualization is the ability to create
00:00
environments in the Cloud
00:00
that individual customers can utilize.
00:00
They can take advantage of shared resources so that
00:00
many customers can leverage
00:00
the underlying infrastructure
00:00
within the Cloud environment.
00:00
Virtual environments and virtual machines are created
00:00
and prevision through the software
00:00
>> called the hypervisor.
00:00
>> We've talked about Type I versus Type II hypervisors.
00:00
Type I hypervisors are inherently more
00:00
secure because there is a lower attack surface.
00:00
Because in a Type I hypervisor,
00:00
the hypervisor is not relying on
00:00
a shared operating system;
00:00
each of the virtual machine has
00:00
its own guest operating system.
00:00
That's not true in a type II hypervisor
00:00
where a host operating system is
00:00
being deployed across multiple guest virtual machines.
00:00
Because the hypervisor is used to
00:00
deploy and manage these virtual environments,
00:00
it's very important that it's kept up to
00:00
date and that it's
00:00
patched with the latest security patches,
00:00
and that appropriate logging and monitoring is put on
00:00
the hypervisor to detect any unusual activity.
00:00
When we talked about the importance of
00:00
physical security of isolating
00:00
things and we talked about least privilege,
00:00
making sure that no one has
00:00
access they don't necessarily need,
00:00
the same is true when it comes to
00:00
software and digital assets.
00:00
This is often referred to as logical security.
00:00
We've talked about logical isolation
00:00
is applied at the instance level,
00:00
each virtual machine is
00:00
logically protected from communicating with another VM.
00:00
You want to see this is done to prevent data leakage,
00:00
meaning that no virtual machine is able to
00:00
interpret data or infer processes
00:00
that are running on another virtual machine and
00:00
prevent any commands from being sent between machines,
00:00
which is the risks we referred to
00:00
as inter virtual machine attack.
00:00
From the provider perspective
00:00
or anyone administering virtual environments,
00:00
you really want to do some testing
00:00
in a sandbox environment to
00:00
ensure that
00:00
this instance isolation is working effectively.
00:00
Sandbox environment is one that
00:00
is logically itself separated from the network to
00:00
prevent any malicious software that's on
00:00
there or problems from expanding outward.
00:00
Host isolation. We talked about
00:00
the need to physically secure items.
00:00
Well, in terms of the host isolation,
00:00
this is ensuring that the software use and
00:00
the hypervisor is isolated from the host itself so
00:00
that a threat actor
00:00
couldn't try to escalate their privilege
00:00
within their virtual machine and then actually
00:00
reach the host and then ultimately reach the network.
00:00
We call this the risk of guest escape.
00:00
Host isolation protects against that. Quiz question.
00:00
What type of attack is characterized by
00:00
a user on a virtual instance attempting to
00:00
elevate themselves to leave
00:00
the virtual machine and access the network?
00:00
Guests escape, inter-VM attack, or logical isolation?
00:00
If you said guest escape, you're correct.
00:00
We just talked about it,
00:00
that the overall thing within securing
00:00
virtualized environments is ensuring that
00:00
the hypervisor is securely patched,
00:00
that the individual virtual machine instances are
00:00
themselves isolated to prevent
00:00
inter-VM attack and information bleed,
00:00
and that logical isolation is used at
00:00
the host isolation to
00:00
prevent any escalation of privilege and guest escape.
00:00
In summary, we covered
00:00
the controls to address virtualization risks.
00:00
Those risks being vulnerabilities in the hypervisor,
00:00
we talked about inter-VM attacks,
00:00
information bleed, as well as guest escape.
00:00
Then we talked about those risks
00:00
when using virtualization.
00:00
I'll see you in the next lesson.
Up Next