Virtualization Part 2

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *

Already have an account? Sign In »

9 hours 49 minutes
Video Transcription
When we talk about virtualization, we really have to talk about the heart and soul of a virtualized environment. And that's the hyper visor.
The hyper visor is what allows this isolation into virtual machines, and it's going to provide communication from what's happening in the virtual machine, either through the operating system or directly to the hardware.
That depends on whether or not we have a type one or Type two hypervisors,
a type one hypervisors sometimes referred to as the bare metal hypervisors, meaning that it sits directly on top of the hardware so you don't install an operating system. First, you install the hyper visor, and it has direct access to the hardware through the commands within the virtual software.
With this, you have a more secure system.
It's hardware based, so it's just a virtual machine. And because of that, you get better performance. You cut out the middleman that comes with the Type two hypervisors
with the Type two hypervisors. You first install a host based operating system like Windows or Lennox. Then on top of that, you install a virtual machine through an application like Oracle View box. That's the one I've been using a lot lately. I like that.
So there's a virtual machine or your VM workstation. Those are the ones that most users may have more experience with.
This is considered to be software based because it's software that you install on top of an operating system. But here's the deal with that.
All of your commands from the VM are running through the guest operating system. So you've got that middle man.
Keep in mind if you're running this on Windows Atlantic's operating system, you have the vulnerabilities of those operating systems introduced to the mix.
When we use these, we might be using them in a lab environment.
We might be using them on an individual system to do things with application virtualization or for testing devices. But when we're talking about really virtualizing servers, that's when we're going to do this bare metal type one hyper visor,
Any cloud based service providers going to be running type one
If a hypervisors compromised, everything in the virtual environment is compromised and there are root kits for hypervisors.
There are types of malware that specifically target hypervisors, so we need to make sure that our hyper visor, like any other piece of software is hardened.
It's up to date and patch, just like any other operating system or application.
That does reduce the likelihood of having malicious code introduced
as a general rule. If we're accessing our resources through the cloud and we have a virtualized environment, the hyper visor is usually the cloud services providers responsibility. We need to make sure that we know how that's protected and be aware of any mitigating strategies to keep that safe.
We're running a type two hypervisors. Then, of course, we're responsible for making sure the software is patched and running correctly.
Lots of concerns here
again, regionalization doesn't fix every problem, and it certainly doesn't make your typical problems go away.
One of the first issues that we have to think about is an issue called VM Escape, which is exactly what it sounds like.
Virtualization is supposed to be true isolation for these applications and systems
and a multi lenient environment. Our ritual system should be truly isolated from other ritual systems.
However, VM escape is when some entity, whether it's process or an individual hops from one virtual machine to another,
shouldn't happen. But again there are attacks specifically geared towards virtualized environments.
Another concern. You may have maybe 15 different services running on a single physical machine.
That means that one network card on that system provides a pathway into the system for all those 15 services
and from a physical perspective as well. If you have failure of that physical machine and the services are gone from the time being until we can get it restored
other ideas like anti malware.
A lot of times we slap anti malware on a machine, and we say We're good. That's all taken care of, but which you have is. You have a numerous virtual machines running on a system, so you have to have anti malware on the host. But for each additional guest operating system that has to be scanned for malware as well,
it really is like a separate physical machine.
The same thing with Monory.
We're not going to get monitoring of those virtual machines from one tool just scanning the host. So we have to make those considerations and make sure we have the right tools on each of the guest operating systems.
Last but not least, unintentional bridging. Like we said, you've got one network care connecting you out to the public network. You've got an internal network and you have virtual network cards. You can build a virtual network, connect everybody through virtual switches and all. That's great. But if we miss configure our network cards, they may be bridged out to the network.
Which is exactly how things like VM escapes happiness.
I've accidentally got a pathway to the network through my host machine.
We need to make sure that those are limited to the virtual land, as opposed to being bridge to the outside world.
We wrap up the discussion virtualization. There's no doubt that it has numerous benefits. Virtualization saves us space, saves a hardware, saves on heating and cooling and allows us to run multiple services on a single vertical machine, making it more cost effective and all that's great.
We get virtual desktop interfaces where we take that golden image. That's a configuration of exactly what we want on those host computers. And then, even if our clients are and users make changes, it's still going to refer back to the golden image. At the end of the day,
we have to think about our hyper razors are hypervisors are either type one or type two.
Type one is a bare metal hypervisors that sits directly on top of the hardware.
That's where you're going to get the best performance and the best security because there is no middle man
now, the hyper visor, this type to install the hyper visor on top of the operating system. So for the hyper visor to interact with the hardware has to go through the OS.
That OS has its own set of vulnerabilities.
Then last, we discussed some security concerns. We said No environment is perfect. We have to watch for things like VM Escape or a process might move from one VM to another and perhaps malware or worm might spread.
We have to think about things like hyper jacking, which is where our route kick gets installed in the hyper visor.
We have to be concerned with multi tenancy.
There are a lot of areas for security concerns with hypervisors and virtualization, but with our due diligence and a little bit of effort, we can secure these environments and reap the benefits
Up Next