Time
5 hours 31 minutes
Difficulty
Advanced
CEU/CPE
6

Video Description

This lesson focuses on the need for security over the virtualized environment. Virtualization allows logic isolation on multi-tenant servers and may also allow attackers to target relevant components in order to access resources. Virtualization is the very core of cloud computing and its security relies upon the security of the Hypervisor. There are two types of hypervisors: • Type I: run directly on the hardware with VM resources and significantly reduce attack surface. • Type II: runs on a host OS and is at a greater risk for vulnerabilities.

Video Transcription

00:04
now, one of the things I've alluded to is the need for security over the virtualized environment that the topic we're gonna cover in much more depth in section two, Domaine two. Or but I want to stress to you that with virtual ization, this is really, as we've said, the heart and soul of cloud computing
00:24
This idea of being able to support multiple tenants on the single server.
00:28
Well, the way that happens is through the creation of virtual machines. And what we want to make sure of is that we don't have issues with escaping one virtual machine and accessing another, or the fact that a compromise of the entire system would lead to a compromise potentially of all the virtual machines on that system.
00:47
So in the later chapters, we're gonna discuss really on the how we're just kind of giving an introduction here.
00:53
So when we talk about all of the security of the virtual ization environment, relying on the security of the hyper visor, also the host operating system to define the hyper visor, you know, this is really kind of that interface between the operating system and the hardware. So
01:10
when we talk about this heart hyper visor.
01:12
This is what allows multiple different operating systems to access a single hardware host and have access to the resource is. And the key to making this work is Theo illusion of each individual host existing independently
01:29
on the system that true isolation or at least the appearance of that isolation.
01:34
Now, there are two main types of hyper visors. We have a type one and type two, and it really is about the direct interface or what the hyper of advisor interfaces with
01:47
type one Ah, hyper visor. Sometimes referred to as a bare metal metal hyper visor, it has the direct access
01:56
to the hardware. Ah, VM Where s C I s sa e the E s x I Citrix, Zen server and various other forms used type one heart the hyper visors, that bare metal
02:15
that direct access wears tight to kind of acts like a shim
02:20
in between the OS that's the host and the actual heart. Or so um,
02:25
type, too. If you've worked with Veum, Wear Workstation or Microsoft has virtual PC desktop service is those are more type to so obviously the type one's gonna have much better utilization allocation of resource is it has that direct access
02:45
now with security
02:46
type one hyper visors not only going to give us better performance, but they're gonna reduce the attack surface as well, because it has the direct connect.
02:57
It has the direct control that accesses again the hardware. So the hyper visor vendors
03:07
limit what software is gonna be used there in the creation of the controls that access the hardware. Ultimately, they're a much tighter fit on top of the hardware, if you will. And that limits the amount of software that can come between
03:23
tight, too. Hyper visors have greater vulnerability because they're running on the operating system itself. They're dependent upon the operating system. So any vulnerabilities of the O s would then affect the hyper visor as well. So type one and type to type one hyper visors
03:38
more expensive may have a little bit of a greater structure required. More configuration
03:45
tend to be more securing a better performance

Up Next

ISC2 Certified Cloud Security Professional (CCSP)

This online course will guide you through the contents of the CCSP certification exam. Obtaining your CCSP certification shows that you are a competent, knowledgeable, cloud security specialist who has hands-on experience in the field.

Instructed By

Instructor Profile Image
Kelly Handerhan
Senior Instructor