Virtualization Risks

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
12 hours 57 minutes
Difficulty
Intermediate
CEU/CPE
13
Video Transcription
00:00
>> We've seen virtualization as
00:00
the risks come up over and over again.
00:00
Now we're finally going to talk about more
00:00
in-depth the risks to virtualization.
00:00
Virtualization is such an important topic
00:00
because it's one of
00:00
the main benefits of the Cloud in that we're able to
00:00
create all these virtual environments.
00:00
In this lesson, we're going to talk
00:00
about the benefits of virtualization,
00:00
the types of hypervisors which
00:00
are used to provision virtual environments,
00:00
and the threats to virtualization.
00:00
Virtualization is really the ability
00:00
to provision and create
00:00
virtual environments that even individual customers
00:00
and their applications can run on.
00:00
That is done through using
00:00
what's referred to as a hypervisor.
00:00
There are two types of hypervisors.
00:00
Type I hypervisors are run directly on system hardware.
00:00
That's why they're often referred to as bare metal.
00:00
Type I hypervisors include
00:00
Windows Hyper-V and Linux's Kernel Virtual Machine,
00:00
often referred to as KVM.
00:00
In a Type I hypervisor,
00:00
there are a number of guest
00:00
operating systems that are run on
00:00
the hypervisor that are relevant
00:00
to each individual virtual machine.
00:00
No guest operating system has more power
00:00
than any of the others and
00:00
the hypervisor is really used to create and
00:00
manage all these guest operating systems.
00:00
In a Type II hypervisor,
00:00
the virtual machines are running
00:00
on top of a host operating system.
00:00
Examples of Type II hypervisor include VMware,
00:00
Workstation, and Oracle VirtualBox.
00:00
The primary host OS has more power
00:00
in this instance than those
00:00
individual guest operating systems.
00:00
Let's talk about some of the threats.
00:00
Type II hypervisors have a larger attack surface,
00:00
so there are innately more vulnerable to threats.
00:00
The attacker could really attack the hypervisor itself,
00:00
the underlying operating system, and the machine.
00:00
This is also the reliance on the host operating system.
00:00
Often also increases the likelihood that
00:00
malicious code can be propagated
00:00
because of their reliance on these shared services.
00:00
The Type I hypervisor,
00:00
the attack is really limited to the hypervisor
00:00
and the machine because all of
00:00
those other individual things are beneath
00:00
the hypervisor being provisioned by the hypervisor.
00:00
Let's talk about some specific type
00:00
of risks that can occur.
00:00
Let's talk about guests escapes and host escapes.
00:00
Both these are a little rare because they
00:00
rely on the failure of other controls.
00:00
Guests escapes it's when a user is allowed to
00:00
leave their virtual machine
00:00
and interact with either the hypervisor,
00:00
which can be used to provision other resources,
00:00
or they may be able to interact with
00:00
other virtual machines and this is
00:00
bad because they can potentially edit,
00:00
view, manipulate, or copy
00:00
the data that's on another virtual machine.
00:00
Now if we think back to
00:00
our use of software as a service or
00:00
platform as a service you can see how that might enable
00:00
one customer to get access to
00:00
another customer's data instances.
00:00
Definitely not a good thing.
00:00
Host escape, it takes
00:00
this escape threat to a whole new level where
00:00
the user could potentially leave
00:00
the host machine and access devices on the network.
00:00
This is really unlikely because that would
00:00
be reflected failure and multiple controls,
00:00
controls really at the hardware,
00:00
software, and policy level that
00:00
would enable a failure in isolation to occur.
00:00
One other last thought,
00:00
we're going to talk about is information bleed.
00:00
Now, information bleed really
00:00
is how an attacker made gleam
00:00
useful information based on
00:00
malfunctions or failures on a virtual machine.
00:00
When an application fails,
00:00
it reveals a little information about
00:00
what that application actually is and
00:00
an attacker might be able to
00:00
infer based on the failures and
00:00
malfunctions what is actually running on
00:00
a virtual machine without having access to it.
00:00
They could then use this information to
00:00
narrow down which attacks they may actually try
00:00
to use to actually
00:00
infiltrate or exploit the machine based on
00:00
the information because they now know
00:00
this operating system is running
00:00
or this application is running.
00:00
Here are some known vulnerabilities you can try.
00:00
In all these instances, it's very important to
00:00
ensure that patching is done on
00:00
the hypervisor to prevent
00:00
these exploits and ensure there are
00:00
no failures in isolation when
00:00
using hypervisors and virtualization.
00:00
Let's do a quiz question.
00:00
What type of hypervisor would you choose
00:00
to minimize the attack service?
00:00
Type III, Type II, or Type I?
00:00
Have you said Type 1? You're right.
00:00
Type III isn't a type of hypervisor.
00:00
Type II, it has
00:00
that shared host operating system
00:00
as well as the hypervisor itself,
00:00
as well as the machine that it's all running on.
00:00
There are really three different components to attack.
00:00
Or in the Type I hypervisor,
00:00
there's only the hypervisor itself
00:00
and the machine that it's running on.
00:00
In summary, we talked about the types
00:00
of hypervisors and we also
00:00
talked about the risks when using virtual education,
00:00
including guests escapes, hosts escapes,
00:00
information bleed,
00:00
the attack surface of various hypervisors as well.
00:00
I'll see you in the next lesson.
Up Next