Final Case Study

Babu Dev

ISSC424CH8pg1.pdf

Home >Computer Science homework help > Final Case Study

Chapter 8: Virtualization Security

Objectives

After completing this chapter, you should be able to:

• Understand the importance of virtualization security

• Recognize common attacks on virtual machines

• Understand the top virtualization security concerns

• Secure a virtual server environment

Key Terms

Golden image

a disk image of a virtual machine’s hard drive

Introduction to Virtualization Security

Virtualization is an emerging technology, making it of great concern to security

professionals. Some security considerations include data leakage, improper

authorization and access, and corruption of information assets. It is difficult to

monitor the interactions between virtual machines on the same host, making

forensics more difficult. Perhaps worst of all, if the hypervisor is compromised in

any way, all of its virtual machines are compromised as well. This chapter teaches

you how to ensure the confidentiality, integrity, and accessibility of virtualized

environments.

Virtualization Security Benefits

Virtualized environments provide the following security benefits:

8-1

PRINTED BY: Chandra Shrestha <[email protected]>. Printing is for personal, private use only. No part of this book may be reproduced or transmitted without publisher's prior permission. Violators will be prosecuted.

10/21/2018http://e.pub/rx0jwsmu4u96422v3qqj.vbk/OPS/loc_009-print-1540186404.xhtml

• Isolation: Virtual machines (VMs) can be configured as isolated and

independent environments. If a system gets infected, it is less likely to affect

other VMs.

• Abstraction: An abstraction layer between the VM and the underlying physical

hardware limits potential damage. Physical hard disks remain undamaged

even if the entire virtual hard disk is corrupted.

• Deployment: Workloads can be split across multiple systems using

virtualization technology. A Web server component can gain secure access

using HTTPS.

• Portability: The process of moving or copying workloads is simplified because

VMs are hardware independent. If a security breach is detected, a VM can be

shut down on one host system and booted on another system.

• Rollback: A VM can be rolled back to a particular point in time if a security

violation occurs.

Virtualization Issues

The following are some issues that may arise at the various stages of a

virtualization project:

• Analysis and planning

• Compatibility and support

• Licensing

• Planning (migrating physical servers, installing consolidated virtual

servers, and determining the number of virtual machines per physical

server)

• Staff training

• Evaluating ROI (return on investment)

• Adaptation and postadaptation period

• Reliability (poor backup practices or hardware failure)

• Deployment

• Evaluating efficiency

• Maintenance

• Uneven scalability

8-1

8-2

10/21/2018http://e.pub/rx0jwsmu4u96422v3qqj.vbk/OPS/loc_009-print-1540186404.xhtml

• Security

• Unclear responsibilities

• Evaluation of the virtualization market to ensure the best solution is used

Organizations must keep the following issues in mind at all stages:

• If the host is compromised, it is possible to take down the client servers hosted

on the primary host machine.

• If the virtual network is compromised, the client is also compromised.

• Client shares and host shares need to be secured.

• A problem with the host machine can cause all VMs to terminate.

• VM security is as important as the security of single systems. Do not forget the

principle of least privilege, which states that a user should be given the least

amount of access to the system required to complete his or her job.

• Individual virtualization features, such as clipboard sharing, drag-and-drop

support, file sharing between the host and guest, and APIs for programmatic

access, may compromise the security of the complete virtual infrastructure if

they have any bugs.

• Virtual disks are generally stored as unencrypted files on the host. An attacker

who gains access to these files will gain the same level of access as a legitimate

user.

• Virtualization adds new channels of network traffic, which could come under

attack.

• It is harder to patch bare-metal hypervisors if a vulnerability is discovered,

due to the increased complexity associated with flashing firmware-based

components.

Common Attacks on Virtual Machines

The following are some of the attacks commonly launched against virtual

machines:

• Denial of service (DoS): A DoS attack can shut down a hypervisor. Using this

attack, an attacker can plant a backdoor to access underlying VMs.

• Virtual machine jumping: If there is a security hole in the hypervisor, a user

logged into one VM can jump to another VM.

8-2

8-3

10/21/2018http://e.pub/rx0jwsmu4u96422v3qqj.vbk/OPS/loc_009-print-1540186404.xhtml

• Host traffic interception: By exploiting a vulnerability in the hypervisor, an

attacker can track system calls, paging files, memory, and disk activity.

Top Virtualization Security Concerns

The following are some of the most pressing virtualization security concerns:

• Managing oversight and responsibility: Organizations should employ a

centralized system administrator or administrators to manage and guard all

virtualized assets.

• Patching and maintenance: System administrators must install patches

regularly. They should regularly store disk images of VM hard drives,

sometimes called golden images, in order to quickly recover from a disaster.

• VM sprawl: Administrators should make sure that there are not more VMs

than are necessary. They should keep track of all running VMs in order to

avoid wasting resources and providing additional entry points for a potential

attack.

• Managing virtual appliances: Many operating systems and applications include

virtual appliances, which must be managed properly. The easiest way to do so

is to buy virtual infrastructures from third-party vendors.

• Visibility and compliance: Virtual servers are almost invisible to data center

managers who do not monitor all of the interactions between VMs inside a

host. To visualize this activity, it becomes necessary to install virtualized

security controls such as virtual firewalls and virtual sniffers.

Virtualization Security Considerations

Organizations must keep the following facts in mind when implementing and using

virtualization:

• Virtualization involves adding an operating system: Virtual servers operate as

real servers running operating systems such as Windows and Linux. Installing

different operating systems on a single platform is difficult and may lead to a

security risk.

• Malware can spread among virtual servers: Viruses and other malware can

spread easily from one virtual server to another, because many intrusion

10/21/2018http://e.pub/rx0jwsmu4u96422v3qqj.vbk/OPS/loc_009-print-1540186404.xhtml

detection systems do not detect activity between virtual servers on the same

host. Many malware authors know this and create their malicious software

specifically to exploit these vulnerabilities. Virtual firewalls can protect virtual

servers.

• Confidential data can be compromised: Because the traffic flow between the

virtual servers that share the same physical server cannot be adequately

monitored, there is no way to ensure that confidential data have not been

compromised. These data should be isolated on a separate physical server.

• Outsourcers may not know any of the above: When using hosted servers or

outsourcing IT security, organizations must ensure that the provider is

conscious of these security issues and has suitable protections. These extra

protections should be part of the outsourcing agreement.

Virtualization Costs

Many companies consolidate a data center’s physical servers into a virtual

environment in order to gain increased operational efficiency and higher server

utilization. A server running many VMs has a higher utilization rate than a server

running on its own. A physical server hosting many virtual machines is in use

about 80% of the time it is powered on, while nonvirtualized servers are typically

in use about 15% of the time they are powered on. This leads to more efficient

power utilization, as shown in Figure 8-1.

10/21/2018http://e.pub/rx0jwsmu4u96422v3qqj.vbk/OPS/loc_009-print-1540186404.xhtml

Figure 8-1

As the number of virtual servers increases, the total power utilization does not, making virtualized environments much more energy efficient.

Virtualization Security Checklist

Administrators should follow this checklist to secure a virtual server environment:

• Carefully consider virtualization products before committing.

• Keep the operating systems, host drivers, and applications on all VMs and the

host updated.

• Install only what is required on the host and VMs.

• Use IPSec or strong encryption between the host and the VM.

• Do not browse the Web from the host computer.

• Secure the administrator accounts on the host computer.

• Turn off unused VMs.

• VMs must be incorporated into the enterprise security policy.

• Unused hardware ports on the VM, such as USB, should be disabled.

• The sharing of hardware resources should be limited.

• Avoid the sharing of IP addresses.

• Server administrators should have a defined plan for planning, deploying, and

patching virtual machines.

• Back up the VMs regularly.

Chapter Summary

Some of the security considerations involved with virtualization are data

leakage, improper authorization and access, and corruption of information

assets.

A large number of companies are deploying virtualization technologies to

increase operational efficiency, gain higher server utilization, and attain more

efficient power utilization.

Virtualization technology brings new risks.

8-3

8-4

8-5

10/21/2018http://e.pub/rx0jwsmu4u96422v3qqj.vbk/OPS/loc_009-print-1540186404.xhtml

Review Questions

What are some uses for virtualization?

__________________________________________________________________________________

_____________________

__________________________________________________________________________________

_____________________

__________________________________________________________________________________

_____________________

__________________________________________________________________________________

_____________________

What are some features and security benefits of virtualization?

__________________________________________________________________________________

_____________________

__________________________________________________________________________________

_____________________

__________________________________________________________________________________

_____________________

__________________________________________________________________________________

_____________________

What are some problems at the various stages of virtualization projects?

__________________________________________________________________________________

_____________________

__________________________________________________________________________________

_____________________

__________________________________________________________________________________

_____________________

10/21/2018http://e.pub/rx0jwsmu4u96422v3qqj.vbk/OPS/loc_009-print-1540186404.xhtml

__________________________________________________________________________________

_____________________

What are some common attacks on virtual machines?

__________________________________________________________________________________

_____________________

__________________________________________________________________________________

_____________________

__________________________________________________________________________________

_____________________

__________________________________________________________________________________

_____________________

What are the security risks of virtualization?

__________________________________________________________________________________

_____________________

__________________________________________________________________________________

_____________________

__________________________________________________________________________________

_____________________

__________________________________________________________________________________

_____________________

What are some actions to take to secure a virtual server environment?

__________________________________________________________________________________

_____________________

__________________________________________________________________________________

_____________________

__________________________________________________________________________________

_____________________

10/21/2018http://e.pub/rx0jwsmu4u96422v3qqj.vbk/OPS/loc_009-print-1540186404.xhtml

__________________________________________________________________________________

_____________________

Hands-On Projects

1. Read about virtualization security.

Navigate to Chapter 8 of the Student Resource Center.

Open Day2Session-VirtualizationSecurity-RickClaus.pdf and read the

content.

2. Read about the security challenges in virtualized environments.

Navigate to Chapter 8 of the Student Resource Center.

Open Security Challenges in Virtualized Enviroments.pdf and read the

content.

3. Read about virtualization security features.

Navigate to Chapter 8 of the Student Resource Center.

Open Virtualization_Security_Features.pdf and read the content.

8-5

8-6

10/21/2018http://e.pub/rx0jwsmu4u96422v3qqj.vbk/OPS/loc_009-print-1540186404.xhtml