Virtualization and security

The convenience of virtualization could conceivably make virtualized assets easier prey than physical ones

It's a pity that discussions on the subject of security vulnerabilities associated with virtual servers tend to focus on Windows: If a virtual machine is running as a guest on a Windows host, an exploit on the guest VM can climb up to the Windows host, and then all hell can break loose. There's more to securing virtual servers than not running VMs as guests of a Windows host. If cyberfelons gain local or remote access to a VMware Virtual Center console, your world is their oyster. This seems like a fairly obscure potential risk -- Virtual Center is pretty easy to lock down -- but are there other risks unique to virtual servers?

I've posited that a virtual machine's virtual disk volumes, being condensed into a single file, could become an aid to a black hat working an inside job. If he or she can't get out of the building with physical hard drives, then a simple copy of a virtual drive image duplicated to a desktop external USB drive, which can now hold 750GB of data, would let the larcener stuff your server in a backpack and scan its contents at his or her leisure. A less experienced administrator may take more care to make sure files inside the virtual image are secure than to ensuring that the image itself is secure.

Microsoft plans to alter Windows to add what it calls enlightenment so that it can optimize its operation based on the knowledge that an instance of Windows is running in a virtual machine. That strikes me as a horrible idea, especially because Windows software partners will demand APIs that allow them to write enlightened system-level add-ons for things like anti-virus and intrusion detection. As it is, virtualization vendors have some work to do to protect virtual machine instances from being discovered as virtual. I can do it by querying the virtualized hardware to find out what CPU and chipset it's using. Virtual systems tend to mimic outdated hardware, like Intel's 440BX chipset. A MAC (media access controller) address identifies the manufacturer of an Ethernet card, and each virtual machine vendor uses the same one or two types of simulated Ethernet devices.

The concern typically expressed is that if a virtual machine is discovered to be virtual, the host OS (in a host/guest virtual configuration) is an easy target. I'm more concerned about lateral attacks, because multiple VMs on a single system tend to start life as a common virtual drive image. The rapid deployment is a major advantage of virtualization, but it also saves cyberfelons the trouble of treating each system as a unique puzzle. Multiple virtual machines sharing one physical system are likely to use a sequential range of IP addresses, and they often have identical local administrator passwords. Crack one, and you've cracked all servers with similar characteristics.

Finally, there is the issue of detection. It is practically impossible to reboot a physical server with a cracked kernel, or to access Windows' recovery console (where the administrator password can be reset) without attracting attention because the server goes off-line. However, it is theoretically easier to do a "root exploit" on a virtual machine because a VM can be duplicated and failed over to a clone of itself without disappearing from the network.

Like other most-feared exploits, these are theoretical risks rather than proven real ones. Still, some of the characteristics that make virtualization so convenient could conceivably make virtualized assets easier prey than physical ones.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Tom Yager

Show Comments

Cool Tech

Toys for Boys

Family Friendly

Stocking Stuffer

SmartLens - Clip on Phone Camera Lens Set of 3

Learn more >

Christmas Gift Guide

Click for more ›

Brand Post

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Michael Hargreaves

Microsoft Office 365/Dell XPS 15 2-in-1

I’d recommend a Dell XPS 15 2-in-1 and the new Windows 10 to anyone who needs to get serious work done (before you kick back on your couch with your favourite Netflix show.)

Maryellen Rose George

Brother PT-P750W

It’s useful for office tasks as well as pragmatic labelling of equipment and storage – just don’t get too excited and label everything in sight!

Cathy Giles

Brother MFC-L8900CDW

The Brother MFC-L8900CDW is an absolute stand out. I struggle to fault it.

Luke Hill


I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Laura Johnston

MSI GS65 Stealth Thin

If you can afford the price tag, it is well worth the money. It out performs any other laptop I have tried for gaming, and the transportable design and incredible display also make it ideal for work.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?