Virtualization and security

The convenience of virtualization could conceivably make virtualized assets easier prey than physical ones

It's a pity that discussions on the subject of security vulnerabilities associated with virtual servers tend to focus on Windows: If a virtual machine is running as a guest on a Windows host, an exploit on the guest VM can climb up to the Windows host, and then all hell can break loose. There's more to securing virtual servers than not running VMs as guests of a Windows host. If cyberfelons gain local or remote access to a VMware Virtual Center console, your world is their oyster. This seems like a fairly obscure potential risk -- Virtual Center is pretty easy to lock down -- but are there other risks unique to virtual servers?

I've posited that a virtual machine's virtual disk volumes, being condensed into a single file, could become an aid to a black hat working an inside job. If he or she can't get out of the building with physical hard drives, then a simple copy of a virtual drive image duplicated to a desktop external USB drive, which can now hold 750GB of data, would let the larcener stuff your server in a backpack and scan its contents at his or her leisure. A less experienced administrator may take more care to make sure files inside the virtual image are secure than to ensuring that the image itself is secure.

Microsoft plans to alter Windows to add what it calls enlightenment so that it can optimize its operation based on the knowledge that an instance of Windows is running in a virtual machine. That strikes me as a horrible idea, especially because Windows software partners will demand APIs that allow them to write enlightened system-level add-ons for things like anti-virus and intrusion detection. As it is, virtualization vendors have some work to do to protect virtual machine instances from being discovered as virtual. I can do it by querying the virtualized hardware to find out what CPU and chipset it's using. Virtual systems tend to mimic outdated hardware, like Intel's 440BX chipset. A MAC (media access controller) address identifies the manufacturer of an Ethernet card, and each virtual machine vendor uses the same one or two types of simulated Ethernet devices.

The concern typically expressed is that if a virtual machine is discovered to be virtual, the host OS (in a host/guest virtual configuration) is an easy target. I'm more concerned about lateral attacks, because multiple VMs on a single system tend to start life as a common virtual drive image. The rapid deployment is a major advantage of virtualization, but it also saves cyberfelons the trouble of treating each system as a unique puzzle. Multiple virtual machines sharing one physical system are likely to use a sequential range of IP addresses, and they often have identical local administrator passwords. Crack one, and you've cracked all servers with similar characteristics.

Finally, there is the issue of detection. It is practically impossible to reboot a physical server with a cracked kernel, or to access Windows' recovery console (where the administrator password can be reset) without attracting attention because the server goes off-line. However, it is theoretically easier to do a "root exploit" on a virtual machine because a VM can be duplicated and failed over to a clone of itself without disappearing from the network.

Like other most-feared exploits, these are theoretical risks rather than proven real ones. Still, some of the characteristics that make virtualization so convenient could conceivably make virtualized assets easier prey than physical ones.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Tom Yager

ARN
Show Comments

Father’s Day Gift Guide

Brand Post

Bitdefender 2019

Bitdefender’s best-in-class security solutions have been awarded Product of the Year. Get cybersecurity that 500 MILLION users already have and trust!

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Luke Hill

MSI GT75 TITAN

I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Laura Johnston

MSI GS65 Stealth Thin

If you can afford the price tag, it is well worth the money. It out performs any other laptop I have tried for gaming, and the transportable design and incredible display also make it ideal for work.

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?