4.2 Virtualisation Concepts Flashcards
Describe the setup for virtualisation.
A host machine installed with a hypervisor that can be used to install and manage multiple guest OSs or VMs
Describe the two different types of hypervisors
Type 1: Runs directly on the host hardware and functions as the OS
Type 2: Runs within the normal OS
Name and describe the two different types of virtualisation
- Server-based (Terminal services)
Server-based solution that runs the application on servers in a centralised location - Client-based (Application streaming)
Client-based solution that allows an application to be packaged up and streamed directly to a user’s PC
Define containerisation and give some examples of software that does this
A type of virtualisation applied by a host OS to provision an isolated execution environment for an application.
Software: Docker, Parallels Virtuozzo, OpenVZ
How do you reduce the risk of your virtual machine setup being exploited?
- Proper configurations
- Patched and up-to-date hypervisor
- Tight access control
- Proper failover, redundancy and elasticity
What does a hypervisor do?
Manages distribution of the physical resources of a server to the VMs
How does containerisation work?
Each container relies on a common host OS as the base; it uses less resources because each container doesn’t require its own copy of the OS
What is the benefit of hyperconverged infrastructure?
Allows for full integration of storage, network and servers, without hardware changes
What does application virtualisation do?
Encapsulates computer programs from the underlying OS on which they are executed
What does VDI do?
Hosts desktop OSs within a virtualised environment hosted by a centralised server/server farm
What is a sandbox (malware)?
An isolated environment for analysing pieces of malware
Where would you use cross-platform virtualisation, and what are the two types?
You would use it to test and run software applications for different operating systems. The two types are emulation (system imitation) and virtualisation (new “physical” machine)
What does second level address translation do?
Improves the performance of virtual memory when running multiple VMs on a single physical host
What technology do Intel and AMD use, respectively, to support SLAT?
Intel - EPT (Extended Page Table)
AMD - RVI (Rapid Virtualisation Indexing)
Describe the features of the two different versions of SLAT.
x86
- 32-bit processor
- 32-bit OS can only access 4GB RAM
x64
- 16 exabytes RAM
- application cannot run on a 32-bit processor
What is ARM?
Reduced instruction set and computer architeture (RISC) in a computer processor
What is system memory?
The amount of memory installed on a physical server
How much GB of space do each of the operating systems take up on system memory?
Windows: 20-50GB
Linux: 4-8GB
Mac: 20-40GB
What does an NIC do?
- Provides a computer with a dedicated, full-time connection to a network -
- Allows computers to communicate over a computer network
What is VM escape, and which hypervisor is it easier to perform on?
Where the threat attempts to get out of an isolated VM and send commands to the underlying hypervisor. It is easier to perform on a Type 2 hypervisor.
What is VM hopping?
Where the threat attempts to move from one VM to another on the same host.
What is sandboxing (in the context of VM security)?
Separating running processes and programs to mitigate system failures or software vulnerabilites.
What is a sandbox escape?
When an attacker circumvents sandbox protections to gain access to the protected OS or other privileged processes
How can you prevent a sandbox escape from occurring?
Ensure the system is patched, up-to-date, has strong endpoint software protection, and limited extensions/add-ons
What is live migration?
Migrating the VM from one host to another while it is running. It should only occur on a trusted network, or utilise encryption.
What are data remnants and how can you protect them?
Leftover pieces of data that may exist in the harddrive which are no longer needed. You could encrypt the virtual machine storage location and destroy the encryption key to protect them.
What is VM sprawl?
Uncontrolled deployment of virtual machines.
