Section 15.135 Virtualisation and Containerisation Flashcards
Objective 3.1 Compare and contrast security implications of different architecture models. Objectives 4.1 Given a scenario, apply common security techniques to computing resources
Virtualisation
Powerful technology that allows for emulation of servers, each with its own OS within a virtual machine
Containerisation
Lightweight alternative, encapsulating apps with their OS environment
Key Benefits
● Efficiency and Speed
● Portability
● Scalability
● Isolation
● Consistency
In simpe terms containerisation is a method of running application in isolated user spaces called containers. These containers are seperated from each other but share the host system OS Kernel. Each container includes the application and all its dependencies but shares the OS and usually the binaries and the libaries from the host machine
Containerisation Technologies
■ Docker, Kubernetes, Red Hat OpenShift are popular containerisation platforms
■ Revolutionised application deployment in cloud environments
Hypervisors
Virtual machines operate on a platform know as a Hypervisor which manages the distribution of the physical se4rvers resources such as the proccessor, meory and hard disk space amongst the VM
Two Types of Hypervisors
Type 1 (Bare Metal)
Runs directly on hardware and functions similarly to an operating system (e.g., Microsifts Hyper-V, Citrix’s XenServer, VMware’s ESXi and vSphere)
Type 1 hypervisor is faster and efficient than a type 2 hypervisor
Two Types of Hypervisors
Type 2 (Hosted)
Operates within a standard OS such as Windows, Mac or Linux
for example VirtualBox, VMware)
Type 1 hypervisor is faster and efficient than a type 2 hypervisor
Virtualisation Vulnerabilities
Virtual Machine (VM) Escape
Attackers break out of isolated VMs to access the hypervisor
Attackers can migrate from hypervisor to another service - they are difficult to conduct
Virtualisation Vulnerabilities
Privilege Elevation
Unauthorised elevation to higher-level users such as root or administator
Catastrophic is attacker can perform this on the hypervisor itself
Virtualisation Vulnerabilities
Live VM Migration
Attacker captures unencrypted data between servers
When a VM needs to move from one physical host to another
Virtualisation Vulnerabilities
Resource Reuse
Improper clearing of resources may expose sensitive data
Concept in computing where systems resouces like memory or processing power are resused
Securing Virtual Machines
■ Regularly update OS, applications, and apply security patches
■ Install antivirus solutions and software firewalls
■ Use strong passwords and implement security policies
■ Secure the hypervisor with manufacturer-released patches
■ Limit VM connections to physical machines and isolate infected VMs
■ Distribute VMs among multiple servers to prevent resource exhaustion
■ Monitor VMs to prevent “Virtualisation Sprawl”
■ Enable encryption of VM files for data safety and confidentiality
