Section 8: Virtualisation Flashcards
What is Virtualisation?
Creation of a virtual resource
What is a Virtual Machine?
A container for an emulated computer that runs an entire OS
What are the 2 type of VM’s?
- System VM
- Processor VM
What is a System Virtual Machine?
A complete platform designed to replace an entire physical computer and includes a full desktop/server OS
Why does virtualisation continue to rise?
In order to reduce the physical requirements for data centres
What do Virtual Machines run on top of?
A Hypervisor
What does a Hypervisor do?
Manages the distribution of the physical resources of a host machine (server) to the virtual machines being run (guests)
What are the 2 types of Hypervisors?
- Type 1 - Bare metal or native
- Type 2 - Runs inside a normal machine that uses windows or mac
What are some type2 hypervisors?
- Virtualbox
- VMware
Why are Type1 hypervisors more efficient than Type2?
- Faster
- doesn’t waste physical computer resources to run OS
- stripped down specialised OS providing physical VM
What is Application Containerisation?
A single OS kernel is shared across multiple virtual machines but each virtual machine receives its own user space for programs and data
- containerisation allows for rapid and efficient deployment of distributed applications
What is the most popular Container Based Virtualisation OS
Linux
What are some container based virtualisations available?
- Docker
- Parallels Virtuoso
- OpenVZ
What are some unique vulnerabilities related to VMs?
- VM escape
- Data Remnants
- Privilege Elevation
- Live VM migration
Are VMs separated by other VMs by default?
Yes
What is a VM escape?
An attack that allows an attacker to break out of a normally isolated VM by interacting directly with the hypervisor
- and then can enter another VM on the same machine
- to mitigate
- Virtual servers should be hosted on the same physical server as other VMs in the same network or network segment based on its classification
Benefits of having Virtualised servers within a cloud environment?
Elasticity allows for scaling up or down to meet user demands
- this can lead to a vulnerability known as Data Remnants
What are Data Remnants?
Contents of a virtual machine that exist as deleted files on a cloud-based server after deprovisioning of a virtual machine
- data could be recovered by an attacker which breaches confidentiality
What is Privilege Escalation?
Occurs when a user is able to grant themselves the ability to run functions as a higher-level user
- root or admin
- can be catastrophic or physical server if this is performed on the hypervisor itself
- VMware used to have this vulnerability where it allowed an attacker to escalate privileges into any of the guest OS hosted by that hypervisor
- to prevent = update hot fixes and service packs
When does Live Migration occur?
Live Migration occurs when a VM is moved from one physical server to another over the network
- attackers can perform MITM attack and capture the data between these 2 servers
What happens if the attacker exploits a vulnerability on the OS that is being shared by a container?
Anything hosted is exposed to that risk
What security measures should you take for your VM?
Same as a physical server
- updating OS and apps
- AV on VM machines
- group policies
- strong passwords
Should you keep your hypervisor up to date?
Yes
Should you limit connectivity between the VM and the host?
Yes
- isolate the machine from other machines on the hypervisor
Should you remove any unnecessary pieces of virtual hardware from the virtual machine?
Yes
- minimises the attack surface
Should you consider spreading out VMs on several physical servers to prevent DDoS?
Yes
- using proper patch management you can also keep your guest OS secure
What is Virtualisation Sprawl?
Occurs when VM are created, used, and deployed without proper management or oversight by the system admins
Should you enable encryption on the file that hosts the virtual machine?
Yes
