Virtualization Flashcards
Virtualization
Definition: Virtualization allows a physical machine to run multiple virtual machines (VMs) using a hypervisor.
Hypervisor
Definition Allocates hardware resources (CPU, memory, storage) to VMs.
Types of Hypervisors:
Type 1 (Bare Metal): Runs directly on hardware for better performance (e.g., Hyper-V, ESXi).
Type 2 (Hosted): Runs on top of a host OS; easier to exploit if the host OS is compromised (e.g., VirtualBox, VMware Workstation).
VM Disk Formats
- OVF: Encapsulates VM settings for easy import/export.
- VMDK: Stores the VM’s virtual hard drive data.
Virtualization Extensions
- INtel: Intel VT-X
- AMD: AMD-V
SLAT (Second Level Address Translations)
Definition: Improves virtual memory performance.
- Intel: Extended Page Table (EPT)
- AMD: Rapid Virtualization Indexing (RVI)
Processor Type that support virtualization
x86 (32-bit): Limited to 4 GB RAM.
x64 (64-bit): Supports up to 16 exabytes of RAM.
ARM: Reduced instruction set, used in Macs (M1/M2 processors).
Virtualization resource reuirement: memory
Sufficient RAM is crucial; both host and guest OS share physical memory.
Virtualization resource reuirement: storage
VMs require significant disk space:
Windows: 20–50 GB
Linux: 4–8 GB
macOS: 20–40 G
Virtualization resource reuirement: Networking
- VMs share NIC bandwidth.
- Use gigabit/10-gigabit NICs or NIC teaming for better performance.
VM Attacks
VM Escape: Attacker accesses the hypervisor or host OS.
VM Hopping: Attacker moves between isolated VMs.
Sandbox Escape: Circumvents sandbox protections.
Mitigating VM Attacks
- Keep hypervisors, guest OSs, and host OSs patched.
- Disable unnecessary shared folders.
- Encrypt VM disks.
- Use strong endpoint protection and follow security best practices
Additional Virtualization Security Concerns: Disk Encryption
Encrypt VDI files with AES-256 or AES-128.
Protects VM data from unauthorized access.
Additional Virtualization Security Concerns: Live Migration
Secure migration of VMs between hosts; use encryption.
Additional Virtualization Security Concerns: Data Remnants
Residual data left on deprovisioned VMs can be exploited.
Encrypt storage and destroy encryption keys when decommissioning.
Additional Virtualization Security Concerns: VM Sprawl
Unmanaged proliferation of VMs can create vulnerabilities.
Enforce deployment policies and track VMs.
Vitualization Use Cases and Benefits
Testing and Training:
- Use prebuilt VMs (e.g., Microsoft Edge VMs for Windows 10).
- Snapshots allow for easy restoration of VM states.
Sandboxing: Isolates processes to analyze malware or test software.
Cross-Platform Virtualization: Run different OS environments (e.g., Windows on Mac).
Application Virtualization: Encapsulates applications to run independently of the host OS.
Teaming:
Virtualization
Combining multiple NICs for higher network throughput.
Virtualization best practices
VirtualBox is a practical, free tool for setting up secure virtual environments.
Always encrypt VM disks and avoid shared folders for security.
Monitor resource requirements (CPU, RAM, storage, networking) to ensure performance.
Be aware of attack methods (e.g., VM Escape) and mitigation strategies.
Configuring a VM
OVF (Open Virtualization Format):
- A container format for distributing VMs.
- Simplifies VM import/export
- Encapsulates VM configuration and metadata.
VMDK (Virtual Machine Disk)
A virtual disk file storing a VM’s hard drive data.
Host OS
The physical machine’s operating system that runs VirtualBox.
Guest OS
The operating system installed inside the VM.