This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
Virtualization has been around for a few years now. It has become a popular way of installing other Operating Systems on your Machine. Virtualisation allows you to look at different types of Operating Systems, from Windows based to Linux based. The question that has to be asked is how secure your virtual machines? In this paper I am going to research what vulnerabilities there are and how safe your virtual machine is?
Even though virtualisation is new, signs are there that virtual machines can be attacked by hackers. As the host system that is running the virtual operating system is liable to attack from outside hackers. One thing to note is that if the virtual software is attacked, it is only that virtual machine that is running on the software that is at risk. The virtual server that the virtual machine is hosted on is not at risk from attack even if the virtual machine itself is at risk. In 2009 Microsoft Virtual computers and servers programs were the target of attack. The same kind of attacks is used on virtual machines as are on real Operating Systems. These include (Data leakage, Eavesdropping and Man in the Middle attacks, among others!)
There was a vunerability in the software programs that allowed hackers to exploit this and obtain elevated privileges. With these privileges the attacker could execute arbitrary code that allowed them to gain full access to the guest operating system. With Microsoft the virtual server is used to create the virtual machines like Windows XP, Windows Vista etc. The virtual machines created, are managed by a web based interface called IIS, they can also be managed through VMRCplus which is a windows client application. If the attacker wants to run this arbitrary code, all he has to do is run it on the guest Operating System first. There are two ways in which the attacker can persuade the user to run the code, the first way lets the users log in and then let the hacker native programs run at low rights by design, the second way, the attacker gets the malicious program to be run by persuading the user to run it through email or some website. There was a solution for this security issue; an update was released to fix this vunerability that was in Microsoft Virtual Server and in Microsoft Virtual PC. What the update done was to enforce the validation of privilege levels, this was done while machine instructions were been executed.
This is one example of how Virtual machines can be attacked by hackers finding vunerabile areas in the system.
Another example of how Virtualisation can become victim to attackers was in San Francisco, it was decided by companies to switch to virtualization to save money and space. It would have been a good move as regards IT, because virtualization was becoming very popular in data centers and desktop enviornments. The questions were asked about how secure this virtualized system would be from hackers? It was discovered that a new type of malware was out there, this was a virtualization based malware which meant that if it got into a system that was running virtualization software, it could take control of the virtual operating systems that were running on the virtualization software. This result was that the attacker could take control of the virtual operating systems that were running on virtualization software. This virtualization was discovered by Joanna Ruthowska he visualized this type of virtualization malware been used to control any computer running virtualized software. A computer running virtualization software stores the virtual images on a physical machine. An attacker can gain control of that machine and also extract data from virtual machines that are running on it.
There are a few different types of virtualization software on the market. One is Vmware which I have used myself and found it very good. The issue as regards a lot of this software is that it can become infected with malicious bugs. It was found that Vmware and other virtualization software contained a lot of these bugs. The security issues occur when these bugs are exploited by hackers. They do this by using what is called Hyperjacking. This involves of a piece of software called the hyperjacker. This sofware can control the virtual Operating Systems that are on the machine. The attacker can then escape from any of these virtual machines and quickly multiply his access to the computers data. What is more worrying is that the intruder/attacker can install another malicious hypervisor called a (Blue Pill), this hypervisor then controls the original hypervisor which in turn can control all the virtual machines that are running beneath it, this allows the attacker to examine any computer or server that is hosted on the machine. It would appear to the user that there is nothing going on while deep down the the Blue pill would be manipulating the virtualized computer or could also be intercepting data.
From what I have read so far seems to tell me that Operating Systems running in a virtual enviornment are just as prone to attack, as the machine that the virtualization software is running on. As regards installing virtual Operating Systems on private machines, A lot of the time the can be the biggest risk to the virtual machine. I say this because the risk occurs when the user is viewing webpages or opening email messages using windows on the virtual machine. You have to remember that when you install an Operating System within virtualization software you will have internet access on the OS that is installed. They only way to stop infection from occuring is not to allow network access on the Operating System, this would especially be the case as regards Windows.
As regards a security point of view solutions that emulate and thus the underlying host machine seems to be more secure than those that afford direct access. If you want to detect attacks from hackers, or malicious programs, the best way of detecting these attacks is to have virtualization that emulates a hard disk as a data file within the file system of the operating system that is been hosted on. So what happens here is that if a malicious attack tries to take place? It will be contained inside the data file which means it will not be harmful to the host operating system. This is why more people including businesses are becoming for interested in using virtualization as they feel it is a lot safer for web browsing and other internet related tasks.
They have the illusion that once they are operating their OS inside virtual software means they are safe from mailous attacks. BUT THIS IS NOT TRUE!!
One thing that can be forgotten quickly as regards virtualization is that it is just as vulnerable as any real operating system. The virtualization software needs to be updated and patched on a regular basis to help against mailous threats. You also need to protect the operating system that is running on the virtualization software as it is a risk if not patched or upgraded against threats. This means updates would include service packs and security patches. As regards the virtual software it needs to always have the latest security rollback patches to keep it protected. Another way to help against attack is to turn off services that are not needed.
Protecting virtual Servers
As regards the network you have what is called intrusion detection and intrusion prevention, this works by monitoring all network traffic and if a security issue is raised a red flag is raised. This intrusion would show as some sort of traffic that can not be explained by legitimate operations. Intrusion detection will not work on virtual servers. The problem occurs because there is no way to monitor traffic between virtual servers that are on the same physicial host. This traffic can't be monitored because inside the host platform you have a virtual switch that is used for each guest to connect to, so the host's physicial Network Cards are abstracted into a switching fabric. Security issues occur becauce with a virtual switch all the traffic that is on the host is contained within the host's virtual switching concepts thus monitoring can not be preformed reilablely. The above means you are more open to attack. It would be easy for a virus or other malicious attack to go undetected between virtual servers.
Data and application are moved between one or more servers by using a method called clustering. This them allows the mailious attack to spread to other servers quite easily. If a company is using virtualization for virtual servers, many specialists agree that confidential data and other important data should be kept on one physicial server to protect against malicious attacks and not on the virtual servers.
As we know people who create viruses and other malicious software are very smart and always in tune to what is going on in the real and virtual world of computers. For example with a virtual server in a virtual enviornment. These servers' applications would be monitored by IT technicians for any type of attack. When an attack is detected it is destroyed. This is fine but the hacker who creates these malicious software programs knows this. There answer is to create special virtual adware; these are viruses that can tell when they are in a virtual enviornment. This would make it easier for attacks to take place on virtual machine especially virtual servers. it was stated by the antivirus company "ESET that more than 200,000 virtual adware mailwares were detected in 2008" this would has a major impact on the security of virtual servers and how critical it is to protect them.
These are my findings on virtualization and how secure it is. As with any Operating System running on a machine, you are always at risk of malicious attacks, the same can be said for Operating Systems installed within virtualizaton software. They are under the same risk of attack. As we have seen, the attackers are becoming more aware that virtualization is been used on a larger scale. They have now created malware which is called virtual-aware. This lets them know when they are in a virtul enviornment thus making it easier for attacks to take place within the virtual enviornment.