Securing the Virtual Environment by Matthew Wallace, , available at Book Depository with free delivery worldwide. Stonesoft's Mark Boltz says virtualization offers great efficiencies - as long as you don't overlook the security requirements. Virtual environments are becoming more popular, providing Prevent unauthorized access by securing accounts on the host machine.


Author: Deron Bashirian II
Country: Nicaragua
Language: English
Genre: Education
Published: 19 November 2015
Pages: 385
PDF File Size: 49.15 Mb
ePub File Size: 35.62 Mb
ISBN: 408-8-46574-167-8
Downloads: 35137
Price: Free
Uploader: Deron Bashirian II


Remove unnecessary hardware and disable certain features such as host-guest filesystem HGFS or copy and paste between the Securing the virtual environment and a remote console.

Securing the virtual environment templates and scripted management VM templates enable you to set up the operating system so that it meets your requirements, and to create other VMs with the same settings. An obsolete VM becomes an easy entry point for attackers, who could potentially access the hypervisor, other VMs, and the host OS.


For example, securing the virtual environment developers wishing to test their software on both current and older OSs with and with out certain securing the virtual environment to ensure the product will work for all clients. The traditional infrastructure security model is to work closely with one securely configuration that can be used on all computers.

By allowing different OSs, this manual work becomes increasingly more complicated. Compounding to the problem is the fact that some VMs may intentionally not have all patches to ensure software works with and without those patches.

Unlike shared physical servers, where each user is given an account with limited rights and permissions, VM infrastructures often give each user an administrator account to the guest OSs.

Securing Your Virtual Environment

This makes it more difficult for system administrators to ensure that each VM is secure, since the users often have the permissions to remove security measures. However, returning to an unpatched or compromised state is a great danger.


When a new security update is released, physical machines are patched securing the virtual environment remain patched. A VM may also get the security patch, but if for some reason the user needs to rollback to a previous state, then the guest is no longer patched [ Garfinkel05 ].

The biggest challenge is for system administrators to record when patches are made and evaluate which patches need to be applied securing the virtual environment when a VM is restored to a previous state.

An even bigger concern is returning to a contaminated state. Often machines are infected with viruses and are not detected until updates are made to virus protection software.

If a user returns to a state prior to virus removal, the virus may or may not exist on the system, since the origin of the virus is unknown.

Securing the Virtual Environment : How to Defend the Enterprise Against Attack Included DVD

This scenario is illustrated in figure 4. State Restore to Malicious State One security doctrine for building secure systems is minimizing the amount of time that sensitive data remains in a system [ Garfinkel05 ].

However, the state restore feature of VMs violates this principle since all information that was ever on the guest remains on the securing the virtual environment indefinitely.

If an attacker compromised the hypervisor and gained access to the state information for each virtual machine, he or she could access all information that was ever contained on the VM. VM transience limits the window in which attackers can attempt to compromise the system, but it also makes security maintenance and securing the virtual environment more challenging.

When a worm attacks a traditional server infrastructure, all vulnerable machines are rapidly infected. Then system administrators evaluate which machines are infected and correct the problem.

13 Tips to Secure Your Virtual Machine Environment

However, a virtual machine could become infected, go offline before detection, come online at a later time, and re-infect all vulnerable machines. There is a tradeoff between security and spontaneity.

Traditional security update cycles require that securing the virtual environment machines are online simultaneously for patching, virus removal, audits, and configuration changes. Transience itself not a security vulnerability, but it complicates security processes for system administrators, potentially opening up virtual machines to many different vulnerabilities.

Best Practices for Securing Virtual Networks - Part One of Three : @VMblog

Security Vulnerabilities There is nothing about virtual computing that is inherently unsecure; it is just a new security securing the virtual environment vector [ Higgins07 ]. The virtual machine layer is more secure than any OS, due to its simplicity and strict access control. Compromising the hypervisor could give attackers access to all virtual machines controlled securing the virtual environment it and possibly the host, which makes the hypervisor a compelling target.

Unauthorized communication between guests is a violation of the isolation principle, but can potentially take place through shared memory. Like physical machines, VMs are vulnerable to theft and denial of service attacks.

The contents of the virtual disk securing the virtual environment each virtual machine are usually stored as a file, which can be run by hypervisors on other machines, allowing attackers to copy the virtual disk and gain unrestricted access to the digital contents of the virtual machine.

Since VMs share resources from the securing the virtual environment machine, VM infrastructures were particularly vulnerable to denial of service attacks, which could starve resources from all VMs on the physical machine.


Related Articles:


    [1] Combes, P. F., Micro-ondes (in French), Dunod, Wave Guide Reminders H Definition of the TE10 Mode. [COM ...


    Les milieux naturels protégés au Québec. Complete Title: Les milieux naturels protégés au Québec. Non IUCN Publication. Exposition ...


    Download free vector logo for Prosperidad Para Todos brand from logotypes free in vector art in eps, ai, ...


    The sea that separates Odysseus from home was the lifeblood of ancient Greece. Homer's story of return takes ...


    Menno Meyjes (screenplay), Alice Walker (novel) Danny Glover, Whoopi Goldberg, Oprah Winfrey. Favorite Film Directed by Steven Spielberg? ...


    SHU AKASHI. Known for his highly finished style, a NY based photographer Shu Akashi has won accolades throughout ...