4.2 Virtualisation Concepts

Question 1

Describe the setup for virtualisation.

Answer 1

A host machine installed with a hypervisor that can be used to install and manage multiple guest OSs or VMs

Question 2

Describe the two different types of hypervisors

Answer 2

Type 1: Runs directly on the host hardware and functions as the OS
Type 2: Runs within the normal OS

Question 3

Name and describe the two different types of virtualisation

Answer 3

• Server-based (Terminal services)
  Server-based solution that runs the application on servers in a centralised location
• Client-based (Application streaming)
  Client-based solution that allows an application to be packaged up and streamed directly to a user’s PC

Question 4

Define containerisation and give some examples of software that does this

Answer 4

A type of virtualisation applied by a host OS to provision an isolated execution environment for an application.
Software: Docker, Parallels Virtuozzo, OpenVZ

Question 5

How do you reduce the risk of your virtual machine setup being exploited?

Answer 5

• Proper configurations
• Patched and up-to-date hypervisor
• Tight access control
• Proper failover, redundancy and elasticity

Question 6

What does a hypervisor do?

Answer 6

Manages distribution of the physical resources of a server to the VMs

Question 7

How does containerisation work?

Answer 7

Each container relies on a common host OS as the base; it uses less resources because each container doesn’t require its own copy of the OS

Question 8

What is the benefit of hyperconverged infrastructure?

Answer 8

Allows for full integration of storage, network and servers, without hardware changes

Question 9

What does application virtualisation do?

Answer 9

Encapsulates computer programs from the underlying OS on which they are executed

Question 10

What does VDI do?

Answer 10

Hosts desktop OSs within a virtualised environment hosted by a centralised server/server farm

Question 11

What is a sandbox (malware)?

Answer 11

An isolated environment for analysing pieces of malware

Question 12

Where would you use cross-platform virtualisation, and what are the two types?

Answer 12

You would use it to test and run software applications for different operating systems. The two types are emulation (system imitation) and virtualisation (new “physical” machine)

Question 13

What does second level address translation do?

Answer 13

Improves the performance of virtual memory when running multiple VMs on a single physical host

Question 14

What technology do Intel and AMD use, respectively, to support SLAT?

Answer 14

Intel - EPT (Extended Page Table)
AMD - RVI (Rapid Virtualisation Indexing)

Question 15

Describe the features of the two different versions of SLAT.

Answer 15

x86
- 32-bit processor
- 32-bit OS can only access 4GB RAM
x64
- 16 exabytes RAM
- application cannot run on a 32-bit processor

Question 16

What is ARM?

Answer 16

Reduced instruction set and computer architeture (RISC) in a computer processor

Question 17

What is system memory?

Answer 17

The amount of memory installed on a physical server

Question 18

How much GB of space do each of the operating systems take up on system memory?

Answer 18

Windows: 20-50GB
Linux: 4-8GB
Mac: 20-40GB

Question 19

What does an NIC do?

Answer 19

• Provides a computer with a dedicated, full-time connection to a network -
• Allows computers to communicate over a computer network

Question 20

What is VM escape, and which hypervisor is it easier to perform on?

Answer 20

Where the threat attempts to get out of an isolated VM and send commands to the underlying hypervisor. It is easier to perform on a Type 2 hypervisor.

Question 21

What is VM hopping?

Answer 21

Where the threat attempts to move from one VM to another on the same host.

Question 22

What is sandboxing (in the context of VM security)?

Answer 22

Separating running processes and programs to mitigate system failures or software vulnerabilites.

Question 23

What is a sandbox escape?

Answer 23

When an attacker circumvents sandbox protections to gain access to the protected OS or other privileged processes

Question 24

How can you prevent a sandbox escape from occurring?

Answer 24

Ensure the system is patched, up-to-date, has strong endpoint software protection, and limited extensions/add-ons

Question 25

What is live migration?

Answer 25

Migrating the VM from one host to another while it is running. It should only occur on a trusted network, or utilise encryption.

Question 26

What are data remnants and how can you protect them?

Answer 26

Leftover pieces of data that may exist in the harddrive which are no longer needed. You could encrypt the virtual machine storage location and destroy the encryption key to protect them.

Question 27

What is VM sprawl?

Answer 27

Uncontrolled deployment of virtual machines.