Section 8: Virtualisation Flashcards
What is Virtualisation?
Creation of a virtual resource
What is a Virtual Machine?
A container for an emulated computer that runs an entire OS
What are the 2 type of VM’s?
- System VM
- Processor VM
What is a System Virtual Machine?
A complete platform designed to replace an entire physical computer and includes a full desktop/server OS
Why does virtualisation continue to rise?
In order to reduce the physical requirements for data centres
What do Virtual Machines run on top of?
A Hypervisor
What does a Hypervisor do?
Manages the distribution of the physical resources of a host machine (server) to the virtual machines being run (guests)
What are the 2 types of Hypervisors?
- Type 1 - Bare metal or native
- Type 2 - Runs inside a normal machine that uses windows or mac
What are some type2 hypervisors?
- Virtualbox
- VMware
Why are Type1 hypervisors more efficient than Type2?
- Faster
- doesn’t waste physical computer resources to run OS
- stripped down specialised OS providing physical VM
What is Application Containerisation?
A single OS kernel is shared across multiple virtual machines but each virtual machine receives its own user space for programs and data
- containerisation allows for rapid and efficient deployment of distributed applications
What is the most popular Container Based Virtualisation OS
Linux
What are some container based virtualisations available?
- Docker
- Parallels Virtuoso
- OpenVZ
What are some unique vulnerabilities related to VMs?
- VM escape
- Data Remnants
- Privilege Elevation
- Live VM migration
Are VMs separated by other VMs by default?
Yes
What is a VM escape?
An attack that allows an attacker to break out of a normally isolated VM by interacting directly with the hypervisor
- and then can enter another VM on the same machine
- to mitigate
- Virtual servers should be hosted on the same physical server as other VMs in the same network or network segment based on its classification
Benefits of having Virtualised servers within a cloud environment?
Elasticity allows for scaling up or down to meet user demands
- this can lead to a vulnerability known as Data Remnants
What are Data Remnants?
Contents of a virtual machine that exist as deleted files on a cloud-based server after deprovisioning of a virtual machine
- data could be recovered by an attacker which breaches confidentiality
What is Privilege Escalation?
Occurs when a user is able to grant themselves the ability to run functions as a higher-level user
- root or admin
- can be catastrophic or physical server if this is performed on the hypervisor itself
- VMware used to have this vulnerability where it allowed an attacker to escalate privileges into any of the guest OS hosted by that hypervisor
- to prevent = update hot fixes and service packs
When does Live Migration occur?
Live Migration occurs when a VM is moved from one physical server to another over the network
- attackers can perform MITM attack and capture the data between these 2 servers
What happens if the attacker exploits a vulnerability on the OS that is being shared by a container?
Anything hosted is exposed to that risk
What security measures should you take for your VM?
Same as a physical server
- updating OS and apps
- AV on VM machines
- group policies
- strong passwords
Should you keep your hypervisor up to date?
Yes
Should you limit connectivity between the VM and the host?
Yes
- isolate the machine from other machines on the hypervisor
