Use fragmentation time to learn about virtualization security---part I.

1. Summary
In the IT and online world, virtualization has had a huge impact in a short time, and has provided huge cost savings and high ROI for data centers, businesses, and cloud computing. From a security perspective, there seems to be a lack of substantial and lagging understanding of the virtualized and virtualized environment. Some people think that virtualization is more secure than traditional environments because they have heard of the isolation between virtual machines, but have not heard of any successful attacks on hypervisors. Others believe that the new virtualized environment needs to be as secure as the traditional physical environment, so it is necessary to apply a continuous and effective security hardening method in place. But the new environment is more complex, and a new, secure approach is needed when a virtual environment is added to the current environment to create a new network. This includes both traditional security and virtualization security. This article outlines the differences, problems, challenges, risks, and so on that are caused by virtualization. And look forward to providing customers with good advice and best practices to ensure that when the virtual environment to join the existing network environment as safe as the original.
2. Introduction
Although this is a concept that goes back more than more than 50 years, the technology will grow and evolve in applications today and in the future. In fact, half of today's servers are running on virtual machines. 1. By 2014, 70% of the workloads were running on virtual machines. 2. We need to keep up with the advances in technology and need to deploy secure virtualization components and virtualized environments extensively. Let's look at the benefits that are now being brought about by virtualization.
3. Security Benefits of Virtualization
Here are some of the benefits of introducing a virtualized environment:
In virtualized environments, centralized storage is used to prevent data loss, such as loss of equipment, theft, and destruction of important data.
When virtual machines and applications are properly isolated, only one application on an operating system is affected by the attack.
When configured correctly, the virtual environment provides flexibility that allows the system to not share vital information.
If a virtual machine is infected, it can be rolled back to a security state before being attacked.
Virtualization improves physical security because of reduced hardware devices and data centers.
The deployment of desktop virtualization can better control the user environment. An administrator can create and control a "mirror" and send it down to the user's computer. This technology provides better system-to-control to ensure that the Organization's security policy needs are met.
Server virtualization can lead to better incident handling because the server can revert to a previous state in order to review what happened before and during the attack.
System and network management access control and separation of duties can be improved by assigning only specific individuals to control the virtual environment Internal network while others are dealing with virtual machines in the DMZ area. For example, you can have specific administrators working with Windows servers, while others process Linux servers.
Virtual machine management software is relatively small and uncomplicated. It provides a small attack surface, and the program runs on a small attack surface, reducing the potential for vulnerability.
Please note that we have described some of these benefits, such as "If configured or improperly set". Virtualization is very complex and
With it must be correct to ensure that the above advantages are obtained.
4. Security challenges, risks and issues with virtualization
Now that we've seen some of the benefits of virtualization, let's take a look at some of the challenges, risks, and issues.
4.1 File sharing between hosts and hosts
When using file sharing, a problematic object can access the host's file system and modify the directory used for sharing.
When clipboard sharing and dragging are used on the main airliner, or when the application programming interface is being used for programming, a stability vulnerability in these areas can ultimately affect the entire infrastructure.
4.2 Snapshots
When the snapshot is restored, any changes you make to the configuration will be lost. If you change your security policy, some things can be accessed at the moment. The audit log may also disappear, which may eliminate any records that you make changes on the server. These unfortunate results are difficult to meet the requirements of compliance.
Images and snapshots contain proprietary data like personally identifiable information and passwords, more like a physical hard drive. Any unnecessary or more images are really worrying because the storage of any snapshot may contain an uncovered malware that can cause serious damage when reloaded.
4.3 Networked storage
Fibre Channel and iSCSI are clear-text protocols and may be subject to man-in-the-middle attacks. The sniffer tool can be used to read or record storage traffic and be reproduced by an attacker.
This is often a tradeoff between the performance and security of a fibre channel, which can be used in a host bus adapter for Fibre Channel implementations, but cannot be used multiple times due to negative issues that may occur.
4.4 Virtual Machine Manager (Hypervisor)
If hypervisor is compromised, all connected virtual machines will also be affected, and the default hypervisor configuration is not always the safest.
Hypervisor controls everything and provides a single point of failure in a virtual environment. A single gap can put the entire environment at risk.
An administrator in hypervisor can do anything ("Keys for All Kingdoms"). The hypervisor usually have password settings, but these are easily shared among administrators, so you don't really know who did what.
Hypervisor can allow virtual machines to communicate with each other, and this communication does not even join the physical network, which ultimately behaves like a private network of virtual machines. This traffic cannot always be seen because the hypervisor is running, and you cannot guarantee that this is safe.
Cond...

Using fragmentation time to understand virtualization security---Part I