The Laws of Virtualization Security - Putting Laws into Practice (
Page 2 of 4 )
Putting
the laws into practice
The
answer to the question of security rarely has an absolute value. For most
enterprises, the virtualization decision is about where and when to apply
controls that are sufficient in the environment based on risk tolerance. Ultimately,
whether virtualization is bane or boon for security depends on how the systems
are configured, deployed, and managed.
To manage
these new security concerns, it’s important to understand the underpinnings of
today’s virtual systems.
The
primary components of a virtual environment are:
· Virtual Machines (VMs) and their
accompanying guest operating systems: Theses are the “core” components of the virtual
architecture.
· Virtual Machine Monitor (VMM): The software component
responsible for managing interactions between the VM and the physical system.
· Hypervisor and/or host operating
systems: The
software that handles kernel operations.
A
virtualized environment consists of a VMM and one or more virtual machines. The
VMs and VMM interact with either a hypervisor or a host operating system to
access hardware, local I/O, and networking resources. In addition to these
components, virtualization architectures leverage virtual networking, virtual
storage, and terminal service capabilities to complete their architectures.
This minimum
set of components comprises virtual environments in a few distinct ways:
· Type 1 virtual environments are
considered “full virtualization” environments and have virtual machines running
on a hypervisor that interacts with the hardware.
· Type 2 virtual environments are
considered “full virtualization” as well, but work with a host operating system
instead of hypervisor (though sometimes the VMM is called a hypervisor anyway).
· Paravirtualized environments make performance
gains by eliminating some of the emulation that occurs in full-virtualization
environments.
· Other designations include hybrid virtual
machines (HVMs) and hardware-assisted techniques.
From a
security perspective, a more significant risk profile exists in a Type 2
environment where a host operating system with user applications and interfaces
is running outside of a virtual machine at a level lower than the other virtual
machines. Because of the architecture, the Type 2 environment increases risk
through its incorporation of potential attacks against the host operating
system. For example, a laptop running VMware with a Linux virtual machine on a
Windows XP system inherits the attack surface of both operating systems, plus
the virtualization code of the VMM.
