Virtual Security

15 minutes
Share the link to this page
You need to purchase the class to view this lesson.
One-time Purchase
List Price:  $139.99
You save:  $40
List Price:  د.إ514.18
You save:  د.إ146.92
List Price:  A$179.52
You save:  A$51.29
List Price:  ৳11,871.62
You save:  ৳3,392.13
List Price:  CA$176.80
You save:  CA$50.51
CHF 88.62
List Price:  CHF 124.08
You save:  CHF 35.45
List Price:  kr855.96
You save:  kr244.57
List Price:  €115.06
You save:  €32.87
List Price:  £102.26
You save:  £29.22
List Price:  HK$1,085.49
You save:  HK$310.16
List Price:  ₹10,223.98
You save:  ₹2,921.34
List Price:  RM566.18
You save:  RM161.78
List Price:  ₦53,126.20
You save:  ₦15,180
List Price:  kr1,183.01
You save:  kr338.02
List Price:  NZ$193.55
You save:  NZ$55.30
List Price:  ₱6,723.08
You save:  ₱1,921.02
List Price:  ₨22,447.39
You save:  ₨6,414
List Price:  S$185.30
You save:  S$52.94
List Price:  ฿4,195.50
You save:  ฿1,198.80
List Price:  ₺1,029.66
You save:  ₺294.20
List Price:  B$728.03
You save:  B$208.02
List Price:  R2,105.83
You save:  R601.70
List Price:  Лв225.56
You save:  Лв64.45
List Price:  ₩153,297.25
You save:  ₩43,802.34
List Price:  ₪446.20
You save:  ₪127.49
Already have an account? Log In


Virtualization is utterly fantastic. And in this episode, I want to talk about some of the security aspects about virtualization. But before we do that, I want to make sure you get an idea of what I've got laying around here, mainly to lock in from other episodes, where we talk about type one, type two hypervisor, that type of thing. Let me show you what's going on right here. Now, first of all, here's my computer right here. And this machine's running Windows 10.

Now, what I want to do for starters, is show you a type two hypervisor that I have running on this particular system, called Oracle's VirtualBox, very, very popular. So I'm going to come down to Oracle's VirtualBox. Now if you look really close, you can see I've got two windows here. So first of all, this is the actual VirtualBox manager. And I have 1234 virtual machines already pre installed here, and one of them is running and if you want to see that when I can just come over here and here is one version machine and I don't even remember the password right now, but doesn't matter that terribly much. So that is a type two hypervisor.

It's running locally on this system, and VirtualBox is a very, very common type of typing hypervisor, and it's also free. I love it. Now, the other thing I have running is a type one hypervisor. So let's take a look at this network diagram one more time. So here's my computer running its type two hypervisor. Over here, I've got a server system.

And on this server, it is running an operating system called VMware ESXi. Now ESXi is kind of the poor man's version of type one hypervisor. But it works great. We love it, VMware, we think you're fantastic. Now, if I were to actually walk over to that system and plug a monitor into it, it's kind of boring. I mean, you just get this ugly, boring screen that means absolutely nothing.

So other than the actual initial installation, all the heavy lifting that's done with VMware is done through a client So I happen to have the VMware client installed on this particular system, they call this the VM manager. Now, this is a slightly older version of ESXi. But I like it. And for the simple stuff we do here at total seminars, it works absolutely great. For us, the big things we're doing is testing software to make sure that it works on different operating systems. We also do some policy checking, like if I set a policy that could mess everybody up, we try it on a virtual machine.

First. We do patches on a virtual machine, make sure the patch doesn't blow everybody up. So we can do a lot of fun stuff with it. So but what you're looking at here is all the virtual machines we have in fact, I'm going to show them all to you because I don't want you guys to have that kind of access. But these are all r&d type systems that we keep around for one reason or another. Invariably, someone's going to ask me, Mike, I'm running Vista Business and something that happened.

So we have examples of all the stuff that we turn to time and time again. Now to turn one on, I just hit click one and turn on the on button. But you can see I think I've already got one running here. Yeah, so what I've got here is a copy of Ubuntu. And if I ever need a new boon to box, I can access through my VMware client. And I can turn this on and do anything that I want.

Now there is one more type of virtualization I want to talk about. And that is cloud based. Now, using Infrastructure as a Service is a very, very powerful tool today. Things like Amazon Web Services, or my current personal favorite Microsoft Azur are really great places to go if you just need to spin up a quick web server or game server, whatever it might be. And I've actually got a free trial version running right here. So if you take a look, what I have right now is the free trial version of Microsoft Azur and I've got a bunch of stuff set up and running.

But what I'm mainly interested in showing you right now is this guy right here. So what you're looking at in this particular case is an up and running server, you can actually see its IP address. I don't, I haven't given it a DNS name yet. But what I've done is using the Microsoft as your services, and this is all done with their free trial, by the way, I can set up a server, it will come with an IP address, it will get a default domain name, usually something really boring name like portal or something like that. But the important thing is up and running. I can configure the DNS, I can set IP, I can do all kinds of powerful, powerful stuff like that.

So here we're looking at three different types of virtualization, the type two hypervisor type one hypervisor, and a very much a classic cloud infrastructure as a service setup. So virtual machines are absolutely fantastic. I mean, obviously, they save space, I can put a lot of computers onto a single physical computer. They power for the exact same reason, instead of running five or six boxes, I just can run one. But they also do a lot of really, really important things. In fact, if you really think about it to me, virtualization is by itself, a security feature.

With virtualization, I can take care of, as I mentioned earlier, patch management, if I want to test a patch, I can do it on a virtual machine before I push it out to all my big boxes. If I have hardware issues, with virtualization, pretty much, especially if I'm on one particular platform, all the hardware can be configured identically. So things like do I have the right driver for that video card or whatever it might be kind of goes out the window availability, if something goes down, it's trivial for me to spin up another version of a particular VM. So availability is very, very important. And when it comes to testing to test everything, I mean, security controls, I want to put in a new type of security control that only allows certain people to log in. I can put this out on Virtual Machine, test it and then I can determine whether it's going to work or not in the real world, I could also use it for sandboxing.

In particular, when I talk about sandboxing, I'm talking about making a virtual machine making something that's separate from my real world network and then doing something with that. And that way, if there's a problem, I don't have to risk everybody else. Software is being dispersed. And I want to make sure there's no malware on it, I can set up a VM, make sure it's not connected my network, install it and see what happens. So it's incredibly powerful. The other big thing that we can do with virtual machines is network separation.

So let's take a look at this little diagram. So here's my server. Now on that server is a whole bunch of virtual machines. So I'm just going to make four little boxes here above the server to show the four virtual machines I'm running. If I want to separate them from my main network, it's trivial. Pretty much all hypervisors allow me to create a virtual switch.

So what I can do is I can create like a little Pretend switch here that's between my real server and my four virtual machines, I can connect the four virtual machines to that. But I don't have to connect it through the physical server to my real network. So if you've got a bunch of virtual machines, and you need them segregated, it's trivial to do because of virtual switches. On top of that virtual machines handle VLANs, or anything else, just like a real world computer would do as well. The last one, the big one, for me, are snapshots and backups. If I shut down a virtual machine, it manifests as a file, just one file.

And backing up becomes trivial, I can simply make a backup copy of that very large file, and I'm talking in many, many gigabytes size and send it off to the side. If something blows up, I can simply bring that file back, bring that virtual machine up, and it's as though nothing ever happened. What we tend to do more often, though, with virtual machines is what we call a snapshot. So I've actually got that capability right here. So what I'm going to do is I I'm going to show you this is the virtual machine, I'm running on my Oracle VirtualBox. And one of the things I can do if I need to, is I can just take a quick snapshot.

And I can type in anything I want. That helps me describe what's going on, hit OK. And what's happened is a perfect example of the state of this system. As it is up and running right now is stored. snapshots are amazing. If I'm going to be testing a piece of software, for example, usually what I'm going to do is I'm going to have this virtual machine, I'm going to go ahead, take a snapshot, install the software, and then see what the differences if something happens that blows up the application. I can restore instead of having to copy a whole file, I can just go back to a previous snapshot.

So it is an incredibly powerful tool and when you're going to be seen on the exams. So, virtualization is in of itself a security feature. However, there are things that take place within The virtual world, that can be a problem. And I want to just call that virtual threats. When we're talking about threats to virtual machines, the number one thing you need to remember is that anything that can happen to a virtual machine is the same stuff that can happen to a physical machines. So when we're talking about stuff like malware or not patching a machine properly or having a host firewall, although usually, a virtual machine will take advantage of whatever network firewalls provided.

But the host is up to you setting up policies. So especially if you've got a type one or type two hypervisor that you're directly in control of, you have to take care of all this stuff. This is all your job. Now, luckily, when you get into the cloud, most AI s type of setups provide a lot of this stuff. So take a look right here. So here on my fuzzer It's even got a whole big security center.

And you can see I'm getting lots of red bars mainly because I haven't set anything up yet. So if I take a look at this, I believe I click on recommendations. It's got all kinds of stuff it's recommending that I do. So for example, add a next generation firewall. So if I click on that, I'm going to create a solution. And lookie.

Here, they've got three different companies that are more than glad for a small consideration to provide all of these tools. So when we see stuff like this, particularly when it's done on the cloud, we tend to call this security as a service. So this is a very, very powerful thing. Now, there are two other security aspects that are very unique to virtualization. So let me talk about both of these and we'll do it through a diagram. So let's imagine this circle right here is my entire infrastructure, all my computers and everything.

Now over time here, the accounting department sets up a virtual machine with Amazon Web Services. And then over here, the sales department sets up something on Azhar and somebody else sets up a private cloud. And even with in my own infrastructure, people start setting up type one hypervisors and stuff like this. This is known generically as VM sprawl. Now, VM sprawl is a bad thing. And it's something that we want to avoid.

Unfortunately, it can be tricky. The other one I want to talk about is called VM escape. Now, here's a type one hypervisor. And we're going to say he's got four virtual machines running on like we talked about earlier. There are situations this happened 1012 times over the last 10 years, where people have come up with tricky ways to be able to punch out of the virtual machine and get to the hypervisor itself and the host system and cause naughty naughty things. In general, these are the types of things we need to avoid.

So let's talk about hardening virtualization. There's a number of issues to consider when it comes to hardening virtualization. Probably one of the biggest ones is cleaning data remnants. When you have a virtualized hypervisor, well, when you have a hypervisor that's running virtualization, he's going to have a lot of data that's sitting on its drives. If you ever want to recycle these drives or anything, you've got to make sure to clean them out. Even if you're in a situation where you're taking out one virtual machine, it's usually a good idea to take the time to wipe out all the data that is associated with that one virtual machine.

The biggest thing you can do when it comes to virtualization is make good policies. You got to let people know what they can and can't do when it comes to virtualization. If the accounting department is going over to Amazon Web Services and setting up their own servers, that's because you haven't set up good policies. So make sure people are aware of that. also understand that all hypervisors come with some type of user privileges built into all of these As you can decide what users can create virtual machines, we can copy virtual machines who can make snapshots who can just view them and take advantage of these controls so that you have good tight control on your VMs. Next, patch, everything.

And I'm not just talking about the virtual machines themselves, I'm not talking about just the application running on virtual machines, I'm not talking about just the operating system, even hypervisors need patching, so you've got to stay on top of all of these. Last, and this is something that runs into when things get a little bit more complicated. There's something called Cloud access security brokers. Let me show you what that means. So here's my infrastructure. And let's say I've got one particular infrastructure as a service that I'm using out there for my own websites or whatever it might be.

A cloud access security broker acts as an intermediary between your infrastructure your in house stuff, and the cloud. It will either manifest as some type device that's running locally, although that's fairly rare. And it usually shows up as a service that's running up on the cloud itself. Its job is to make sure that policies are controlled. It watches for malware that does everything you need to in order to take advantage of the best in security as a service. The big thing you're going to be running into on the exam when it comes to virtualization is when do you use this type of virtualization?

Do you need a virtual switch or not? Do you need cloud access security brokers? You're not going to be really running into log questions more a matter of you know, the network guy needs to do this is virtualization an option? And what type of virtualization Do you need to use?

Sign Up


Share with friends, get 20% off
Invite your friends to TabletWise learning marketplace. For each purchase they make, you get 20% off (upto $10) on your next purchase.