Virtualization Concepts

Virtualization Concepts

  • Virtualization allows running multiple operating systems and application environments on a single physical machine.
  • Essential for understanding cloud computing.
  • Virtualization simulates computer hardware functionality within a virtual environment.
  • Example: Running Linux and Windows 11 virtual machines on a macOS system.
  • Virtual machines use the host system's processing, memory, and storage resources.
  • Virtual machines are software-based and trick the OS into thinking it's using real hardware.

Domain 4: Virtualization and Cloud Computing

  • Focus is currently on virtualization; cloud computing will be covered later.
  • Objective 4.1: Explain virtualization concepts.
    • Purpose of virtual machines.
    • Requirements for virtual machines.
    • Desktop virtualization.
    • Containers.
    • Hypervisors.
  • "Explain" objectives require understanding and recalling information.
  • Example question: Identifying type 1 vs. type 2 hypervisors based on characteristics.
  • Virtualization relies on hypervisors.

Section Overview

  • Virtualization and hypervisors (type 1 and type 2).
  • Containerization: Uses the same underlying OS and libraries.
  • Purposes of virtual machines.
  • Resource requirements: CPU features, memory, storage, networking.
  • Security requirements for virtual machines.
  • Demonstration: Installing and configuring virtual machines.
  • Demonstration: Securing virtual machines from malware.
  • Checkpoint quiz and review.

Virtualization Explained

  • Virtualization is vital for security in both on-premise and cloud environments.
  • Reduces the need for power, space, and cooling.
  • Host computer with a hypervisor manages guest OSs or virtual machines (VMs).
  • Bare metal: Hardware before any software installation.
  • Hypervisor: Virtualization software.
    • Type 1: Bare metal, runs natively on hardware.
    • Type 2: Requires an OS (e.g., Windows, macOS) with the hypervisor as software on top.
  • Example: VMware running on macOS hosting Windows.
  • Guest OS: OS installed inside the virtual machine.
  • Host OS: Primary OS (e.g., macOS).
  • Virtual machines run on top of a hypervisor.
  • Hypervisor manages physical resources (processing, memory, disk space) for VMs.
  • Hypervisors: Type 1 and Type 2.
    • Type 1 (Bare Metal):
      • Runs directly on host hardware; functions as the OS.
      • Examples: Hyper-V, XenServer, ESXi, vSphere.
    • Type 2:
      • Runs within a normal OS (Windows, macOS, Linux).
      • Example: VMware Workstation, VirtualBox on Windows 10.
  • Virtual machines require OS updates, security patches, and hotfixes.
  • Virtualization has expanded into application virtualization.
    • Server-based Application Virtualization (Terminal Services).
    • Client-based Application Virtualization (Application Streaming).

Application Virtualization

  • Terminal Services:
    • Runs applications on a server in a centralized location.
    • Users access the applications via remote client protocols (RDP, ICA).
    • Examples: Microsoft Terminal Services, Citrix XenApp.
  • Application Streaming:
    • Packages and streams applications to a user's PC.
    • Creates a sandbox environment, isolated from the OS.
    • Example: Microsoft App-V.
  • Benefits: Enhanced security, encryption, access control, prevention of local data storage.
  • Virtualization allows multiple guest operating systems on a single physical computer using a hypervisor.
  • Type 1 hypervisors replace the host OS, while Type 2 run on top of an existing OS.
  • Type 2 hypervisors require more resources than Type 1.
  • Virtualization is essential and foundational to cloud-based servers.

Containerization

  • Containers share the host OS kernel.
  • Example: Three containers running Linux with different applications on a Linux host.
  • Requires fewer resources compared to using separate virtual machines.
  • Less storage and processing power needed than traditional virtualization.
  • Containers are logically isolated and cannot interface directly.
  • Communication requires a virtual network and routing.

Containerization: Security Implications

  • If the host OS is compromised, all containers are vulnerable and accessible.
  • Significant risk if a single Linux server hosts many containers.
  • Data may be hosted on the same physical server as other organizations.
  • If one organization's virtual environment is insecure, it can affect others on the same server.
  • Importance of proper configuration, management, auditing user access, and patching.
  • Virtual machines should have failover, redundancy, and elasticity.
  • Monitor network and physical server performance to balance the load across machines.
  • Balance performance benefits of containerization versus the risk of widespread compromise.
  • Containerization is applied at the OS level, providing an isolated environment for applications.
  • Enforces resource segmentation and separation at the OS level.
  • Provides better performance than traditional virtualization.
  • Presents a single point of vulnerability due to the shared OS.

Purpose of Virtual Machines

  • Cloud computing relies heavily on virtualization for cost savings and efficiencies.
  • Multiple logical servers on a single physical server reduce space, power, and cooling.
  • Achieves higher availability by dynamically provisioning additional virtual servers.
  • Dynamic resource allocation is a key benefit of cloud computing.
  • Security issues from physical servers carry over to cloud environments.
  • Hypervisors control the distribution of resources like processors, memory, and disk space.
  • Hypervisors emulate a physical machine.

Hypervisors Categories

  • Type 1 (Bare Metal):
    • Faster and more efficient than hosted counterparts.
  • Type 2 (Hosted):
    • Requires the underlying OS to be properly secured and patched.
  • Container-based virtualization (Containerization):
    • Does not use a hypervisor.
    • Each container relies on a common OS.
    • Each has its own binaries, libraries, and applications.
    • Primarily used with Linux.
    • Uses fewer resources.
  • Hyper-converged infrastructures:
    • Integrate storage, networks, and servers without hardware changes.
    • Relies on software and virtualization technology.
    • Managed from a single interface.
  • Application virtualization:
    • Encapsulates computer programs from the OS.
    • Fully virtualized apps are not installed traditionally.
    • Runs legacy applications on modern OSs.
    • Runs cross-platform software (e.g., Android on Windows).
  • Virtual Desktop Infrastructure (VDI):
    • Offers a full desktop OS from a centralized server in the cloud.
    • Example: Non-persistent desktops that are deleted daily.
  • Sandbox environments:
    • Isolated environments to analyze malware.
    • Ensures the host computer is not infected.
    • Used for dynamic malware analysis.
  • Cross-platform virtualization:
    • Testing applications across different operating systems on a single machine.
    • Virtual machines host Linux or Windows on a macOS system.
    • Benefits web developers/programmers.
  • Training and lab environments:
    • Practice on live operating systems without affecting production networks.
    • Snapshot feature to restore virtual machines to previous states.
    • Use of "broken machines" for troubleshooting exercises.
  • Emulation vs. Virtualization:
    • Emulation imitates another system.
    • Virtualization creates a virtual instance of hardware.
    • Virtualization: running a new physical machine represented by software.
    • Emulation: software translates the environment in real time.
  • Example: Super Nintendo emulator on macOS.
  • Virtualization provides physical access to underlying hardware.
  • Virtualization is faster than emulation due to real-time translation.
  • Emulators used to run operating systems for different hardware (e.g., game consoles).
  • Also used to run software designed for different OSs (e.g., Android on Windows).
  • For high speed and better performance, use virtualization.
  • For running software coded for different underlying hardware, use emulation.
  • ARM processors require emulators for x86/x64 software.
  • Virtual machines and containerization reduce physical space, power, and cooling needs.
  • Improved security through isolated data processing.
  • Virtual machines can host servers, applications, desktops, and sandboxes.
  • Emulation runs other OSs or hardware on regular laptops/desktops.
  • Virtualization is generally faster and more efficient than emulation.

Resource Requirements for Virtualization

  • Understanding resource requirements is essential for virtual machine installation and configuration.
  • Key areas:
    • CPU and virtualization extensions.
    • System memory.
    • Storage.
    • Networking.
  • CPU and Virtualization Extensions:
    • Intel: VT-x (Virtualization Technology).
    • AMD: AMD-V (AMD's version of virtualization).
    • Both hosted and bare metal hypervisors benefit from CPU virtualization support.
    • Virtualization typically must be enabled in the BIOS/UEFI.
    • SLAT (Second Level Address Translation): Improves virtual memory performance.
      • Intel: EPT (Extended Page Table).
      • AMD: RVI (Rapid Virtualization Indexing).
  • CPU Cores:
    • Multicore is desired.
    • Multi Core / Hyper Threading: Needed for virtual machine enablement capabilities
    • X86 - 32 bit operations
    • X64 - Access to 16 exabytes of RAM
    • ARM - Advanced RISC machine (reduced instructions at computer)
      • Energy efficient, usually on tablets of smart phones.

System Memory Considerations

  • More memory is always better for virtual machine hosting.
  • Adequate memory is needed for both the host and guest operating systems.
  • Host OS (macOS): Requires roughly 8 GB of memory to boot.
  • Host OS (Windows): Requires at minimum 4 GB, preferably 8 GB.
  • Storage Volume. (allocate at least 40-50 Gigs for applications if windows). Linux is smaller.
  • Networking. Share physical network Interface Card. if using older setups, upgrade speed to gigabit.

Virtual Machine Attacks

  • Four categories of attacks:
    • VM Escapes.
    • VM Hopping.
    • Sandbox Escapes.
    • Other VM Concerns (VM Sprawl, Data Remnants).

VM Escapes

  • Threat actor attempts to exit the isolated VM and send commands to the hypervisor.
  • Requires exploiting a vulnerability in the hypervisor's code.
  • Easier to perform on Type 2 hypervisors than Type 1.
  • Attacker may gain access to the host OS, escalate privileges, and access other VMs.
  • Prevention: Keep OSs and hypervisors patched and up to date.

VM Hopping

  • Threat actor attempts to move from one VM to another on the same host.
  • Exploits the hypervisor or a feature to move between isolated VMs.
  • Focuses on moving between VMs, not reaching the hypervisor.
  • Protection: Keep hypervisor patched and securely configured.

Sandbox Escapes

  • Sandbox separates running processes to mitigate system failures or software vulnerabilities.
  • Commonly created using virtual machines or containerization.
  • Sandbox escape occurs when an attacker circumvents sandbox protections.
  • Prevention: Keep software and OSs updated and use endpoint protection software.

VM Concerns

  • Migrations: * Virtual Machine: Migration from one machine to another. * Live Migration: Requires trusted networking (such a encryption) to prevent against potential prying eyes and on-path attacks.
    • Data Remnants: Storage must have a destroy key, such as encryption, upon end of storage on service, or the data will retain data when a new user uses the virtual machine.
      • VM Sprawl: Uncontrolled Deployment of one or more virtual machines
      • Rogue virtual machines installed without authorization.
      • Lack of system management, security patching, and antivirus updates.
      • Susceptible to attack and used as a pivot point into the network.

Demonstration: Installing Virtual Machines (VirtualBox)

  • VirtualBox: Software to run other OSs on Windows, Mac, or Linux.
  • For x86/x64-based processors (Intel/AMD), any guest OS can typically be run.
  • Newer Macs (Apple Silicon - ARM-based) require ARM-based guest OSs.
  • Install Process:
    • Go to virtualbox.org to download the VirtualBox software depending on host (Intel host, Silicon Host, Windows Host, Linux)
    • Linux: Requires finding Linux ISO image and download
  • Software install and configuration process.
  • Set up Virtualbox. (accessing the software once fully installed.)

Demonstration: Securing Virtual Machines (VirtualBox)

  • Virtual machines create a self-contained area with a new OS.
  • VMs are isolated from the host OS by default but VirtualBox can enable interaction.
  • Security Settings:
    • Setting> General>Advanced
      • Shared Clipboard.
      • Drag and Drop (can transfer/copy from Linux onto Machine OS. For security reasons, disabled).
    • Setting> Description
      • Putting notes about VM, such as security password prompts for yourself.
        *Setting> Disk-Encryption (requires extension packs to be installed) (AES XTS two five six plain sixty four key to be set)
        *Setting> User Interface (This is not an actual security risk).