informa
Announcements
Event
Emerging Cybersecurity Technologies: What You Need to Know - A Dark Reading March 23 Virtual Event | <GET YOUR PASS>
Report
Black Hat USA 2022 Attendee Report | Supply Chain & Cloud Security Risks Are Top of Mind | <READ IT NOW>
PreviousNext
Risk
2 MIN READ
Commentary

Virtualization Security

From virtual rootkit "aka Blue Pill" attacks to attacks that make it possible to break out of a virtual machine's operating system to the underlying server OS -- there's been plenty of talk about virtual security in the past few years. Yet, the more I look into the issues surrounding virtualization and security, the less I think it's about securing the actual virtualization software itself, such as the hypervisor.
George V. Hulme
Contributor
April 06, 2008
From virtual rootkit "aka Blue Pill" attacks to attacks that make it possible to break out of a virtual machine's operating system to the underlying server OS -- there's been plenty of talk about virtual security in the past few years. Yet, the more I look into the issues surrounding virtualization and security, the less I think it's about securing the actual virtualization software itself, such as the hypervisor.One of the big scares out there is the concept of a hypervisor being compromised, and one successful exploit would make it possible to comprise the underlying host operating system, and permit unauthorized access to each and every hosted VM on the host server. In an event like this, current antivirus tools may not be able to spot malicious processes or software. And there you have it, one exploit and it's possible to "own" all five, 10, or more hosted machines. Or maybe even hundreds in a clustered environment.

That certainly wouldn't be a good day in the life of any CISO. While the scale of these (so far theoretical) threats are greater than compromising a single server, the threats against the hypervisor are not really any different than vulnerabilities that enable attackers to gain access to physical servers. Because the hypervisor is a more dedicated, and relatively thinner, slice of software than a full-blown operating system, we're going to see many fewer vulnerabilities. In a recent conversation, Andreas Antonopoulos at Nemertes Research summed it up best: "When you look at the total virtualized environment, and you have a pool of 300 servers running on 100 physical servers with 100 hypervisors, what are you going to be more worried about? The attack surface of the hypervisor? Which is about 100,000 lines of tightly written code, or the 300 copies of Microsoft Vista running above it?"

Fixating on the security of the hypervisor itself is akin to taking a long, hard drag off of a cigarette while looking up at the sky and worrying about an asteroid strike.

Sure, it could happen. But it's the lack of taking care of the basics that will probably bring you down. So, rather than obsessing over hypervisor attacks, it's best to make sure that all of the software running on top of it is snugly patched. That the intra-VM traffic is vetted just as tightly as traffic that transverses the hardware. And that all of your change-control processes are maintained.

Sure, you're going to have to keep an eye out for hypervisor vulnerabilities and exploits. But if you have good layers of defenses in place, it won't be the end of the world.

More Insights
White Papers
More White Papers
Webinars
More Webinars
Reports
More Reports
Editors' Choice
Microsoft Outlook Vulnerability Could Be 2023's 'It' Bug
Nathan Eddy, Contributing Writer, Dark Reading
Employees Are Feeding Sensitive Biz Data to ChatGPT, Raising Security Fears
Robert Lemos, Contributing Writer, Dark Reading
Microsoft Zero-Day Bugs Allow Security Feature Bypass
Jai Vijayan, Contributing Writer, Dark Reading
How Patch Tuesday Keeps the Beat After 20 Years
Andrada Fiscutean, Contributing Writer, Dark Reading
Webinars
More Webinars
Reports
More Reports
White Papers
More White Papers
Events
More Events
More Insights
White Papers
More White Papers
Webinars
More Webinars
Reports
More Reports