Securing the Virtual Environment: How to Defend Against Attack

Wednesday, June 06, 2012

Ben Rothke


Securing the Virtual Environment: How to Defend the Enterprise Against Attack

One of the selling points around virtualization is about its perceived added level of security. But virtualization, like any other piece of software can be implemented incorrectly, and itself have flaws. 

Last year, NIST came out with SP 800-125, Guide to Security for Full Virtualization Technologies

The guide is intended for system administrators, security program managers, security engineers and anyone else involved in designing, deploying or maintaining full virtualization technologies.

NIST SP 800-125 recommends organizations do the following:

  • secure all elements of a full virtualization solution and maintain their security
  • restrict and protect administrator access to the virtualization solution
  • ensure that the hypervisor, the central program that runs the virtual environment, is properly secured
  • carefully plan the security for a full virtualization solution before installing, configuring and deploying it

All good items to do; but at 25 pages, SP 800-125 is clearly inadequate to cover all of the details around how to securely use virtualization. 

With that, Securing the Virtual Environment: How to Defend the Enterprise Against Attack, by Davi Ottenheimer and Matthew Wallace is a great new book that that provides a comprehensive overview on how to secure systems and defend against attacks on virtualized environments.

The book takes a very strong approach that in order to secure virtualization effectively, one needs to understand how adversaries will attack a virtualized environment.  The authors provide numerous details on how to precisely do that.

The book is a highly technical guide meant for those designing, deploying and administering virtualized systems. At 400 pages, the books 10 chapters provide a wealth of information to secure virtualized systems.

Chapter 5 on Abusing the Hypervisor is perhaps the best chapter in the book and the most important topic regarding virtualization security.  The hypervisor is the software, also called the virtual machine manager (VMM) that manages the entire virtualization environment.  Malware will often attack the hypervisor in order to gain control. 

The book also contains an appendix on how to build a virtual attack test lab.  It details the components of the virtual penetration testing lab, including how to build the gateway, Xen hypervisor and KVM, and how to build the cloud stack.

The accompanying DVD contains code and scripts from the book and also contains a Ubuntu 6 virtual machine, pre-loaded with various network security tools.

Chapter 1 on virtualized environment attacks is freely available here.  After reading that, most readers will likely want to read the entire book, and they should.

Anyone who is serious about virtualization security should certainly make sure that Securing the Virtual Environment: How to Defend the Enterprise Against Attack is on their reading list, and that of every security administrator in their company.

Cross-posted from RSA

Possibly Related Articles:
Information Security
Defense Virtualization Attacks Network Security Guidelines hackers Book Review Hypervisor
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.