More

    Guide to Security for Full Virtualization Technologies

    Guide to Security for Full Virtualization Technologies

    The spread of virtualization technologies has a wide range of benefits, from improved hardware efficiency to more standardized client support. This overview will get you acquainted with virtualization technologies.

    Virtualization is the simulation of the software and/or hardware upon which other
    software runs. This simulated environment is called a virtual machine (VM). There are
    many forms of virtualization, distinguished primarily by computing architecture layer.
    This publication focuses on the form of virtualization known as full virtualization. In
    full virtualization, one or more OSs and the applications they contain are run on top
    of virtual hardware. Each instance of an OS and its applications runs in a separate VM
    called a guest operating system. The guest OSs on a host are managed by the hypervisor,
    which controls the flow of instructions between the guest OSs and the physical
    hardware, such as CPU, disk storage, memory and network interface cards. The hypervisor
    can partition the system’s resources and isolate the guest OSs so that each has access
    to only its own resources, as well as possible access to shared resources such as files
    on the host OS. Also, each guest OS can be completely encapsulated, making it portable.
    Some hypervisors run on top of another OS, which is known as the host operating
    system.

    The recent increase in the use of full virtualization products and services has been
    driven by many benefits. One of the most common reasons for adopting full
    virtualization is operational efficiency: organizations can use their existing hardware
    (and new hardware purchases) more efficiently by putting more load on each computer. In
    general, servers using full virtualization can use more of the computer’s processing
    and memory resources than servers running a single OS instance and a single set of
    services. A second common use of full virtualization is for desktop virtualization,
    where a single PC is running more than one OS instance. Desktop virtualization can
    provide support for applications that only run on a particular OS. It allows changes to
    be made to an OS and subsequently revert to the original if needed, such as to
    eliminate changes that negatively affect security. Desktop virtualization also supports
    better control of OSs to ensure that they meet the organization’s security
    requirements.

    Full virtualization has some negative security implications. Virtualization adds
    layers of technology, which can increase the security management burden by
    necessitating additional security controls. Also, combining many systems onto a single
    physical computer can cause a larger impact if a security compromise occurs. Further,
    some virtualization systems make it easy to share information between the systems; this
    convenience can turn out to be an attack vector if it is not carefully controlled. In
    some cases, virtualized environments are quite dynamic, which makes creating and
    maintaining the necessary security boundaries more complex.

    This publication discusses the security concerns associated with full virtualization
    technologies for server and desktop virtualization, and provides recommendations for
    addressing these concerns.

    The attached Zip file includes:

    • Intro Page.doc
    • Cover Sheet and Terms.doc
    • Guide to Security for Full Virtualization Technologies.pdf

    Latest Articles