Ahmed Nour, profile picture
Uploaded byAhmed Nour
1,153 views

Virtualization security

Virtualization allows multiple operating systems to run simultaneously on a single computer through virtual machines. There are security risks to virtualization including compromise of the virtualization layer which could impact all virtual machines, lack of visibility into internal virtual networks, mixing virtual machines of different trust levels on a single physical server, and lack of access controls on the hypervisor layer. Security teams must be involved in virtualization projects from the beginning to help address these risks.

Technology
Related topics:
Data Center Overview

Embed presentation

Virtualization Security By Ahmed Adel Nour
What is Server virtualization? Is an architecture that allows you to run multiple operating system simultaneously on a single computer. Each copy of an operating system is installed on its own virtual machine
Host Operating system-based virtualization (OS virtualization) In this type the software is installed and runs as an application running on the top of a Host Operating system (Windows – Linux) examples of this type (VMware Workstation).
Bare-metal Hypervisor In this model the virtualization layer is installed directly on a clean x86- based system . Because it has a direct access to the hardware resources, rather than going through the operating system , a hypervisor (or also called virtual machine manager (VMM)) is more efficient than a hosted architecture and delivers grater scalability , robustness and performance Fig 1.3 . In most cases we use Type two : Bare-metal Hypervisor , in which we deploy the Hypervisor in some physical machines allow us to build or environment
Why Virtualization ? • Server consolidation and Improve Server Hardware Utilization.
Why Virtualization ? • Reduce the Power Consumption and Cooling in Data Centers (Green-IT)
Why Virtualization ? Reduce the IT Cost
Virtualization Security Risks Information Security Isn't Initially Involved in the Virtualization Projects Many Migration projects done without the involving the security teams in the organizations because of many aspects . one of it that the virtualization is only a consolidation of the existing physical servers to new virtual ones the whole story that I need more space in the Data center , why I should evolve the security team ? The answer is WRONG, security team must be evolved because of this team always responsible for the securing every point in the data center from the design phase till the implementation and operation.
Virtualization Security Risks A Compromise of the Virtualization Layer (VMM or Hypervisor ) Could Result in the Compromise of All Hosted Virtual machines . As you can see in the common for all the hosted virtual machines is the hypervisor , don’t forget that this is a piece of software , written by human . it could have problems in the code , it could have vulnerabilities, it could be affected with viruses or worms etc. .. This layer must be secure. In fact this layer is the most dangerous layer in the architecture, if an attacker can gain access to this layer so easily he can gain access to all the Virtual machines hosted in this physical server. This layer should be hardened, patched, have an updated antivirus, Monitored all the time.
Virtualization Security Risks The Lack of Visibility and Controls on Internal Virtual Networks Created for VM-to-VM Communications Blinds Existing Security Policy Enforcement Mechanisms The Switches connecting the virtual machines between the same physical servers is a software switch and suffer from the lake of manageability. Also the traditional IPS and IDS cannot monitor this internal Traffic. This lead to make this part of network to be hidden. and of course any attack could happened in this part . the solution for this risk could be in placing a virtual firewall and IPS in every Virtual machine. It cause a management overhead and expensive but the other one is to redirect all the traffic from each Virtual machine to the external network which contains the IPS to inspect and then move it back to the other virtual machine in the same physical server .
Virtualization Security Risks Virtual machines of Different Trust Levels Are Consolidated onto a Single Physical Server without Sufficient Separation. The famous security model is that we consolidate the servers with the same Trust level in one zone and apply the prober security policy on it . In virtualization we have a problem, virtual machines can move from one physical server to another depending upon the performance and resource utilization . Now we don't have barriers. At least separate the virtual environment as we use in the normal one . Make some physical servers for each zone you have .
Virtualization Security Risks Lack of Access Control on the hypervisor layer. To access the hypervisor layer gives you the all access to everything in this layer. Network, security countermeasures , virtual machines etc .. So you need to secure this access, try to find a suitable package for access control, ensure suitable password policy . try to stop insecure access means such as remote login.

More Related Content

PPTX
Vulnerability assessment and penetration testing
byAbu Sadat Mohammed Yasin
 
PPTX
Cloud computing and Cloud security fundamentals
byViresh Suri
 
PPTX
Denial of service
bygarishma bhatia
 
PPTX
Burp suite
bySOURABH DESHMUKH
 
PPTX
Security & protection in operating system
byAbou Bakr Ashraf
 
PPTX
Password cracking and brute force
byvishalgohel12195
 
PPTX
Intrusion detection and prevention system
byNikhil Raj
 
PPTX
DNS spoofing/poisoning Attack
byFatima Qayyum
 
Vulnerability assessment and penetration testing
byAbu Sadat Mohammed Yasin
 
Cloud computing and Cloud security fundamentals
byViresh Suri
 
Denial of service
bygarishma bhatia
 
Burp suite
bySOURABH DESHMUKH
 
Security & protection in operating system
byAbou Bakr Ashraf
 
Password cracking and brute force
byvishalgohel12195
 
Intrusion detection and prevention system
byNikhil Raj
 
DNS spoofing/poisoning Attack
byFatima Qayyum
 

What's hot

PDF
Network Security Fundamentals
byRahmat Suhatman
 
PPTX
OWASP Top 10 2021 What's New
byMichael Furman
 
PPT
DDoS Attack PPT by Nitin Bisht
byNitin Bisht
 
ODP
Https presentation
bypatel jatin
 
PPTX
DDoS - Distributed Denial of Service
byEr. Shiva K. Shrestha
 
PPTX
Cloud security
byNiharika Varshney
 
PPTX
Xss ppt
bypenetration Tester
 
PPTX
Firewall DMZ Zone
byNetProtocol Xpert
 
PPTX
Understanding Cross-site Request Forgery
byDaniel Miessler
 
PPTX
system Security
byGaurav Mishra
 
PPTX
Web security
byPadam Banthia
 
PDF
Email security presentation
bySubhradeepMaji
 
PPTX
Web Security Attacks
bySajid Hasan
 
PPT
Software security
byRoman Oliynykov
 
PPTX
Hash Function
bySiddharth Srivastava
 
PPTX
Operating System Security
byRamesh Upadhaya
 
PPTX
Firewall
byNilkanth Shingala
 
PPT
Software Security (Vulnerabilities) And Physical Security
byNicholas Davis
 
PDF
OPERATING SYSTEM SECURITY
byRohitK71
 
PPT
Issues in cloud computing
byronak patel
 
Network Security Fundamentals
byRahmat Suhatman
 
OWASP Top 10 2021 What's New
byMichael Furman
 
DDoS Attack PPT by Nitin Bisht
byNitin Bisht
 
Https presentation
bypatel jatin
 
DDoS - Distributed Denial of Service
byEr. Shiva K. Shrestha
 
Cloud security
byNiharika Varshney
 
Xss ppt
bypenetration Tester
 
Firewall DMZ Zone
byNetProtocol Xpert
 
Understanding Cross-site Request Forgery
byDaniel Miessler
 
system Security
byGaurav Mishra
 
Web security
byPadam Banthia
 
Email security presentation
bySubhradeepMaji
 
Web Security Attacks
bySajid Hasan
 
Software security
byRoman Oliynykov
 
Hash Function
bySiddharth Srivastava
 
Operating System Security
byRamesh Upadhaya
 
Firewall
byNilkanth Shingala
 
Software Security (Vulnerabilities) And Physical Security
byNicholas Davis
 
OPERATING SYSTEM SECURITY
byRohitK71
 
Issues in cloud computing
byronak patel
 

Similar to Virtualization security

PPTX
Virtualization security threats in cloud computing
byNitish Awasthi (anitish_225)
 
PDF
Virtualization presentation
byMangesh Gunjal
 
PPTX
b61770b4-f2b7-4c8c-89d4-6945a6685797.pptx
byTaimurAli48
 
PDF
Security challenges for adoption of virtualization for effective e governance
byAdam Bert Lacay
 
PPTX
Virtualization: Security and IT Audit Perspectives
byJason Chan
 
PPTX
virtukdjkdjajdajkjdacdjdjdjcjdcjkdjc.pptx
byaravym456
 
PDF
WHITE PAPER: Threats to Virtual Environments - Symantec Security Response Team
bySymantec
 
PDF
Risk Analysis and Mitigation in Virtualized Environments
bySiddharth Coontoor
 
PPTX
VMware Technical Overview (2012)
bySteven Aiello
 
PPT
040711 webcast securing vmachine
byErin Banks
 
PDF
PCI DSS & Virtualization
byTobyRobinson13
 
PPT
Virutalization and the Future of Datacenter Security
byguestb09e16
 
PPTX
Campus jueves
bycampus party
 
PDF
Securing virtualization in real world environments
byArun Gopinath
 
PDF
Stu w22 a
bySelectedPresentations
 
PDF
2_24551_Virtualization_SC_0113
byJim Romeo
 
PPTX
Virtualization & Security
bymorisson
 
PDF
Virtualization Security Risks
byTommy Tracx Xaypanya
 
PDF
Vmworld 2005-sln241
byIben Rodriguez
 
PDF
CIPFA Presentation - Security in a Virtualised Environment
byChris Kenny
 
Virtualization security threats in cloud computing
byNitish Awasthi (anitish_225)
 
Virtualization presentation
byMangesh Gunjal
 
b61770b4-f2b7-4c8c-89d4-6945a6685797.pptx
byTaimurAli48
 
Security challenges for adoption of virtualization for effective e governance
byAdam Bert Lacay
 
Virtualization: Security and IT Audit Perspectives
byJason Chan
 
virtukdjkdjajdajkjdacdjdjdjcjdcjkdjc.pptx
byaravym456
 
WHITE PAPER: Threats to Virtual Environments - Symantec Security Response Team
bySymantec
 
Risk Analysis and Mitigation in Virtualized Environments
bySiddharth Coontoor
 
VMware Technical Overview (2012)
bySteven Aiello
 
040711 webcast securing vmachine
byErin Banks
 
PCI DSS & Virtualization
byTobyRobinson13
 
Virutalization and the Future of Datacenter Security
byguestb09e16
 
Campus jueves
bycampus party
 
Securing virtualization in real world environments
byArun Gopinath
 
Stu w22 a
bySelectedPresentations
 
2_24551_Virtualization_SC_0113
byJim Romeo
 
Virtualization & Security
bymorisson
 
Virtualization Security Risks
byTommy Tracx Xaypanya
 
Vmworld 2005-sln241
byIben Rodriguez
 
CIPFA Presentation - Security in a Virtualised Environment
byChris Kenny
 

Recently uploaded

PPTX
Design Flaws and Known Attacks in Agentic AI - ITI Business Session
byInformation Technology Institute
 
PDF
Chapter 2 Computer Threat .pdf
byGetnet Tigabie Askale -(GM)
 
PDF
January Patch Tuesday
byIvanti
 
PDF
Are AI Hallucinations Getting Better or Worse? We Analyzed the Data.
byScott M. Graffius
 
PPTX
The Abomination of AI – keynote at ICoSCI 2026
byAlan Dix
 
PDF
A "Kill Switch" (Emergency Off Switch) for AI?
byScott M. Graffius
 
PPTX
AI_in_Cybersecurity_Insights_Case_Studies.pptx
bywrksmith9
 
PDF
Louisville User Group: Transforming Technical Debt into Technical Wealth
byLynda Kane
 
PPTX
Lecture 04. about Black heads and Hackerss.pptx
byvinocol222
 
PPTX
Full course that Prymehat uploads for you
byOhenebaManu1
 
PDF
Top 10 Dedicated Server Providers in Stockholm (Updated Edition).pdf
byAtal Networks
 
PPTX
Oracle SCM Cloud Solutions for Smart Supply Chain Management
byChetu
 
PDF
Top 5 Best Dedicated Server Providers in Los Angeles (Updated Edition)
byAtal Networks
 
PDF
Hart, Inc. M&A Data Transition Checklist
byHart, Inc.
 
PDF
Purple Team - Active Directory and AzureAD v1
byVICTOR MAESTRE RAMIREZ
 
PPTX
On-Device AI with Gemma 3n and PaliGemma 2 Session Slides - GDG VESIT
bygdgcodecellcmpn
 
PPTX
Grade 8 LESSON 7 - VIDEO EDITING lessonb
byclarizzairahmanansal
 
PPTX
Basics-of-Electronics-and-Core-Components-of-IoT-Systems.pptx
byMuhammedNihal54
 
PPTX
Flutter & Firebase Session Slides - GDG VESIT
bygdgcodecellcmpn
 
PPTX
Why GEO Is the Next Big Shift in Content Marketing.pptx
bySambitParhi2
 
Design Flaws and Known Attacks in Agentic AI - ITI Business Session
byInformation Technology Institute
 
Chapter 2 Computer Threat .pdf
byGetnet Tigabie Askale -(GM)
 
January Patch Tuesday
byIvanti
 
Are AI Hallucinations Getting Better or Worse? We Analyzed the Data.
byScott M. Graffius
 
The Abomination of AI – keynote at ICoSCI 2026
byAlan Dix
 
A "Kill Switch" (Emergency Off Switch) for AI?
byScott M. Graffius
 
AI_in_Cybersecurity_Insights_Case_Studies.pptx
bywrksmith9
 
Louisville User Group: Transforming Technical Debt into Technical Wealth
byLynda Kane
 
Lecture 04. about Black heads and Hackerss.pptx
byvinocol222
 
Full course that Prymehat uploads for you
byOhenebaManu1
 
Top 10 Dedicated Server Providers in Stockholm (Updated Edition).pdf
byAtal Networks
 
Oracle SCM Cloud Solutions for Smart Supply Chain Management
byChetu
 
Top 5 Best Dedicated Server Providers in Los Angeles (Updated Edition)
byAtal Networks
 
Hart, Inc. M&A Data Transition Checklist
byHart, Inc.
 
Purple Team - Active Directory and AzureAD v1
byVICTOR MAESTRE RAMIREZ
 
On-Device AI with Gemma 3n and PaliGemma 2 Session Slides - GDG VESIT
bygdgcodecellcmpn
 
Grade 8 LESSON 7 - VIDEO EDITING lessonb
byclarizzairahmanansal
 
Basics-of-Electronics-and-Core-Components-of-IoT-Systems.pptx
byMuhammedNihal54
 
Flutter & Firebase Session Slides - GDG VESIT
bygdgcodecellcmpn
 
Why GEO Is the Next Big Shift in Content Marketing.pptx
bySambitParhi2
 

Virtualization security

  • 1.
  • 2.
    What is Servervirtualization? Is an architecture that allows you to run multiple operating system simultaneously on a single computer. Each copy of an operating system is installed on its own virtual machine
  • 3.
    Host Operating system-based virtualization(OS virtualization) In this type the software is installed and runs as an application running on the top of a Host Operating system (Windows – Linux) examples of this type (VMware Workstation).
  • 4.
    Bare-metal Hypervisor In thismodel the virtualization layer is installed directly on a clean x86- based system . Because it has a direct access to the hardware resources, rather than going through the operating system , a hypervisor (or also called virtual machine manager (VMM)) is more efficient than a hosted architecture and delivers grater scalability , robustness and performance Fig 1.3 . In most cases we use Type two : Bare-metal Hypervisor , in which we deploy the Hypervisor in some physical machines allow us to build or environment
  • 5.
    Why Virtualization ? •Server consolidation and Improve Server Hardware Utilization.
  • 6.
    Why Virtualization ? •Reduce the Power Consumption and Cooling in Data Centers (Green-IT)
  • 7.
  • 8.
    Virtualization Security Risks InformationSecurity Isn't Initially Involved in the Virtualization Projects Many Migration projects done without the involving the security teams in the organizations because of many aspects . one of it that the virtualization is only a consolidation of the existing physical servers to new virtual ones the whole story that I need more space in the Data center , why I should evolve the security team ? The answer is WRONG, security team must be evolved because of this team always responsible for the securing every point in the data center from the design phase till the implementation and operation.
  • 9.
    Virtualization Security Risks ACompromise of the Virtualization Layer (VMM or Hypervisor ) Could Result in the Compromise of All Hosted Virtual machines . As you can see in the common for all the hosted virtual machines is the hypervisor , don’t forget that this is a piece of software , written by human . it could have problems in the code , it could have vulnerabilities, it could be affected with viruses or worms etc. .. This layer must be secure. In fact this layer is the most dangerous layer in the architecture, if an attacker can gain access to this layer so easily he can gain access to all the Virtual machines hosted in this physical server. This layer should be hardened, patched, have an updated antivirus, Monitored all the time.
  • 10.
    Virtualization Security Risks TheLack of Visibility and Controls on Internal Virtual Networks Created for VM-to-VM Communications Blinds Existing Security Policy Enforcement Mechanisms The Switches connecting the virtual machines between the same physical servers is a software switch and suffer from the lake of manageability. Also the traditional IPS and IDS cannot monitor this internal Traffic. This lead to make this part of network to be hidden. and of course any attack could happened in this part . the solution for this risk could be in placing a virtual firewall and IPS in every Virtual machine. It cause a management overhead and expensive but the other one is to redirect all the traffic from each Virtual machine to the external network which contains the IPS to inspect and then move it back to the other virtual machine in the same physical server .
  • 11.
    Virtualization Security Risks Virtualmachines of Different Trust Levels Are Consolidated onto a Single Physical Server without Sufficient Separation. The famous security model is that we consolidate the servers with the same Trust level in one zone and apply the prober security policy on it . In virtualization we have a problem, virtual machines can move from one physical server to another depending upon the performance and resource utilization . Now we don't have barriers. At least separate the virtual environment as we use in the normal one . Make some physical servers for each zone you have .
  • 12.
    Virtualization Security Risks Lackof Access Control on the hypervisor layer. To access the hypervisor layer gives you the all access to everything in this layer. Network, security countermeasures , virtual machines etc .. So you need to secure this access, try to find a suitable package for access control, ensure suitable password policy . try to stop insecure access means such as remote login.