BROADCASTS.com

b"

hello everyone my name is vijay kumar Devireddy and i am glad to have you back on my episode 35 today we are discussing about While virtualization brings with it a lot of capability to add separations inside of our servers and bring in some additional security,there are some unique vulnerabilities that can be exploited by attackerswhen it comes to virtualization.These include VM escape, data remnants,privilege elevation and live VM migration.Virtual machines are segmented and separated by default so if an attacker is able to exploit the operating system being run inside one virtual machine,it doesn't necessarily mean that they can get into the other virtual machines being hosted by the same physical server.Virtual machine escape, or VM escape,occurs when an attacker is able to break out of one of these normally isolated virtual machines and they can begin to interact directly with the underlying hypervisor.From this position, the attacker could migrate themselves out, and into another virtual machine being hosted on the same physical server.Now VM escape techniques are extremely difficult to conduct.They rely on exploiting the physical resources that are shared between the VMs.But it is still a vulnerability you need to be aware of.To mitigate this vulnerability,virtual servers should be hosted on the same physical server as other virtual machines in the same network or network segment based on its classification. One of the main benefits of using virtualized servers within a cloud-based environment is their ability to rapidly scale up and scale down.This is known as elasticity.While operationally, this is a wonderful thing,it does lead to a vulnerability that has to be addressed and this is called data remnants.When a server is scaled up, a new virtual instance is created on a physical server.This instance takes up some hard drive space for all those files that represent the virtual hard disk and the configurations. When this is no longer needed because the load has decreased the virtual machine can be deprovisioned,which means it's shut down and the files are deleted.When this occurs, the confidential files from that virtual machine are left on the physical server.This is known as a data remnant.These data remnants could be recovered by an attacker,and therefore it could breach the confidentiality of that data.For this reason, cloud infrastructures that rely upon virtualization can introduce a data remnant vulnerability to your company,since the physical servers are not controlled by your organization.Privilege elevation occurs when a user is able to grant themselves the ability to run functions as a higher-level user, such as the root or the administrator.While this can be bad on a single server,it can be catastrophic on a physical server if the attacker is able to perform this on the hypervisor itself.A few years ago VMwear had a flaw on their hypervisor and this allowed a user to escalate privileges into any of the guest operating systems hosted by that hypervisor.To prevent this, it's important to remain current on your hot fixes and your service packs for your virtualization software.Another vulnerability to consider is one associated with live migration of virtual machines.When a virtual machine needs to move from one physical host to another,this is called a live migration.If an attacker can gain a foothold into your network and place themselves between these two physical machines they can implement a form of a man in the middle attack where they can capture the data being sent between the two physical servers.If this data has not been encrypted,this can allow the attacker to breach the confidentiality of the servers being hosted as virtual machines when they're transmitted over the network.Finally, when we're specifically relying upon application containerization as our virtualization method it's important to realize that the containers are all sharing a single common operating system.