Virtualization overview (1)

Virtualization Overview on Incident Response and Handling

Despite being an idea that was born fifty years ago, virtualization has advanced and may satisfy complex applications currently being developed. half all servers run on Virtual Machines (VMs), and therefore the IDC predicts that on the brink of 70% of entire computer workloads will run on VMs by 2024. As virtualization components increase and therefore the virtualized environment expands, the most concern becomes the way to maintain safe levels of security and integrity of the system. Below may be a brief check out a number of the differences, issues, challenges, and risks caused by virtualization. This paper also provides some recommendations to make sure that the network is secure to the specified degree.

Security benefits due to virtualization    

Introduction of virtualization to the environment will cause the subsequent security benefits:

  • For a properly configured network, it’s possible to share systems without necessarily having to share vital data or information across the systems. This flexibility provided by a virtual environment is one among its core security benefits.
  • Virtualized environments use a centralized storage system which prevents the loss of critical data just in case of a stolen device or when the system is maliciously compromised.
  • VMs and applications are often properly isolated to attenuate the probabilities of multiple attacks just in case of exposure to a threat.
  • Virtualization improves physical security by reducing the amount of hardware in an environment. Reduced hardware during a virtualized environment implies fewer data centers.
  • Server virtualization allows servers to return to revert to their default state just in case of an intrusion. This enhances incident handling since the occurrence of an occasion are often monitored right from before the attack and through an attack.
  • Hypervisor software is straightforward and comparatively small in size. Therefore, there’s a smaller attack surface on the hypervisor itself. The smaller the attack surface, the smaller the potential for vulnerabilities.
  • Network and system administrations have a better level of access control. this will improve the efficiency of the system by separating duties. as an example , someone could also be assigned to regulate VMs within the sides of the network while somebody else could also be assigned to affect VMs within the DMZ. The system are often further integrated such individual administrators specifically affect Linux servers while others affect the Windows servers.

Also Read : Five Step of Incident Response

Security challenges and risks

  • We can now proceed to a number of the challenges, risks, and other relevant issues that influence virtualization.

Sharing of files between Hosts and Guests     

  • A compromised guest can remotely access a number file, modify, and/or make changes when a file-sharing is employed . The malicious guest may modify directories wont to transfer files.
  • When API is employed for programming or when clipboard sharing is employed by guests and hosts to share files, there are higher chances of considerable bugs present within the area compromising the whole infrastructure.


  • VMs attached to hypervisors are affected when the ‘host’ hypervisor is additionally compromised. The default configuration of a hypervisor isn’t efficient enough to supply absolute protection against threats and attacks.
  • As much because the hypervisors are small, provide relatively smaller exposure surface areas, and virtually controls everything, they also endanger the system by providing one point of failure. An attack on one hypervisor can put the entire environment in peril .
  • Because hypervisors control almost everything, administrators can adjust and share security credentials at their will. The administrators have keys to the dominion , which makes it difficult to understand who did what.


  • Current configurations or any modification are lost when snapshots are reverted. as an example , if you modified security policy, then it implies that the platforms may now become accessible. to form it worse, audit logs also are likely to urge lost; hence no record of changes made are often traced. Without of these , it are often challenging to satisfy the expected compliance requirements.
  • Just like physical hard drives, snapshots, and pictures to contain PII (Personally Identifiable Information) and passwords. New photos or snapshots could also be a cause for concern, and any previously stored snapshots that had undetected malware are often loaded at a later date to cause havoc.

Network storage          

  • iSCSI and Fibre Channel are vulnerable to man-in-the-middle attacks since they’re clear text protocols. Attackers also can use sniffing tools to watch or track storage traffic, which they will use within the future at their convenience.

Administrator access and separation of duties  

In a perfect physical network, network administrators exclusively handle network management while server admins affect the management of servers. Security personnel features a role that involves both the 2 admins. during a virtualized environment, however, network and server management can both be delegated from an equivalent management platform. This provides a completely unique challenge for the separation of duties which will effectively work. In most cases, virtualization systems grant full access to all or any virtual infrastructure activities. This normally happens when the system is hacked and yet the default settings were never changed.

  • Time Synchronization              

A combination of VM clock drift and other normal clock drifts can make tasks to run early or late. This makes the logs to lose any elements of accuracy in them. With inaccurate tracking, there’ll be insufficient data just in case the necessity for forensic investigation arises in future

  • Partitions                     

For multiple VMs running on an equivalent host, they’re isolated such they can’t be used interchangeably to attack other VMs. Despite the degree of isolation, the partitions share an array of resources like CPU, memory, and bandwidth. Therefore, if a partition consumes a particularly high amount of 1 , both or all of the resources thanks to a threat, say the virus, then other partitions may likely experience a denial of service attack.

  • VLANs                        

For VLANs to be used, it requires that VM traffic has got to be routed from the host to a firewall. the method may cause latency or complex networking which will lower the performance of the whole network.

Communication between various VMs isn’t secured and can’t be inspected on a VLAN. And if the VMS is on an equivalent VLAN, then malware spreads sort of a wild bush fire and therefore the spread from one VM to a different can’t be stopped.

Virtualization common attacks       

Below are a number of the three common attacks known with virtualization:

Denial of Service Attack (DoS)

In case of a successful denial of service attack here, hypervisors are likely to be completely pack up and a backdoor created by the black hats to access the system at their will.

Host Traffic Interception         

Loopholes or weakness points present within the hypervisor can leave tracking of files, paging, system calls, monitoring memory and tracking disk activities.

VM Jumping               

If a security vulnerability like a hole exists during a supervisor, a user can almost seamlessly skip from one VM to the opposite . Unauthorized users from a special VM can then manipulate or steal valuable information.

Traditional Security Approaches to Virtualization

Most of the present security challenges encountered in virtualization are often partly addressed by applying existing technology, people and process. the most set back is their incapability to guard the virtual fabric composed of virtual switches, hypervisors and management systems. Below may be a check out a number of the normal approaches wont to provide security to virtualization and a few of their shortcomings.


Some security personnel imposes traffic between the quality system firewalls and VMS to watch log traffics and send feedback back to VMs. Virtualization being a replacement technology, firewalls don’t provide a well-tailored infrastructure to accommodate security-related issues. Firewalls came way earlier before virtualization was incorporated and adopted within data centers and enterprises. The pre-installed management systems cannot, therefore, handle current security threats to virtualization as they appear complex for the system. Such setbacks can cause deployment of manual administrations which comes along side errors thanks to human factors.

2.Reducing the amount of VMs assigned to physical NICs/per Host  

this method reduces the amount of VMs to be placed on a number also as assigns a physical NIC to each VM. this is often one among the foremost efficient means to secure the firm though it doesn’t allow the organization to enjoy ROI associated with virtualization and other cost benefits.

3.Detection of Network-Based Intrusions           

When there’s multiple VMs residing on a number , the devices don’t work well. this is often mainly because the IPS/IDS systems cannot efficiently monitor the network traffic between the VMs. Data cannot even be accessed when the appliance is moved.


VLANs are extensively used for booth environments with an honest degree of virtualization and people with none sort of virtualization. because the number of VLANs expands, it gets harder to counter manage the resulting complexities associated with access control lists. Consequently, it also becomes difficult to manage compatibility between the virtualized and non-virtualized aspects of the environment.


The use of an agent-based anti-virus approach entails mapping an entire copy of anti-virus software on each VM. it’s a secure method but would require an outsized amount of monetary input to load copies of anti-virus across the whole VMs within the environment. The software is large and thus increases hardware utilization. As a result, it causes negative impacts on memory, CPU, storage, and a decrease in performance.

A larger percentage of firms still believe traditional mechanisms for his or her network security despite the above-mentioned drawbacks. Virtualized environments are highly dynamic and rapid change with the advancements in technology and IT infrastructure. to urge the simplest protection for such hit or miss environment, its recommendable to use the great aspects of the present security approach additionally to the below-listed recommendations for a virtualized environment.

Topic Related Questions

  1. What are the 3 types of virtualization?
  2. Does virtual machine use RAM?
  3. What allows server virtualization to provide high availability for all virtual machines?
  4. What is the role of hypervisor in virtualization?

Top Incident Handling Knowledge

This Blog Article is posted by

Infosavvy, 2nd Floor, Sai Niketan, Chandavalkar Road Opp. Gora Gandhi Hotel, Above Jumbo King, beside Speakwell Institute, Borivali West, Mumbai, Maharashtra 400092

Contact us –

Leave a Comment