Virtualization for Security

Author: John Hoopes
Pages: 384
Publisher: Syngress
ISBN: 1597493058

Introduction

Virtualization is among the hottest topics in the IT world today. While the term itself can mean many different things in IT, most of the time it actually refers to so-called hardware virtualization, which allows the execution of software in an environment separated from the underlying hardware resources. Therefore, it allows the separation of the environment for one application from the environment for another – even if they run on same physical computer.

This is a great benefit for domain of security, since the exploitation of a security hole in one application will not cause the compromise of any other. However, this is only the beginning.

About the author

John Hoopes, Senior Consultant for Verisign, is a graduate of the University of Utah. John’s professional background includes an operational/support role on many diverse platforms, including IBM AS/400, IBM Mainframe (OS/390 and Z-Series), AIX, Solaris, Windows, and Linux. His security expertise focuses on application testing with an emphasis in reverse engineering and protocol analysis.

Inside the book

Thanks to VMWare, Citrix (Xen), Red Hat (KVM) and Oracle (VirtualBox), virtualization is nowadays common both on servers and desktops. It’s not uncommon to see even average users using the freeware VMWare Player or VirtualBox to run Linux on Windows, or vice versa.

Every chapter begins with a list of solutions described in it, and ends with a summary, a solutions fast track and a FAQ section. While the summary repeats the main ideas included in the chapter without going into many details, the solutions fast track provides a kind of “lecture notes”- or “main points”-style material on the main topics in the chapter.

Asides from the Notes that pop up every so often, there are a couple of blocks of text named “Tools & Traps” and “Designing & Implementing” in every chapter, which provide tips and tricks, describe software or talk about some topics outside the main line of thought.

The first chapter provides a rather detailed introduction on virtualization, mentioning what, why and how it works, and lays down the framework for later chapters to build on. The chapter ends with the description of the common use cases for virtualization, perfect for readers who are looking into implementing it. Chapter 2 continues in the same vein by presenting the available solutions, helping the reader to choose the right one.

The remaining chapters talk about the various security applications made possible by virtualization. Sandboxing is used for testing applications that come from an untrusted source; this book describes Sunbelt’s CWSandbox solution.

The author provides a guidance for configuring virtual machines, mostly their network and storage configuration. Honeypotting is an interesting idea: you provide the potential attackers with a clone of the machine similar to the one you use in production, with lowered security measures to see how is it going to be attacked and what data the attackers are interested in – and you learn how to do it.

Moving on, Hoopes deals with malware analysis and application testing. Fuzzing involves providing semi-random data to an application and recording how it behaves. Studies have shown that such random data can crash many applications, and virtualization can help in testing them in an isolated environment.

The next chapter describes how virtualization helped in simplifying forensic analysis, which involves working with disc images. Back in the day, hard drive clones had to be physical and it took a while to make them, but today virtual images can be used instead. Chapter 10 describes recovery from “disasters”, focusing on restoring backups and talking briefly about recovering from hardware failures.

After that, there is a chapter on another hot topic: high availability. It starts with the differences in case of planned and unplanned downtime, and continues with instructions on how to configure and maintain high availability.

It mentions the important “split brain problem”, where each hosts continues to provide services since it believes the other one doesn’t work because (for example) the cable between them failed. Next, there is a chapter on how to run an installation of an operating system both natively and virtually, a chapter on untrusted environments, explaining both how to use virtual machines for software you don’t trust and for users you don’t trust.

The book ends with a training chapter which describes how to use virtualization to increase productivity in class.