Go Back   AnandTech Forums > Software > Security

Forums
· Hardware and Technology
· CPUs and Overclocking
· Motherboards
· Video Cards and Graphics
· Memory and Storage
· Power Supplies
· Cases & Cooling
· SFF, Notebooks, Pre-Built/Barebones PCs
· Networking
· Peripherals
· General Hardware
· Highly Technical
· Computer Help
· Home Theater PCs
· Consumer Electronics
· Digital and Video Cameras
· Mobile Devices & Gadgets
· Audio/Video & Home Theater
· Software
· Software for Windows
· All Things Apple
· *nix Software
· Operating Systems
· Programming
· PC Gaming
· Console Gaming
· Distributed Computing
· Security
· Social
· Off Topic
· Politics and News
· Discussion Club
· Love and Relationships
· The Garage
· Health and Fitness
· Merchandise and Shopping
· For Sale/Trade
· Hot Deals with Free Stuff/Contests
· Black Friday 2014
· Forum Issues
· Technical Forum Issues
· Personal Forum Issues
· Suggestion Box
· Moderator Resources
· Moderator Discussions
   

Reply
 
Thread Tools
Old 11-06-2012, 02:56 PM   #1
Danimal1209
Senior Member
 
Join Date: Nov 2011
Posts: 346
Default How secure are virtual machines?

Doing a report for class on the security of virtual machines.

What are your opinions on this topic?

Any good links to articles?

Would you feel anymore secure with vital information on a virtual machine as opposed to a physical machine?

Any other comments?
Danimal1209 is offline   Reply With Quote
Old 11-06-2012, 04:49 PM   #2
Chiefcrowe
Diamond Member
 
Chiefcrowe's Avatar
 
Join Date: Sep 2008
Posts: 3,655
Default

I think they are about as secure as normal machines.

then again today i saw this:
https://threatpost.com/en_us/blogs/s...achines-110512
Chiefcrowe is offline   Reply With Quote
Old 11-06-2012, 05:06 PM   #3
ketchup79
Diamond Member
 
ketchup79's Avatar
 
Join Date: Sep 2002
Location: South Carolina
Posts: 7,279
Default

I just looked (Google) and there are plenty of good articles out there for your report.

I would suggest you know how a virtual machine works, if you don't already. Realistically, a virtual machine is no less/more secure over the internet than a traditional computer running the same software.

The nice thing about them is that they are incredibly easy to copy/back up. So with a good backup (on a flash drive, for example) you only need maybe 5 minutes to get rid of an infected machine and replace it with a healthy one.
__________________
Intel i7-4790k | Asus Sabertooth Z97 Mark 1 | 16 GB DDR3 | Gigabyte GTX 660 | Antec EA-650 BRONZE | Crucial MX100 256 GB | CM Storm Series Trooper | CM Hyper 212 EVO
ketchup79 is offline   Reply With Quote
Old 11-06-2012, 11:10 PM   #4
mechBgon
Super Moderator
Elite Member
 
mechBgon's Avatar
 
Join Date: Oct 1999
Posts: 30,699
Default

I was reading up on Microsoft EMET and they noted that it won't have the same security benefits in a VM because of a lack of hardware Data Exectution Prevention support in a VM, as opposed to a physical machine. So for example, if you have Win7 Pro and install the WinXP Mode virtual machine, your virtualized WinXP is significantly less securable than a physical WinXP would be.

This had an impact on my decision-making processes recently. I need to set up a system for a specific public-usage role at work. I thought "hey, why not throw Win7 onto a VM and then I can have it revert to my locked-down image every day." But if the VM doesn't support DEP, that's not good for security. Plus I'd need to update the VM's OS and re-save it periodically anyway. In the end, I went with Win8 Pro with a combination of Software Restriction Policy, Family Safety (fka Parental Controls), custom Group Policy courtesy of Microsoft Security Compliance Manager, and a Mandatory User Profile that reverts the user's profile at every logon.

And Stardock Start8 for everyone's sanity
mechBgon is offline   Reply With Quote
Old 11-07-2012, 05:32 AM   #5
ketchup79
Diamond Member
 
ketchup79's Avatar
 
Join Date: Sep 2002
Location: South Carolina
Posts: 7,279
Default

NM
__________________
Intel i7-4790k | Asus Sabertooth Z97 Mark 1 | 16 GB DDR3 | Gigabyte GTX 660 | Antec EA-650 BRONZE | Crucial MX100 256 GB | CM Storm Series Trooper | CM Hyper 212 EVO
ketchup79 is offline   Reply With Quote
Old 11-07-2012, 05:39 AM   #6
ketchup79
Diamond Member
 
ketchup79's Avatar
 
Join Date: Sep 2002
Location: South Carolina
Posts: 7,279
Default

That's interesting, as VMs are all the rage now. So I guess many people think it's worth it to throw in extra security measures to combat this issue, rather than to give up on the VM idea.
__________________
Intel i7-4790k | Asus Sabertooth Z97 Mark 1 | 16 GB DDR3 | Gigabyte GTX 660 | Antec EA-650 BRONZE | Crucial MX100 256 GB | CM Storm Series Trooper | CM Hyper 212 EVO
ketchup79 is offline   Reply With Quote
Old 11-07-2012, 07:22 AM   #7
sourceninja
Diamond Member
 
sourceninja's Avatar
 
Join Date: Mar 2005
Posts: 7,964
Default

VM's are about better cost efficiency and reliability over physical machines. Yes, you do give up some security (possible exploits in the underline hypervisor), but overall I think it's worth it.

Also I could be wrong, but as far as I can tell DEP is enabled and functioning in my vsphere 5.1 environment. In fact, I can find vmware documents stating they support the NX features of intel processors. So maybe it's just hyperV that doesn't support DEP?

In fact, a quick check just showed that DEP support works in vmware fusion as well.
sourceninja is offline   Reply With Quote
Old 11-07-2012, 10:16 AM   #8
SagaLore
Elite Member
 
SagaLore's Avatar
 
Join Date: Dec 2001
Posts: 23,793
Default

The question is too generic.

Virtual machines are as secure as you make them, just as non-virtual machines are as secure as you make them.

With virtual machines there just happen to be more layers that need attention. You need lock down the vm server itself, as well as the vm guest. You also need to properly configure the vm management software. One inherent security weakness is the virtual switch - as more guests are added on the same server, the more intra-guest traffic there may be. If you want to monitor that traffic with an ids it needs to support promiscuous sniffing of the vswitch. Otherwise use ossec on all the guests and the server.
SagaLore is offline   Reply With Quote
Old 11-07-2012, 10:35 AM   #9
ketchup79
Diamond Member
 
ketchup79's Avatar
 
Join Date: Sep 2002
Location: South Carolina
Posts: 7,279
Default

Quote:
Originally Posted by SagaLore View Post
The question is too generic.
Depends on the class. An English class, for example, would only require a broad overview report.
__________________
Intel i7-4790k | Asus Sabertooth Z97 Mark 1 | 16 GB DDR3 | Gigabyte GTX 660 | Antec EA-650 BRONZE | Crucial MX100 256 GB | CM Storm Series Trooper | CM Hyper 212 EVO
ketchup79 is offline   Reply With Quote
Old 11-07-2012, 02:13 PM   #10
Danimal1209
Senior Member
 
Join Date: Nov 2011
Posts: 346
Default

Well, I'm just doing a general report for my host based security class. From what I have researched, the hypervisor seems to be the biggest security problem with VM's. Otherwise, securing the VM's is just more complex that a physical machine.

I just wanted to hear any opinions on the topic to get my mind thinking while doing my research.
Danimal1209 is offline   Reply With Quote
Old 11-07-2012, 02:37 PM   #11
SagaLore
Elite Member
 
SagaLore's Avatar
 
Join Date: Dec 2001
Posts: 23,793
Default

Quote:
Originally Posted by Danimal1209 View Post
Well, I'm just doing a general report for my host based security class. From what I have researched, the hypervisor seems to be the biggest security problem with VM's. Otherwise, securing the VM's is just more complex that a physical machine.

I just wanted to hear any opinions on the topic to get my mind thinking while doing my research.
Okay. Well to start with, search for articles about the guest breaking out of its environment and into its host. You have all the traditional security issues to deal with on both server and guest operating systems, then you have the extra layer between that is vulnerable. Then you have the utilities needed to manage all that, which may have its own inherent vulnerabilities.

So security disadvantage of vm's is the extra layers to worry about.

Security advantage of vm's is you can snapshot the system, increase scalability by better using resources of physical hardware, have better DR options, etc.
SagaLore is offline   Reply With Quote
Old 11-08-2012, 02:20 PM   #12
imagoon
Diamond Member
 
imagoon's Avatar
 
Join Date: Feb 2003
Location: Chicagoland, IL
Posts: 4,787
Default

Quote:
Originally Posted by sourceninja View Post
VM's are about better cost efficiency and reliability over physical machines. Yes, you do give up some security (possible exploits in the underline hypervisor), but overall I think it's worth it.

Also I could be wrong, but as far as I can tell DEP is enabled and functioning in my vsphere 5.1 environment. In fact, I can find vmware documents stating they support the NX features of intel processors. So maybe it's just hyperV that doesn't support DEP?

In fact, a quick check just showed that DEP support works in vmware fusion as well.
I can verify my ESXi 5.0 VMs and the ones in VMWare Workstation 8. All have DEP running on them.
imagoon is offline   Reply With Quote
Old 11-19-2012, 08:11 AM   #13
HaukSwe
Member
 
Join Date: Jul 2010
Posts: 77
Default

Can a VM put the host system at risk, say be used to pivot towards the OS running them?
HaukSwe is offline   Reply With Quote
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -5. The time now is 02:05 AM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.