How secure are virtual machines?

[Danimal1209]

Doing a report for class on the security of virtual machines.

What are your opinions on this topic?

Any good links to articles?

Would you feel anymore secure with vital information on a virtual machine as opposed to a physical machine?

Any other comments?

[Chiefcrowe]

I think they are about as secure as normal machines.

then again today i saw this:
https://threatpost.com/en_us/blogs/s...achines-110512

[ketchup79]

I just looked (Google) and there are plenty of good articles out there for your report.

I would suggest you know how a virtual machine works, if you don't already. Realistically, a virtual machine is no less/more secure over the internet than a traditional computer running the same software.

The nice thing about them is that they are incredibly easy to copy/back up. So with a good backup (on a flash drive, for example) you only need maybe 5 minutes to get rid of an infected machine and replace it with a healthy one.

[mechBgon]

I was reading up on Microsoft EMET and they noted that it won't have the same security benefits in a VM because of a lack of hardware Data Exectution Prevention support in a VM, as opposed to a physical machine. So for example, if you have Win7 Pro and install the WinXP Mode virtual machine, your virtualized WinXP is significantly less securable than a physical WinXP would be.

This had an impact on my decision-making processes recently. I need to set up a system for a specific public-usage role at work. I thought "hey, why not throw Win7 onto a VM and then I can have it revert to my locked-down image every day." But if the VM doesn't support DEP, that's not good for security. Plus I'd need to update the VM's OS and re-save it periodically anyway. In the end, I went with Win8 Pro with a combination of Software Restriction Policy, Family Safety (fka Parental Controls), custom Group Policy courtesy of Microsoft Security Compliance Manager, and a Mandatory User Profile that reverts the user's profile at every logon.

And Stardock Start8 for everyone's sanity

[ketchup79]

NM

[ketchup79]

That's interesting, as VMs are all the rage now. So I guess many people think it's worth it to throw in extra security measures to combat this issue, rather than to give up on the VM idea.

[sourceninja]

VM's are about better cost efficiency and reliability over physical machines. Yes, you do give up some security (possible exploits in the underline hypervisor), but overall I think it's worth it.

Also I could be wrong, but as far as I can tell DEP is enabled and functioning in my vsphere 5.1 environment. In fact, I can find vmware documents stating they support the NX features of intel processors. So maybe it's just hyperV that doesn't support DEP?

In fact, a quick check just showed that DEP support works in vmware fusion as well.

[SagaLore]

The question is too generic.

Virtual machines are as secure as you make them, just as non-virtual machines are as secure as you make them.

With virtual machines there just happen to be more layers that need attention. You need lock down the vm server itself, as well as the vm guest. You also need to properly configure the vm management software. One inherent security weakness is the virtual switch - as more guests are added on the same server, the more intra-guest traffic there may be. If you want to monitor that traffic with an ids it needs to support promiscuous sniffing of the vswitch. Otherwise use ossec on all the guests and the server.

[ketchup79]

Quote:

Originally Posted by SagaLore

The question is too generic.

Depends on the class. An English class, for example, would only require a broad overview report.

[Danimal1209]

Well, I'm just doing a general report for my host based security class. From what I have researched, the hypervisor seems to be the biggest security problem with VM's. Otherwise, securing the VM's is just more complex that a physical machine.

I just wanted to hear any opinions on the topic to get my mind thinking while doing my research.

[SagaLore]

Quote:

Originally Posted by Danimal1209

Well, I'm just doing a general report for my host based security class. From what I have researched, the hypervisor seems to be the biggest security problem with VM's. Otherwise, securing the VM's is just more complex that a physical machine.

I just wanted to hear any opinions on the topic to get my mind thinking while doing my research.

Okay. Well to start with, search for articles about the guest breaking out of its environment and into its host. You have all the traditional security issues to deal with on both server and guest operating systems, then you have the extra layer between that is vulnerable. Then you have the utilities needed to manage all that, which may have its own inherent vulnerabilities.

So security disadvantage of vm's is the extra layers to worry about.

Security advantage of vm's is you can snapshot the system, increase scalability by better using resources of physical hardware, have better DR options, etc.

[imagoon]

Quote:

Originally Posted by sourceninja

VM's are about better cost efficiency and reliability over physical machines. Yes, you do give up some security (possible exploits in the underline hypervisor), but overall I think it's worth it.

Also I could be wrong, but as far as I can tell DEP is enabled and functioning in my vsphere 5.1 environment. In fact, I can find vmware documents stating they support the NX features of intel processors. So maybe it's just hyperV that doesn't support DEP?

In fact, a quick check just showed that DEP support works in vmware fusion as well.

I can verify my ESXi 5.0 VMs and the ones in VMWare Workstation 8. All have DEP running on them.

[HaukSwe]

Can a VM put the host system at risk, say be used to pivot towards the OS running them?