How secure are virtual machines?

Discussion in 'Security' started by Danimal1209, Nov 6, 2012.

  1. Danimal1209

    Danimal1209 Senior member

    Joined:
    Nov 9, 2011
    Messages:
    355
    Likes Received:
    0
    Doing a report for class on the security of virtual machines.

    What are your opinions on this topic?

    Any good links to articles?

    Would you feel anymore secure with vital information on a virtual machine as opposed to a physical machine?

    Any other comments?
     
  2. Chiefcrowe

    Chiefcrowe Diamond Member

    Joined:
    Sep 15, 2008
    Messages:
    4,302
    Likes Received:
    2
  3. Ketchup

    Ketchup Lifer

    Joined:
    Sep 1, 2002
    Messages:
    12,492
    Likes Received:
    1
    I just looked (Google) and there are plenty of good articles out there for your report.

    I would suggest you know how a virtual machine works, if you don't already. Realistically, a virtual machine is no less/more secure over the internet than a traditional computer running the same software.

    The nice thing about them is that they are incredibly easy to copy/back up. So with a good backup (on a flash drive, for example) you only need maybe 5 minutes to get rid of an infected machine and replace it with a healthy one.
     
  4. mechBgon

    mechBgon Super Moderator<br>Elite Member
    Super Moderator

    Joined:
    Oct 31, 1999
    Messages:
    30,699
    Likes Received:
    0
    I was reading up on Microsoft EMET and they noted that it won't have the same security benefits in a VM because of a lack of hardware Data Exectution Prevention support in a VM, as opposed to a physical machine. So for example, if you have Win7 Pro and install the WinXP Mode virtual machine, your virtualized WinXP is significantly less securable than a physical WinXP would be.

    This had an impact on my decision-making processes recently. I need to set up a system for a specific public-usage role at work. I thought "hey, why not throw Win7 onto a VM and then I can have it revert to my locked-down image every day." But if the VM doesn't support DEP, that's not good for security. Plus I'd need to update the VM's OS and re-save it periodically anyway. In the end, I went with Win8 Pro with a combination of Software Restriction Policy, Family Safety (fka Parental Controls), custom Group Policy courtesy of Microsoft Security Compliance Manager, and a Mandatory User Profile that reverts the user's profile at every logon.

    And Stardock Start8 for everyone's sanity :D
     
  5. Ketchup

    Ketchup Lifer

    Joined:
    Sep 1, 2002
    Messages:
    12,492
    Likes Received:
    1
  6. Ketchup

    Ketchup Lifer

    Joined:
    Sep 1, 2002
    Messages:
    12,492
    Likes Received:
    1
    That's interesting, as VMs are all the rage now. So I guess many people think it's worth it to throw in extra security measures to combat this issue, rather than to give up on the VM idea.
     
  7. sourceninja

    sourceninja Diamond Member

    Joined:
    Mar 8, 2005
    Messages:
    8,576
    Likes Received:
    2
    VM's are about better cost efficiency and reliability over physical machines. Yes, you do give up some security (possible exploits in the underline hypervisor), but overall I think it's worth it.

    Also I could be wrong, but as far as I can tell DEP is enabled and functioning in my vsphere 5.1 environment. In fact, I can find vmware documents stating they support the NX features of intel processors. So maybe it's just hyperV that doesn't support DEP?

    In fact, a quick check just showed that DEP support works in vmware fusion as well.
     
  8. SagaLore

    SagaLore Elite Member

    Joined:
    Dec 18, 2001
    Messages:
    24,000
    Likes Received:
    0
    The question is too generic.

    Virtual machines are as secure as you make them, just as non-virtual machines are as secure as you make them.

    With virtual machines there just happen to be more layers that need attention. You need lock down the vm server itself, as well as the vm guest. You also need to properly configure the vm management software. One inherent security weakness is the virtual switch - as more guests are added on the same server, the more intra-guest traffic there may be. If you want to monitor that traffic with an ids it needs to support promiscuous sniffing of the vswitch. Otherwise use ossec on all the guests and the server.
     
  9. Ketchup

    Ketchup Lifer

    Joined:
    Sep 1, 2002
    Messages:
    12,492
    Likes Received:
    1
    Depends on the class. An English class, for example, would only require a broad overview report.
     
  10. Danimal1209

    Danimal1209 Senior member

    Joined:
    Nov 9, 2011
    Messages:
    355
    Likes Received:
    0
    Well, I'm just doing a general report for my host based security class. From what I have researched, the hypervisor seems to be the biggest security problem with VM's. Otherwise, securing the VM's is just more complex that a physical machine.

    I just wanted to hear any opinions on the topic to get my mind thinking while doing my research.
     
  11. SagaLore

    SagaLore Elite Member

    Joined:
    Dec 18, 2001
    Messages:
    24,000
    Likes Received:
    0
    Okay. Well to start with, search for articles about the guest breaking out of its environment and into its host. You have all the traditional security issues to deal with on both server and guest operating systems, then you have the extra layer between that is vulnerable. Then you have the utilities needed to manage all that, which may have its own inherent vulnerabilities.

    So security disadvantage of vm's is the extra layers to worry about.

    Security advantage of vm's is you can snapshot the system, increase scalability by better using resources of physical hardware, have better DR options, etc.
     
  12. imagoon

    imagoon Diamond Member

    Joined:
    Feb 19, 2003
    Messages:
    5,199
    Likes Received:
    0
    I can verify my ESXi 5.0 VMs and the ones in VMWare Workstation 8. All have DEP running on them.
     
  13. HaukSwe

    HaukSwe Member

    Joined:
    Jul 6, 2010
    Messages:
    86
    Likes Received:
    0
    Can a VM put the host system at risk, say be used to pivot towards the OS running them?