What Is Virtualization? – This Blog gives you an overview of virtualization as it applies to security testers, reviews some virtualization vulnerabilities that security testers should consider, and explains how to create a virtual machine with the free VMware Server.
What Is Virtualization?
Virtualization and Security Testing
A virtual machine is a software-based system that acts like a hardware system. It runs on a software layer called the hypervisor, which can run on a system without an OS installed (called a “bare-metal system”) or on one with an OS, such as Linux or Win-
Virtual machine computing offers several advantages; for enterprise networks, the main advantage is that multiple systems with different OSs can run on the same physical hardware, which reduces costs, increases flexibility, and improves management efficiency. Virtualization enables an organization or a single user to get the most out of computer resources. Schools, for example, can use virtualization to turn a single server into a virtual server that can host two, three, or more OSs. One computer can house five virtual servers running Windows Server 2008 and Red Hat Enterprise Linux, for example. This capability saves the school money on servers and enables more students to work on their own virtual machines.
As a security tester, being able to turn a single computer into a virtual system that you can run multiple OSs on, without having to alter the current OS, is priceless. Instead of testing new code or security tools on a client’s live environment, a security tester can create a virtual mockup of the client’s network that includes multiple OSs and configurations and run them all on one physical system. This setup is also ideal for performing the BackTrack Linux activities in this book. You can still run your current OS, such as Windows Vista or Windows 7, and then install virtualization software and use BackTrack Linux in a virtual window or “session.” When you’re finished with the chapter activities, you simply remove the virtualization software, and you’re back where you started with your original OS.
Virtualization technology has also been incorporated in backup and disaster recovery systems as a way to reduce downtime after system failures and data corruption and loss. By taking snapshots (images of a virtual machine’s current state) regularly, network administrators can restore service after virtual machine or hardware failures in minutes or seconds rather than hours or days.
What Is Virtualization?
In addition, virtualization is an important part of cloud computing, in which application resources are accessed and maintained on the Internet (the “cloud”), instead of on an organization’s physical premises or servers. With virtualization, cloud-based computing resources can be allocated based on demand. In the past few years, cloud computing has become a new buzzword in the IT community, partly because of the growing popularity of netbooks and nettops. These “lightweight” computers access desktop applications via a Web browser instead of on the hard drive. Many large organizations, such as Motorola and the City of Los Angeles, have migrated to cloud-based e-mail and other applications, and this trend is expected to accelerate in the next few years.
Along with the increased efficiency virtualization offers, using virtualization means preparing for potential risks. In addition to the risk of one physical system being affected by an attack, a root-level compromise of the hypervisor can mean the compromise of many systems. For example, in June 2009, the compromise of virtual machine hypervisors for the Web-hosting company VAServ allowed a hacker to wipe out more than 100,000 Web sites. Many of these Web sites had no backup, so they were irretrievably lost.
Attackers use virtualization to perfect their attacks. In a sophisticated attack, they scan and enumerate the target network, and then create a detailed mockup of this network by using virtual machines. They can then perfect an attack against the replicated network without being detected by the organization’s intrusion detection systems that might alert security professionals to their intentions.
A hypervisor compromise can be magnified even more with cloud-based elastic computing, in which the number of virtual machines used for a Web application or site is based on the application load. If the application load increases, more virtual machines can be brought on “elastically” to handle the load. In other words, virtual machine power expands dynamically in proportion to the load. When the load decreases, the number of virtual machines is reduced automatically. In this way, the application owner doesn’t have to pay for more computing power than needed, and the gains in efficiency improve the bottom line. Amazon is the first company to market pay-for-use cloud-based computing widely with its Elastic Compute Cloud (EC2), although many companies and initiatives emerged around the same time, in the early 2000s. (For more information, visit http://aws.amazon.com.)
What Is Virtualization?
Installing and Using Virtualization Software
This appendix includes a step-by-step guide for turning a single computer into a virtual system hosting one or more virtual machines. VMware Server 2.0 is used as an example because it’s one of the most popular virtualization products, and it’s free.
However, there are other free virtualization products you should be familiar with, described in the following list. The first six products are hosted virtualization systems, which simply means they run on top of a regular OS, such as Windows Vista. The last two, Citrix Xen Server and VMware ESXi, are dedicated hypervisors, so they can’t be installed on top of a regular OS. Instead, they take the place of your OS. Compared with hosted virtualization systems, dedicated hypervisors offer performance advantages.
- Microsoft Virtual PC —Intended for use on workstations to host another OS, such as a Windows Server 2008 virtual machine; can be installed on Windows hosts only
- Microsoft Virtual Server —Intended for use on servers to host multiple virtual machines, including Windows Server 2008 and other OSs; can be installed on Windows hosts only.
- Microsoft Hyper-V —Intended for use on servers to host multiple virtual machines, including Windows Server 2008 and other OSs; can be installed on Windows hosts only.
- VMware Server —Intended for use on servers to host multiple virtual machines; included as part of Windows Server 2008 and 2008 R2. It supports most Windows and several Linux OSs.
- Kernel-based Virtual Machine (KVM) —Available as an optional package in most Linux distributions, KVM is a lightweight virtualization infrastructure that can run most Linux and Windows versions as guest OSs; can be installed on
Linux hosts only.
- Sun xVM (VirtualBox) —Intended for use on a workstation or server to host multiple virtual machines, including most versions of Linux, BSD UNIX, Solaris, and Windows; can be installed on Solaris, Windows, Linux, and Macintosh
- Citrix Xen Server —A hypervisor intended for use on servers without an OS already installed; can host multiple virtual machines, including most versions of Linux and Windows. Xen Server is the virtualization product behind Amazon’s
Elastic Compute Cloud.
- VMware ESXi —A hypervisor intended for use on servers without an OS already installed; can host multiple virtual machines, including those running most versions of Linux and Windows.
Overview of VMware Server
VMware Server enables you to set up virtual machines to run Windows or Linux OSs. VMware Server 2.0 is a major update from previous versions and offers the following new features:
- Enables you to manage virtual machines from the VMware Infrastructure Web Access window or the Remote Console window
- Allows configuring different levels of permissions
- Allows configuring which OSs start when VMware Server is started
- Offers editors for configuring hardware devices
- Includes support for virtual machines running Windows Vista, Windows Server 2008, Red Hat Enterprise Linux 5.0, and Ubuntu Linux through version 9.x, among others
- Handles increased memory (to 8 GB) and more NICs (up to 10) in the host machine
- Supports 64-bit guest OSs on 64-bit (x64 but not IA-64) host computers
- Offers hot-add capability (meaning components can be added without shutting down the virtual machine) for new SCSI and tape devices
- Includes the Volume Shadow Copy Service (VSS) for backups on Windows guest OSs
- Allows using Firefox 3 or Internet Explorer for the VMware Infrastructure Web Access window
- Supports hardware virtualization—for example, AMD CPUs with AMD-V capability and Intel CPUs with Intel VT
- Supports multiple monitors (to see different virtual machines on different displays)
Requirements for VMware Server
- CPU—Any standard x86 or x64 computer, including the following processors: dualcore or quad-core Intel Zeon, Intel Core 2, AMD Opteron, or Athlon (733 MHz or faster)
- RAM—A minimum of 512 MB but must include enough RAM for the minimum requirements of the total number of OSs (host and guest) you plan to run
- Disk space—Enough disk storage for the OSs (host and guest) you plan to run
- VMware Infrastructure Web Access window —Internet Explorer 6.0 and later (for Windows hosts) or Mozilla Firefox 2.0 and later (for Linux hosts)
There Is A Seperate Blog On How To Install VMWare Please Check On My Home Page Or Search Page And For More Hacking Content Click Here