Site icon ExploitByte

What Is Virtualization?

What Is Virtualization? – This Blog gives you an overview of virtualization as it applies to security testers, reviews some virtualization vulnerabilities that security testers should consider, and explains how to create a virtual machine with the free VMware Server.
What Is Virtualization?

Virtualization and Security Testing

A virtual machine is a software-based system that acts like a hardware system. It runs on a software layer called the hypervisor, which can run on a system without an OS installed (called a “bare-metal system”) or on one with an OS, such as Linux or Win-
dows.
Virtual machine computing offers several advantages; for enterprise networks, the main advantage is that multiple systems with different OSs can run on the same physical hardware, which reduces costs, increases flexibility, and improves management efficiency. Virtualization enables an organization or a single user to get the most out of computer resources. Schools, for example, can use virtualization to turn a single server into a virtual server that can host two, three, or more OSs. One computer can house five virtual servers running Windows Server 2008 and Red Hat Enterprise Linux, for example. This capability saves the school money on servers and enables more students to work on their own virtual machines.
As a security tester, being able to turn a single computer into a virtual system that you can run multiple OSs on, without having to alter the current OS, is priceless. Instead of testing new code or security tools on a client’s live environment, a security tester can create a virtual mockup of the client’s network that includes multiple OSs and configurations and run them all on one physical system. This setup is also ideal for performing the BackTrack Linux activities in this book. You can still run your current OS, such as Windows Vista or Windows 7, and then install virtualization software and use BackTrack Linux in a virtual window or “session.” When you’re finished with the chapter activities, you simply remove the virtualization software,  and you’re back where you started with your original OS.
Virtualization technology has also been incorporated in backup and disaster recovery systems as a way to reduce downtime after system failures and data corruption and loss. By taking snapshots (images of a virtual machine’s current state) regularly, network administrators can restore service after virtual machine or hardware failures in minutes or seconds rather than hours or days.
What Is Virtualization?
In addition, virtualization is an important part of cloud computing, in which application resources are accessed and maintained on the Internet (the “cloud”), instead of on an organization’s physical premises or servers. With virtualization, cloud-based computing resources can be allocated based on demand. In the past few years, cloud computing has become a new buzzword in the IT community, partly because of the growing popularity of netbooks and nettops. These “lightweight” computers access desktop applications via a Web browser instead of on the hard drive. Many large organizations, such as Motorola and the City of Los Angeles, have migrated to cloud-based e-mail and other applications, and this trend is expected to accelerate in the next few years.

Virtualization Vulnerabilities

Along with the increased efficiency virtualization offers, using virtualization means preparing for potential risks. In addition to the risk of one physical system being affected by an attack, a root-level compromise of the hypervisor can mean the compromise of many systems. For example, in June 2009, the compromise of virtual machine hypervisors for the Web-hosting company VAServ allowed a hacker to wipe out more than 100,000 Web sites. Many of these Web sites had no backup, so they were irretrievably lost.
Attackers use virtualization to perfect their attacks. In a sophisticated attack, they scan and enumerate the target network, and then create a detailed mockup of this network by using virtual machines. They can then perfect an attack against the replicated network without being detected by the organization’s intrusion detection systems that might alert security professionals to their intentions.
A hypervisor compromise can be magnified even more with cloud-based elastic computing, in which the number of virtual machines used for a Web application or site is based on the application load. If the application load increases, more virtual machines can be brought on “elastically” to handle the load. In other words, virtual machine power expands dynamically in proportion to the load. When the load decreases, the number of virtual machines is reduced automatically. In this way, the application owner doesn’t have to pay for more computing power than needed, and the gains in efficiency improve the bottom line. Amazon is the first company to market pay-for-use cloud-based computing widely with its Elastic Compute Cloud (EC2), although many companies and initiatives emerged around the same time, in the early 2000s. (For more information, visit http://aws.amazon.com.)
What Is Virtualization?

Installing and Using Virtualization Software

This appendix includes a step-by-step guide for turning a single computer into a virtual system hosting one or more virtual machines. VMware Server 2.0 is used as an example because it’s one of the most popular virtualization products, and it’s free.
However, there are other free virtualization products you should be familiar with, described in the following list. The first six products are hosted virtualization systems, which simply means they run on top of a regular OS, such as Windows Vista. The last two, Citrix Xen Server and VMware ESXi, are dedicated hypervisors, so they can’t be installed on top of a regular OS. Instead, they take the place of your OS. Compared with hosted virtualization systems, dedicated hypervisors offer performance advantages.

Overview of VMware Server

VMware Server enables you to set up virtual machines to run Windows or Linux OSs. VMware Server 2.0 is a major update from previous versions and offers the following new features:

Requirements for VMware Server

There Is A Seperate Blog On How To Install VMWare Please Check On My Home Page Or Search Page And For More Hacking Content Click Here

Exit mobile version