Security+ Training Online | Virtualization (Part 2 of 2)

virtualization Feb 12, 2018
 

The last time we got together we talked about virtualization basics.  We looked into hypervisors, hosts and guests and went through some of the big advantages of virtualization.

Now we're going to wrap up our mini course on virtualization with the following topics:

  • Application Cells
  • VDI
  • Virtualization Disadvantages

Let jizzummppp in!

Hahha, okay so let me calm down a bit.

Application Cells

This is where bad application go when they do bad stuff.  It's like a jail for bad apps.

Okay, let me stop screwing around.  

Application cells are just virtualized containers.  The major difference between an Application Cell and a Type 2 hypervisor is that the entire operating system isn't virtualized.

Each application you run, such as your Office program or your command prompt, opens in a new completely isolated container.  But each application is actually running on the same host operating system.

With virtulization, each guest OS can be a completely distinct operating system running on a single physical host.  So the difference is that application cells isolate containers and Type 2 virtualization isolates the complete operating systems.

The advantage here is that it application cells use fewer system resources than Type 1 and Type 2 hypervisors.  A good example of this is the Whonix operating system.  It's an anonymous version of Linux that uses application cells for privacy and performance.

VDI

Virtualized Desktop Infrastructure (or VDI for short) is when IT installs an end user's operating system on a server running in a data center.  The end user doesn't really realize that every time he signs into his computer he's actually logging into a remote system because the operating system feels fluid and natural. 

With VDI, the user desktop is basically delivered on demand from the data center in a transparent fashion.

If the VDI is configured with persistence it means local file saves are stored on the server.  Conversely, if persistence isn't being used all changes are lost when the user logs off.  The server basically restores a snapshot of a gold image (which is a great way to protect a system from malware because the VM basically get's re-imaged each time the user signs off.)

VMWare Horizon is the industry standard for VDI - so if you really want the nitty gritty details you can check out the Horizon View product or even download a trial to explore it for yourself.

Disadvantages of Virtualization

Now you might be thinking: man virtualization is great why wouldn't anyone use it? There are just a few cons to virtualization that I think are worth mentioning.

We'll look into the following:

  • VM Sprawl
  • Security Challenges

VM Sprawl

VM Sprawl is actually a function of a good thing.  The convenience of spinning up new VM's on demand can be a boon to any IT department but it does come with some disadvantages.

First, the more VMs that are created the more difficult it can be to manage them.  Additional VM's increases complexity which can translate to increased costs if it isn't managed appropriately.

It's really easy to clone a VM for a specific purpose and then when you're finish leave it running.  Or perhaps you'll power it down for a few months and then spin it up again for a quick task.  When you fire it up it'll be behind on patches and can become a vulnerability in the network.  Outdated VM images are prime targets for hackers who often take the lazy way in through the weakest link.

Security Challenges with VMs

 The security of offline or dormant VM's is always an issue.  But the other big problem is data confidentiality. 

Remember, a VM is just a collection of files.  As a result, an evil insider could use WinRAR or 7-zip to archive the entire VM and then save the file to a USB stick or upload it to his Google Drive account.  If the VM contains sensitive information, well - now he's got an entire computer on his thumb drive.

That isn't a good situation right?

So these are just a few things to keep in mind when we consider virtualization.  

I think the benefits outweigh the challenges but it's important to keep both sides of the risk coin in view when planning enterprise level VM roll-outs.

Coming Up

Alright, so this wraps up our series on virtualization.  Make sure you subscribe below and come back next week where we will install the most popular hacking Linux distribution in a VM and play with some terminal commands you need for the test.

We will even install Windows 10 in a VM and play with some awesome Windows commands too.

It's going to be a lot of fun so make sure you come back next week.  I'll walk you through the entire process, step-by-step.  And if you have any questions, just leave a comment below!

Take the Next Step!

Join our FREE mailing list to get FREE Security+ training online. You'll get tons of Security+ videos, braindump PDFs, lab simulations and more.

Yes! I want to subscribe
Close

50% Complete

Let's do this!

Pop in your first name and best email address and we'll send you:

The latest updates on the CompTIA Security+ SY0-501 exam

Proven tips and tricks for passing the exam

Hands on video labs with complete step-by-step walk-throughs

And don't forget to refresh your inbox.  You should see us there in about 3 minutes.