If you want to stop someone from driving a car, you can take away the keys. Quick, easy and effective. Alternatively, removing the wheels and engine will work, too.A container is an OS extension that takes away keys, leaving the OS intact. A virtual machine (VM) reworks the architecture, separating the car from the wheels and engine. Taking the keys is easy, but the driver might have spares, and a car can be hot-wired in about a billion ways. Removing the wheels and engine is a lot of trouble, but the car won’t move without them. And when you mount snow tires, that removable wheel architecture is handy.Time-sharing computersContainers and VMs go back to the beginning of time-sharing, an outstanding advance in mid-twentieth century computing. A single time-sharing computer supports multiple users running multiple tasks at the same time. Each user thinks they control the entire machine.But time-sharing users must be protected from each other. A user’s broken code can bring … [Read more...] about Containers and virtual machines: Which is best for you?
Securing virtual machines
For all its benefits, the drive to virtualize everything has created a very big security issue: Virtualization creates a single target for a potential security breach. When a host runs 50 virtual machines (VMs) and is attacked, then you have a real problem. One compromised host compromises the 50 VMs running on it, and now you have what I lovingly call a “holy s**t” moment. Because you virtualized, you turned a whole bunch of servers and operating systems into just a couple of files that are super easy to steal.Understanding the security problem with virtualizationLet’s frame the problem as a set of challenges that need to be solved for a security solution to mitigate the issues virtualization poses. On any platform, a local administrator can do anything on a system. Anything a guest does to protect itself, like encryption, can be undone by a local administrator. This is comparable to a data center, where all of the access control lists and fancy stuff you do on … [Read more...] about What are shielded virtual machines and how to set them up in Windows Server
For all its benefits, the drive to virtualize everything has created a very big security issue: Virtualization creates a single target for a potential security breach. When a host runs 50 virtual machines (VMs) and is attacked, then you have a real problem. One compromised host compromises the 50 VMs running on it, and now you have what I lovingly call a “holy s**t” moment. Because you virtualized, you turned a whole bunch of servers and operating systems into just a couple of files that are super easy to steal.The industry needs a way to protect against online and offline attacks that could compromise entire farms of VMs. Microsoft has done some work in this area in Windows Server 2016 with the shielded virtual machine, and its sister service, the Host Guardian Service (HGS). Let’s look at what the folks in Redmond have done.Understanding the security problem with virtualizationLet’s frame the problem as a set of challenges that need to be solved for a … [Read more...] about What are shielded virtual machines and how to set them up
VMware has released critical security patches for vulnerabilities demonstrated during the recent Pwn2Own hacking contest that could be exploited to escape from the isolation of virtual machines.The patches fix four vulnerabilities that affect VMware ESXi, VMware Workstation Pro and Player and VMware Fusion.Two of the vulnerabilities, tracked as CVE-2017-4902 and CVE-2017-4903 in the Common Vulnerabilities and Exposures database, were exploited by a team from Chinese internet security firm Qihoo 360 as part of an attack demonstrated two weeks ago at Pwn2Own.The team's exploit chain started with a compromise of Microsoft Edge, moved to the Windows kernel, and then exploited the two flaws to escape from a virtual machine and execute code on the host operating system. The researchers were awarded $105,000 for their feat.Pwn2Own is an annual hacking contest organized by Trend Micro's Zero Day Initiative (ZDI) program that runs during the CanSecWest conference in Vancouver, Canada. … [Read more...] about VMware patches critical virtual machine escape flaws
This is the Part 2 of KVM series, here we will discuss how to deploy Linux virtual machines using network installation under KVM environment. We will discuss three types of network installation (FTP, NFS and HTTP), each one of them has its special prerequisites. Deploy VM’s using Network Install in KVM Before beginning, make sure that you have the prerequisites which we have mentioned in the first part of this series. Setup Virtual Machines in Linux Using KVM (Kernel-based Virtual Machine) – Part 1 Network Installation using FTP 1. Before beginning we should install the ftp service package. # yum install vsftpd 2. After vsftpd has been installed, then lets start and make it service permanently enabled. # systemctl start vsftpd # systemctl enable vsftpd 3. For security issues, you may need to add FTP service to the Firewall. # firewall-cmd --permanent --add-service=ftp # firewall-cmd –reload 4. Now it’s time to choose your prefer Linux ISO which you want to … [Read more...] about How to Deploy Multiple Virtual Machines using Network Install (HTTP, FTP and NFS) under KVM Environment