Page 899 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 899

Virtualization


               Virtualization technology is used to host one or more operating
               systems within the memory of a single host computer. This
               mechanism allows virtually any OS to operate on any hardware. Such

               an OS is also known as a guest operating system. From the perspective
               that there is an original or host OS installed directly on the computer
               hardware, the additional OSes hosted by the hypervisor system are
               guests. It also allows multiple operating systems to work
               simultaneously on the same hardware. Common examples include

               VMware/vSphere, Microsoft’s Hyper-V, VirtualBox, XenServer, and
               Apple’s Parallels.

               Virtualized servers and services are indistinguishable from traditional
               servers and services from a user’s perspective.

               Virtualization has several benefits, such as being able to launch
               individual instances of servers or services as needed, real-time
               scalability, and being able to run the exact OS version needed for the
               needed application. Additionally, recovery from damaged, crashed, or

               corrupted virtual systems is often quick: Simply replace the virtual
               system’s main hard drive file with a clean backup version and then
               relaunch it.

               In relation to security, virtualization offers several benefits. It is often
               easier and faster to make backups of entire virtual systems than the
               equivalent native hardware-installed system. Plus, when there is an
               error or problem, the virtual system can be replaced by a backup in

               minutes. Malicious code compromise or infection of virtual systems
               rarely affects the host OS. This allows for safe testing and
               experimentation.

               VM escaping occurs when software within a guest OS is able to breach
               the isolation protection provided by the hypervisor in order to violate
               the container of other guest OSs or to infiltrate a host OS. Several
               escaping vulnerabilities have been discovered in recent times.

               Fortunately, the vendors have been fast to release patches. For
               example, Virtualized Environment Neglected Operations
   894   895   896   897   898   899   900   901   902   903   904