Home > Ask the Security Experts > Expert Archive: Information Security Threats Questions & Answers > If a virtual machine is hacked, what are the consequences?
Ask The Security Expert: Questions & Answers
EMAIL THIS

If a virtual machine is hacked, what are the consequences?

Ed Skoudis, past SearchSecurity.com expert EXPERT RESPONSE FROM: Ed Skoudis, past SearchSecurity.com expert

Pose a Question
Other Security Categories
Meet all Security Experts
Become an Expert for this site


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


>
QUESTION POSED ON: 17 October 2006
I know that we need to consider the security of each and every virtual host. What, though, are the risks and vulnerabilities associated with the virtual machine itself, the application that runs on top of the operating system? What are the implications if the VM is hacked? Does the hacker then own all the VM hosts?

>
First, let's start with the guests. If the attacker can compromise the virtual machines, they will likely have control of all of the guests, since the guests are merely subsets of the program itself. Also, most virtual machines run with very high privileges on the host because a virtual machine needs comprehensive access to the host's hardware so it can then map the real hardware into virtualized hardware for the guests. Thus, compromising the virtual machine means not only that the guests are goners, but the host is also likely lost.

And such worries here are not merely theoretical. In December 2005, a widely publicized flaw in VMware sent shudders up some of our spines. A vulnerability in VMware's NAT service could have allowed remote attackers to execute malicious code by exploiting the VM itself. It should be noted that this issue, while a concern, was not really a VM escape. It was, instead, an exploitable buffer overflow vulnerability. A true VM escape, if such a thing is possible, involves running code in a guest that would allow an attacker to jump out and execute commands in the host operating system. There are no publicly available VM escape tools as of this writing. And, VMware thankfully patched the December buffer overflow quickly, and no major compromises associated with the problem were ever publicized.

However, in the end, it's crucial to keep your VM software itself patched to minimize the chance of vulnerabilities there. Additionally, if you do not need all of the fancy services that virtual machine-enabling software offers and installs, don't install them. For example, if you don't need to share files among guests and hosts, drag and drop features, shared clipboards, and so forth, consider not installing these tools. And, as always, any software without a defined business need should be left off of systems, as its introduction could expose you to vulnerabilities. Virtual machine tools are no exception.

More information:

  • Learn the security risks associated with virtual PCs.
  • Use VMware to reduce patch testing costs.

    		•

    BROWSE BY TAG
    Application and Platform Security,   Application Attacks (Buffer Overflows, Cross-Site Scripting),   Enterprise Vulnerability Management,   Security Patch Management,   Expert Archive: Information Security Threats,   VIEW ALL TAGS

    Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   



    RELATED CONTENT
    Application Attacks (Buffer Overflows, Cross-Site Scripting)
    Quiz: How to build secure applications
    Black box and white box testing: Which is best?
    Adobe warns of critical update for Reader, Acrobat 9.1.3
    9 Ways to Improve Application Security After an Incident
    Developers Need Help with Security Errors
    Buffer overflow tutorial: How to find vulnerabilities, prevent attacks
    SQL injection protection: A guide on how to prevent and stop attacks
    Experts rebuke programmers who use SQL injection as feature
    SANS: Application threats, website flaws pose biggest security threats
    Mozilla helps Adobe push out faster patches
    Application Attacks (Buffer Overflows, Cross-Site Scripting) Research

    Security Patch Management
    Squad: Tokenization, Phishing and the Feds
    Should management processes change based on a patch release schedule?
    Should Windows Mobile updates come from Microsoft?
    Adobe updates ColdFusion, JRun, Flex
    Trusteer CEO criticizes Adobe, touts better patch deployments
    Patch management study shows IT taking significant risks
    Vulnerability mitigation study shows need for faster patching
    Microsoft to issue security report card, new tool at Black Hat
    How to manage patches for Adobe
    When is it suitable to remove Java updates?

    Expert Archive: Information Security Threats
    The telltale signs of a network attack
    Will Google Chrome enhance overall browser security?
    Are there antivirus suites that pick up more than just run-of-the-mill viruses?
    What tools can a hacker use to crack a laptop password?
    Are social networking sites an easy target for malicious hackers?
    What are the dangers of cross-site request forgery attacks (CSRF)?
    Should social engineering tests be included in penetration testing?
    What kind of data is compromised during a Google hack?
    Best practices for using restriction policy whitelists
    Defining mobile device security concerns

    RELATED GLOSSARY TERMS
    Terms from Whatis.com − the technology online dictionary
    buffer overflow  (SearchSecurity.com)
    cache poisoning  (SearchSecurity.com)
    cyberterrorism  (SearchSecurity.com)
    dictionary attack  (SearchSecurity.com)
    directory harvest attack  (SearchSecurity.com)
    distributed denial-of-service attack  (SearchSecurity.com)
    JavaScript hijacking  (SearchSecurity.com)
    ping of death  (SearchSecurity.com)
    stack smashing  (SearchSecurity.com)
    SYN flooding  (SearchSecurity.com)

    RELATED RESOURCES
    2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
    Search Bitpipe.com for the latest white papers and business webcasts
    Whatis.com, the online computer dictionary



    Search and Browse the Expert Answer Center
    Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.
    Browse our Expert Advice



    Find Security Solutions for Your Business
    TechTarget Security Media
    Information Security View this month\\'s issue and subscribe today.
    Information Security Decisions Apply online for free conference admission.
    		SearchSecurity.com
    HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
    SEARCH :     Site Index Powered by: Search Powered by Google

    About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
    TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

    TechTarget Corporate Web Site  |  Media Kits  |  Site Map




    All Rights Reserved, Copyright 2003 - 2009, TechTarget | Read our Privacy Policy     		  TechTarget - The IT Media ROI Experts