I know that we need to consider the security of each and every virtual host. What, though, are the risks and vulnerabilities...
associated with the virtual machine itself, the application that runs on top of the operating system? What are the implications if the VM is hacked? Does the hacker then own all the VM hosts?
First, let's start with the guests. If the attacker can compromise the virtual machines, they will likely have control of all of the guests, since the guests are merely subsets of the program itself. Also, most virtual machines run with very high privileges on the host because a virtual machine needs comprehensive access to the host's hardware so it can then map the real hardware into virtualized hardware for the guests. Thus, compromising the virtual machine means not only that the guests are goners, but the host is also likely lost.
And such worries here are not merely theoretical. In December 2005, a widely publicized flaw in VMware sent shudders up some of our spines. A vulnerability in VMware's NAT service could have allowed remote attackers to execute malicious code by exploiting the VM itself. It should be noted that this issue, while a concern, was not really a VM escape. It was, instead, an exploitable buffer overflow vulnerability. A true VM escape, if such a thing is possible, involves running code in a guest that would allow an attacker to jump out and execute commands in the host operating system. There are no publicly available VM escape tools as of this writing. And, VMware thankfully patched the December buffer overflow quickly, and no major compromises associated with the problem were ever publicized.
However, in the end, it's crucial to keep your VM software itself patched to minimize the chance of vulnerabilities there. Additionally, if you do not need all of the fancy services that virtual machine-enabling software offers and installs, don't install them. For example, if you don't need to share files among guests and hosts, drag and drop features, shared clipboards, and so forth, consider not installing these tools. And, as always, any software without a defined business need should be left off of systems, as its introduction could expose you to vulnerabilities. Virtual machine tools are no exception.
- Learn the security risks associated with virtual PCs.
- Use VMware to reduce patch testing costs.
Dig Deeper on Application attacks (buffer overflows, cross-site scripting)
Related Q&A from Ed Skoudis
Learn how social networking sites compound the insider threat risk, and explore how to mitigate the threat with policy, training and technology. Continue Reading
By viewing a page's HTML source code and writing malicious scripts to a drop-down list, hackers may be able to re-post the malicous page to the ... Continue Reading
Password cracking may be a hacker's specialty, but there are also many strategies to keep passwords secure. Continue Reading