So, what security risks does this introduce? The biggest risk is trusting the virtual machines too much and believing they are completely isolated from each other (they are not). Virtual machines share an infrastructure, including network connections, parts of the hard drive, some memory and so forth. Also, don't believe a virtual machine is a firewall. Firewalls are firewalls. Our company is currently researching the potential risks of virtual machines. Our biggest concern is that a bad guy may learn how to escape a virtual machine, jumping from one guest into another guest or into the underlying host operating system. This would be bad, and would dispel many security assumptions. However, there are currently no publicly available virtual machine escape tools that let attackers jump from guest to host.
But because of this possibility, you should carefully harden and use security tools (antivirus, antispyware, and personal firewalls) on all of your systems, both real and virtual. Maintain their security and don't implicitly trust the isolation of your virtual environment. While it is possible that we'll never see a public virtual machine escape program, creating such a thing is non-trivial (believe me, I know!). However, because of the risk, don't let your guard down. Carefully protect your virtual machines just as you do your real ones.
Dig Deeper on Emerging cyberattacks and threats
Related Q&A from Ed Skoudis
Learn how social networking sites compound the insider threat risk, and explore how to mitigate the threat with policy, training and technology. Continue Reading
By viewing a page's HTML source code and writing malicious scripts to a drop-down list, hackers may be able to re-post the malicous page to the ... Continue Reading
Password cracking may be a hacker's specialty, but there are also many strategies to keep passwords secure. Continue Reading