How Virtualization Can Improve Security?
概观-
Virtualization has become the necessity for all organizations irrespective of their sizes. Virtualization 降低成本并使组织能够从其技术投资中获得更多,en,以最佳方式使用它的适当知识是成功的关键,en,虚拟化一词是一种用于创建虚拟环境的过程,en,服务器或网络资源,en,虚拟化可以视为IT环境中总体趋势的一部分,它将能够根据感知的活动和实用程序计算来管理自己,en,虚拟化的重要目标是减少管理任务,同时改善可扩展性和工作量,en,安全需求,en,许多组织在部署新技术后正在考虑安全的影响,en,虚拟化提供了许多好处,从而轻松销售,en,虚拟化可以节省金钱,en,提高业务效率,en. As virtualization is a vast area, proper knowledge to use it in the best possible way is the key to success.
介绍: The term virtualization is a type of process used to create a virtual environment. The virtualization allows a user to run multiple operating systems on one computer simultaneously. It is creation of virtual (rather than actual) version of something such as an operating system, a server or network resources. For many companies, virtualization can be viewed as a part of an overall trend in IT environment which will be able to manage itself based on perceived activity and utility computing. The important goal of virtualization is to reduce administrative tasks while improving scalability and workloads.
Security Needs: Many organizations are thinking about the security implications after they deploy new technology. Virtualization provides many benefits which makes easy sell into IT architectures. The virtualization can save money, increases business efficiency, 减少维护过程中的停机时间,而不会影响业务并引起干扰并使用更少的设备进行更多工作,en,当然有,en,使用网络虚拟化在IT领域实施虚拟化的许多方法,en,存储虚拟化,en,服务器虚拟化和桌面虚拟化,en,每种类型可能包含某种安全风险,en,虚拟化类型有许多解决方案,en,重要的是,en,虚拟化可以提高安全性,但没有能力停止所有攻击,en,虚拟化可以以多种方式使用,并且在每种情况下都需要适当的安全控制,en,本文将探讨您可以使用虚拟化来提高Windows环境的安全性的方式,en. Of course there are, many ways to implement virtualization in IT sectors using network virtualization, storage virtualization, server virtualization and desktop virtualization. Each type may contain some sort of security risk. There are many solutions for virtualization types. The important thing is that, virtualization can improve the security but it does not have capability to stop all the attacks.
Virtualization can be used in many ways and requires appropriate security controls in each situation. This article will explore the ways you can use virtualization to increase the security of your windows environment.
以下是最大程度地降低风险并改善安全性的几种方法,en,沙箱,en,这是一种用于分开运行程序的安全机制,该程序通常用于执行未经验证的第三方的未经测试的代码或未经信任的程序,en,供应商和不信任的网站,en,沙箱的主要目的是通过隔离应用程序来防止外部恶意软件来提高虚拟化安全性,en,有害病毒,en,停止执行等的应用程序,en,如果您有不稳定或未经测试的应用程序,en,只需将其放在虚拟机中,en,这样它不会影响系统的其余部分,en,有时你可能会得到,en,在浏览器中运行时攻击您的应用程序,en,因此,在虚拟机中运行程序总是一个好习惯,en,沙盒技术与虚拟化密切相关,en virtualization:
- Sandboxing:
It is a security mechanism for separating running programs which is often used to execute untested code or untrusted programs from unverified third parties, suppliers and untrusted websites. The main goal of sandboxing is to improve virtualization security by isolating an application to prevent from outside malware, harmful viruses, applications that stops execution etc. If you have any application which is unstable or untested, simply put it in a virtual machine, so that it does not affect the rest of the system.
Sometimes you may get malicious attack to your application while running in the browser, so it is always a good practice to run your programs in a virtual machine. Sandbox technology closely related to virtualization. 虚拟计算提供了沙箱的一些好处,而不必为新机器支付溢价,en,虚拟机与互联网有连接,en,不去公司局域网,en,因此,它保护操作系统和程序形成病毒或对虚拟机的有害攻击,en,服务器虚拟化,en,虚拟化是掩盖服务器资源,该资源有助于将物理服务器分配为较小的虚拟服务器以最大化资源,en,管理员将物理服务器分为多个虚拟环境,en,官方记录被偷走了,en,来自服务器,en,服务器虚拟化允许小型虚拟服务器运行自己的操作系统,并彼此独立重新启动,en,虚拟化服务器用于识别和隔离不稳定和折衷应用的应用程序,en. The virtual machine has connection to internet, not to the company LAN. So it protects operating system and programs form virus or harmful attacks on the virtual machine.
- Server Virtualization
Server virtualization is masking of server resources which helps in partitioning the physical server into smaller virtual servers to maximize resources. The administrator divides physical server into multiple virtual environments. Now a day, official records are stolen by hackers from servers. Server virtualization allows small virtual servers run its own operating system and independently rebooted of one another. Virtualized servers are used to identify and isolate applications which are unstable and compromised applications.
它主要用于,en,Web服务器,en,提供低成本的网络托管服务,en,服务器利用率管理服务器资源的复杂详细信息,同时增加利用率和维护能力,en,虚拟化服务器更容易检测恶意病毒或破坏元素,en,保护服务器,en,虚拟机和整个网络,en,使用服务器虚拟化的好处是,en,它在x86硬件和操作系统之间创建硬件抽象层,en,它还将虚拟服务器的密度降低到物理服务器硬件,en,服务器虚拟化创建了服务器的图像,该图像易于确定服务器是否异常起作用,en,网络虚拟化,en,它是硬件和软件网络资源的组合,将网络功能结合到单个虚拟网络中,en web servers which provide low cost web hosting services. Server utilization manages complicated details of server resources while increasing the utilization and maintaining capacity. Virtualized server makes easier to detect malicious viruses or damaging elements, protects the server, virtual machines and the entire network.
The benefit of using server virtualization is that, it creates hardware abstraction layer between x86 hardware and operating system. It also reduces the density of virtual servers to physical server hardware. Server virtualization creates image of a server which makes easy to determine if the server is acting abnormally.
- Network Virtualization
It is the combination of hardware and software network resources and combines network functionality into single virtual network. 使用网络虚拟化,en,虚拟网络在感染系统时最小化恶意软件的效果,en,虚拟化创造了逻辑,en,虚拟网络从基础网络硬件到更好地集成虚拟环境,en,网络的重要特征,en,隔离,en,它允许动态编写多个虚拟网络,这些虚拟网络孤立地共存在一起,以自定义的端到端服务,en,它们通过共享和利用从基础架构提供商中获得的网络资源来管理这些虚拟网络。,en,网络虚拟化的另一个主要特征是 - ,en, virtual networks minimize the effect of the malware when infecting the system. Network virtualization creates logical, virtual networks from underlying network hardware to better integrate with virtual environments.
The important feature of the network virtualization 是 isolation. It allows composing dynamically multiple virtual networks that co-exist together in isolation to deploy customized end-to-end services on the fly. They are managed on those virtual networks for the users by sharing and utilizing network resources gained from infrastructure providers.
Another main feature of network virtualization is – 分割, 网络分为子网络和此过程的划分,可以通过最大程度地减少网络中的本地流量并通过使内部网络结构从外部从外部看不见来提高性能,en,网络虚拟化还用于创建虚拟化基础架构,以通过创建用于多个客户的软件应用程序的单个实例来支持复杂的需求,en,管理程序安全性,en,管理程序,en,表示创建和运行虚拟机的小软件或硬件,而包含虚拟机的机器被称为主机机器,en,管理程序安全性通过使用操纵程序包括开发来实现虚拟化,en,提供和管理,en,有一些,en,如下,en. Network virtualization is also used to create virtualized infrastructure to support complex requirements by creating single instance of software application serving to multiple customers.
- Hypervisor Security
The term hypervisor means small software or hardware that creates and runs virtual machines and the machine which contains hypervisor are called as host machine. Hypervisor security enables virtualization by using hypervisor including development, 履行, provisioning and management.
There are some 安全 recommendations for hypervisor as follows:
- 安装供应商或有时大多数管理程序发布的操纵管理程序的更新,en,使用薄式管理程序固定,这使部署变得容易,并通过最小的计算开销有效地运行,并通过恶意代码降低了可能到达管理程序的攻击,en,不要将未使用的物理硬件连接到主机系统,en,来自任何网络的未使用的NIC,en,有时将磁盘驱动器用于备份数据,en,因此,当不积极使用用于备份时,未使用的设备应断开连接,en,如果您不需要文件共享服务或客座操作系统和主机OS之间的任何其他服务,en,然后禁用那些不需要的服务,en.
- Secure with thin hypervisors which makes deployment easy and run efficiently with minimal computing overhead and reduces the attack by malicious code that could reach the hypervisor.
- Don’t connect unused physical hardware to host system, unused NIC’s from any network. Sometimes disk drive is used for backup the data, so unused devices should be disconnected when they are not actively being used for backup.
- If you don’t need file sharing service or any other service between the guest OS and the host OS, then disable those services which are not needed.
- 来宾操作系统之间必须有安全性进行通信和非虚拟化环境,由防火墙等安全控件来处理,en,网络设备等,en,桌面虚拟化,en,它允许创建,en,修改或删除图像并将桌面环境与用于访问它的物理计算机分开,en,管理员可以轻松管理员工的计算机,并保护其免受未经授权的访问或引入病毒的侵害,en,它提供了更多,en,通过为桌面环境提供访客OS映像来给用户,并且不允许将数据复制或保存到磁盘上,而不是服务器,en,这样,它使桌面虚拟化更加安全,en,基础架构安全,en,虚拟化信息,en, network appliances etc.
- Desktop Virtualization
It allows creating, modifying or deleting the images and separates desktop environment from the physical computer that is used to access it. Administrator can easily manage employees’ computers and protect it from the unauthorized access or introduction of viruses. It provides more 安全 to the user by providing guest OS image for desktop environment and it doesn’t allow copy or saving of data to the disk than the server. In this way it makes desktop virtualization more secure.
- Infrastructure Security
The virtualized information 基础设施 允许控制对资源的访问并保持可见性以确保信息处理,en,计算环境中的所有活动都需要通过基础架构进行跟踪,en,虚拟开关,en,这是一个软件程序,可通过使用隔离来提供安全性,en,控制和内容检查技术在虚拟机之间,允许一台虚拟机与另一台虚拟机通信,en,它不允许执行Inter Switch链接,en,虚拟开关的主要目的是提供网络连接,以与虚拟网络中的虚拟机和应用程序通信到物理网络,en,来宾操作系统安全,en,它是虚拟机中的操作系统,用于托管主操作系统,并与同一主机上的其他虚拟机共享资源,en. All the activities within the computing environment need to be tracked though the infrastructure.
- Virtual Switches
It is a software program which provides security by using isolation, control and content inspection techniques between virtual machines and allows one virtual machine to communicate with another.
It does not allow to perform inter switch link attacks. The main purpose of virtual switch is to provide network connectivity to communicate with virtual machines and applications within the virtual network to physical network.
- Guest OS Security
It is the operating system in a virtual machine to host the main operating system and shares resources with other virtual machines on the same host. Virtualization 允许通过使用网络磁盘创建的磁盘或文件夹与OS共享信息,en,它包含一些安全问题,例如系统地更新访客操作系统,en,保留虚拟驱动器的备份,并对非虚拟计算机应用相同的策略,en,切勿将未使用的物理硬件连接到主机系统,en,因为有时将磁盘驱动器用于备份数据,en,高可用性和灾难恢复,en,首先是保留IT领域的数据和服务的可用性,en,虚拟化通过在大型唯一文件中备份数据来减少灾难恢复的时间和成本,从而节省了重新安装OS并恢复数据的时间,en.
It contains some security concerns such as updating guest OS systematically, keep the back up of virtual drives and apply same policy for non-virtualized computers. Never connect unused physical hardware to host system, because sometimes disk drive is used for backup the data, so unused devices should be disconnected when they are not actively being used for backup.
- High availability and disaster recovery
Now a day, first thing is to preserve the data and availability of services in the IT sectors. Virtualization reduce the time and cost of the disaster recovery by backing up the data in large unique file which saves the time when reinstalling OS and restoring the data. 它允许在任何主机中还原虚拟机满足功率要求,还提供了恢复身体失败的设施,而不会浪费更多的时间,en,服务器隔离,en,虚拟化将服务器隔离用于主要业务目的,en,我们可以在一台虚拟机上运行多个服务器,而无需虚拟化,en,但是有单个服务器上有多个服务器的风险,en,虚拟化允许在单个计算机上运行多个服务器,同时彼此隔离服务器,因为它们在单独的虚拟机上运行,en,虚拟化在IT业务环境中产生了巨大影响,en,通过最大化计算和基础架构资源为许多公司提供新的安全考虑因素,en,正确部署虚拟化技术可以为软件提供安全性,en.
- Server Isolation
The virtualization uses server isolation for the primary business purpose. We can run multiple servers on one virtual machine without virtualization, but there is a risk of having multiple servers on single server. Virtualization allows running multiple servers on a single machine while isolating servers from one another because they are running on separate virtual machines.
Summary: Virtualization has made huge impact in the IT business environment. Virtualization provides new security considerations for many firms by maximizing computing and infrastructure resources. Properly deployed virtualization techniques can provide security to the software, hardware, 存储和网络环境,en,但是虚拟化只是安全库中的众多工具之一,en,因此,在设计任何应用程序软件时也应考虑其他安全方面,en. But virtualization is only one of many tools in the security arsenal. So other security aspects should also be considered during the design of any application software.
