WEBVTT

00:00.000 --> 00:01.995
>> When we talk about
virtualization,

00:01.995 --> 00:03.690
we really have to talk
about the heart and

00:03.690 --> 00:05.640
soul of a virtualized
environment,

00:05.640 --> 00:07.440
and that's the hypervisor.

00:07.440 --> 00:09.270
The hypervisor is what allows

00:09.270 --> 00:11.580
OS isolation into
Virtual Machines.

00:11.580 --> 00:13.380
It's going to provide
communication

00:13.380 --> 00:15.360
from what's happening
in Virtual Machine,

00:15.360 --> 00:17.085
either through the
operating system

00:17.085 --> 00:19.250
or directly to the hardware.

00:19.250 --> 00:21.650
That depends on
whether or not we have

00:21.650 --> 00:24.050
a type I or type II Hypervisor.

00:24.050 --> 00:25.640
A type I Hypervisor,

00:25.640 --> 00:28.370
sometimes referred to as the
"bare metal" Hypervisor,

00:28.370 --> 00:30.260
meaning that it sits
directly on top of

00:30.260 --> 00:31.610
the hardware so you don't

00:31.610 --> 00:33.730
install an operating
system first.

00:33.730 --> 00:35.375
You install the hypervisor,

00:35.375 --> 00:37.310
and it has direct
access to the hardware

00:37.310 --> 00:39.620
through the commands within
the virtual software.

00:39.620 --> 00:42.190
With this, you have a
more secure system.

00:42.190 --> 00:43.645
It's hardware-based.

00:43.645 --> 00:45.280
It's just a Virtual Machine,

00:45.280 --> 00:47.560
and because of that, you
get better performance.

00:47.560 --> 00:49.070
You cut out the
middleman that comes

00:49.070 --> 00:50.720
with a type II Hypervisor.

00:50.720 --> 00:52.465
With a type II Hypervisor,

00:52.465 --> 00:55.040
you first install a
host-based operating system

00:55.040 --> 00:56.435
like Windows or Linux,

00:56.435 --> 00:57.410
then on top of that,

00:57.410 --> 00:58.820
you install a Virtual
Machine through

00:58.820 --> 01:01.475
an application like Oracle VBox.

01:01.475 --> 01:03.290
That's the one I've been
using a lot lately.

01:03.290 --> 01:04.359
>> I like that.

01:04.359 --> 01:07.530
>> There's a Virtual Machine
on your VM workstation.

01:07.530 --> 01:09.110
Those are the ones
that most users

01:09.110 --> 01:11.225
may have more experience with.

01:11.225 --> 01:14.090
This is considered to be
software-based because it's

01:14.090 --> 01:15.320
software that you install on

01:15.320 --> 01:16.894
>> top of an operating system,

01:16.894 --> 01:18.550
>> but here's the
deal with that.

01:18.550 --> 01:20.560
All of your commands
from the VM are

01:20.560 --> 01:22.420
running through the
guest operating system,

01:22.420 --> 01:23.905
so you've got that middleman.

01:23.905 --> 01:26.000
Keep in mind, if
you're running this on

01:26.000 --> 01:28.010
Windows and Linux
operating systems,

01:28.010 --> 01:29.450
you have the vulnerabilities of

01:29.450 --> 01:32.255
those operating systems
introduced to the mix.

01:32.255 --> 01:33.575
When we use these,

01:33.575 --> 01:35.960
you might be using them
in a lab environment.

01:35.960 --> 01:37.670
We might be using them on

01:37.670 --> 01:39.620
an individual system
to do things with

01:39.620 --> 01:43.084
application virtualization
or for testing devices.

01:43.084 --> 01:44.270
But when we're talking about

01:44.270 --> 01:46.309
>> really virtualizing servers,

01:46.309 --> 01:47.480
>> that's when we're going to do

01:47.480 --> 01:50.110
this bare metal
type I Hypervisor.

01:50.110 --> 01:52.670
Any Cloud-based service
providers going to

01:52.670 --> 01:56.390
be running type I?

01:56.390 --> 01:58.175
If hypervisors are compromised,

01:58.175 --> 02:00.665
everything in the virtual
environment is compromised,

02:00.665 --> 02:02.920
and there are rootkits
for hypervisors.

02:02.920 --> 02:04.290
There are types of malware

02:04.290 --> 02:06.600
that specifically
target hypervisors.

02:06.600 --> 02:08.690
We need to make sure
that our hypervisor,

02:08.690 --> 02:11.170
like any other piece of
software, is hardened.

02:11.170 --> 02:12.740
It's up to date pass just

02:12.740 --> 02:14.270
like any other
operating system or

02:14.270 --> 02:16.280
application that does reduce

02:16.280 --> 02:19.294
the likelihood of having
malicious code introduced.

02:19.294 --> 02:20.945
As a general rule,

02:20.945 --> 02:22.640
if we're accessing
our resources through

02:22.640 --> 02:25.060
the Cloud and we have a
virtualized environment,

02:25.060 --> 02:26.420
the hypervisor is usually

02:26.420 --> 02:29.020
the Cloud services
provider's responsibility.

02:29.020 --> 02:30.410
We need to make
sure that we know

02:30.410 --> 02:31.760
how that's protected and be

02:31.760 --> 02:34.880
aware of any mitigating
strategies to keep that safe.

02:34.880 --> 02:37.085
If we're running the
type II Hypervisor,

02:37.085 --> 02:37.835
then, of course,

02:37.835 --> 02:39.350
we're responsible
for making sure

02:39.350 --> 02:42.300
this software is patched
and running correctly.

02:43.220 --> 02:45.585
Lots of concerns here.

02:45.585 --> 02:48.110
Again, virtualization
doesn't fix

02:48.110 --> 02:49.790
every problem and it certainly

02:49.790 --> 02:52.210
doesn't make your typical
problems go away.

02:52.210 --> 02:54.590
One of the first issues
that we have to think

02:54.590 --> 02:56.615
about is an issue
called VM escape,

02:56.615 --> 02:58.820
which is exactly
what it sounds like.

02:58.820 --> 03:00.230
Virtualization is supposed to be

03:00.230 --> 03:03.100
true isolation for these
applications and systems.

03:03.100 --> 03:05.300
In a multi-union environment,

03:05.300 --> 03:06.860
our visual system
should be truly

03:06.860 --> 03:09.080
isolated from other
virtual systems.

03:09.080 --> 03:12.005
However, VM escape
is when some entity,

03:12.005 --> 03:14.090
whether it's a process
or an individual,

03:14.090 --> 03:16.405
hops from one Virtual
Machine to another.

03:16.405 --> 03:18.380
Shouldn't happen, but again,

03:18.380 --> 03:19.790
there are attacks specifically

03:19.790 --> 03:22.870
geared towards
virtualized environments.

03:22.870 --> 03:24.945
Another concern.

03:24.945 --> 03:27.500
You may have maybe 15
different services

03:27.500 --> 03:29.525
running on a single
physical machine.

03:29.525 --> 03:31.340
That means that
one network card

03:31.340 --> 03:32.480
>> on that system provides

03:32.480 --> 03:36.010
>> a pathway into the system
for all those 15 services.

03:36.010 --> 03:38.150
From a physical
perspective as well,

03:38.150 --> 03:40.730
if you have failure of
that physical machine then

03:40.730 --> 03:42.110
services are gone from the time

03:42.110 --> 03:44.500
being until we can
get it restored.

03:44.500 --> 03:47.385
Other ideas like anti-malware.

03:47.385 --> 03:49.730
A lot of times we
slap anti-malware on

03:49.730 --> 03:51.860
a machine and we say we're good.

03:51.860 --> 03:53.060
That's all taken care of.

03:53.060 --> 03:54.665
But what you have is you have

03:54.665 --> 03:57.290
numerous Virtual Machine
running on a system.

03:57.290 --> 03:59.870
You have to have
anti-malware on the host.

03:59.870 --> 04:02.210
But for each additional
guest operating system

04:02.210 --> 04:04.655
that has to be scanned
for malware as well.

04:04.655 --> 04:07.325
It really is like a
separate physical machine.

04:07.325 --> 04:09.035
The same thing with monitory.

04:09.035 --> 04:10.880
You're not going to
get monitoring of

04:10.880 --> 04:12.020
those virtual machines from

04:12.020 --> 04:13.955
one tool and just
scanning the host.

04:13.955 --> 04:14.630
We have to make

04:14.630 --> 04:16.520
these considerations
and make sure we have

04:16.520 --> 04:17.690
the right tools and each of

04:17.690 --> 04:19.474
>> the guest operating systems.

04:19.474 --> 04:22.050
>> Last but not least,
unintentional bridging.

04:22.050 --> 04:23.870
Like we said, you've got

04:23.870 --> 04:25.190
one network care connecting

04:25.190 --> 04:26.755
you out to the public network.

04:26.755 --> 04:28.375
You've got an internal network

04:28.375 --> 04:30.470
and your virtual network cards.

04:30.470 --> 04:32.105
You can build a virtual network,

04:32.105 --> 04:33.170
connect everybody through

04:33.170 --> 04:35.390
virtual switches, and
all that's great.

04:35.390 --> 04:37.715
But if we misconfigured
our network cards,

04:37.715 --> 04:39.575
they may be bridged
out to the network,

04:39.575 --> 04:42.845
which is exactly how things
like VM escapes happiness.

04:42.845 --> 04:44.510
I've accidentally
got a pathway to

04:44.510 --> 04:46.435
the network through
my host machine.

04:46.435 --> 04:48.530
We need to make sure that
those are limited to

04:48.530 --> 04:50.030
the virtual land as opposed

04:50.030 --> 04:52.680
to being bridged to
the outside world.

04:53.410 --> 04:56.705
We wrap up the discussion,
virtualization.

04:56.705 --> 04:59.390
There's no doubt that it
has numerous benefits.

04:59.390 --> 05:01.190
Virtualization saves us space,

05:01.190 --> 05:02.390
saves our hardware,

05:02.390 --> 05:04.730
saves on heating and
cooling and allows us to

05:04.730 --> 05:07.445
run multiple services on a
single physical machine,

05:07.445 --> 05:09.140
making it more cost-effective.

05:09.140 --> 05:11.010
All that's great. We get

05:11.010 --> 05:12.590
Virtual Desktop Interfaces where

05:12.590 --> 05:13.760
we take that golden image,

05:13.760 --> 05:15.020
that's a configuration of

05:15.020 --> 05:17.285
exactly what we want on
those host computers,

05:17.285 --> 05:20.600
and then even if our clients
or end-users make changes,

05:20.600 --> 05:22.220
it's still going
to refer back to

05:22.220 --> 05:24.685
the golden image of
the end of the day.

05:24.685 --> 05:27.390
We have to think about
our hypervisors.

05:27.390 --> 05:30.235
Our hypervisors are
either type I or type II.

05:30.235 --> 05:32.600
Type 1 is a bare
metal hypervisor,

05:32.600 --> 05:34.625
that's directly on
top of the hardware.

05:34.625 --> 05:36.800
That's where you're going
to get the best performance

05:36.800 --> 05:39.415
and the best security because
there is no middleman.

05:39.415 --> 05:41.820
Now, with the hypervisor,

05:41.820 --> 05:42.990
there's type II,

05:42.990 --> 05:45.860
install the hypervisor on
top of the operating system,

05:45.860 --> 05:47.540
for the hypervisor
to interact with

05:47.540 --> 05:50.135
the hardware has to
go through the OS.

05:50.135 --> 05:53.095
That OS has its own set
of vulnerabilities.

05:53.095 --> 05:56.195
Then last, we discussed
some security concerns.

05:56.195 --> 05:58.385
We said no environment
is perfect.

05:58.385 --> 05:59.780
You have to watch
for things like

05:59.780 --> 06:01.880
VM escape or process
might move from

06:01.880 --> 06:03.320
one VM to another and

06:03.320 --> 06:05.825
perhaps malware or
worm might spread.

06:05.825 --> 06:08.375
We have to think about
things like hyper jacking,

06:08.375 --> 06:09.530
which is where a rootkit gets

06:09.530 --> 06:11.180
installed in the hypervisor.

06:11.180 --> 06:13.820
We have to be concerned
with multi-tenancy.

06:13.820 --> 06:15.290
There are a lot of areas for

06:15.290 --> 06:18.275
security concerns of
hypervisors and virtualization.

06:18.275 --> 06:20.750
But with our due diligence
and a little bit of effort,

06:20.750 --> 06:24.480
we can secure these environments
and reap the benefits.