Categories
Virtual Machines

Virtual Machines & Cyber Security

In the article we look at what a Virtual Machine is, their uses in the context of Cyber Security, the Pros & Cons, and some of the offerings to consider.

What is a Virtual Machine?

A virtual machine (VM) is a software program or operating system that not only exhibits the behavior of a separate computer, but is also capable of performing tasks such as running applications and programs like a separate computer.

techopedia.com

VM’s come in the following types:

  • Process VM – this allows you to run a single process as an application on a host machine e.g. the Java Virtual Machine (JVM) allows apps written in the Java programming language to be run on any hardware or operating system that has support for a JVM.
  • System VM – this is a guest Operating System (O.S.) installed on a Hypervisor. Usually a Hypervisor allows multiple guest O.S.’s to be run on the same physical server or Host at the same time. A Hypervisor provides a lightweight software layer that coordinates between the Guests and the Host as well as keeping each System VM separate from interfering with one another i.e. they remain secure and avoid conflicting for resources.

In this article we are going to focus on System VM’s. These can run on a Hypervisor that installs directly onto the server or runs as a program on the Host’s O.S. In Cyber Security the latter tends to be used whilst the former is often used by the likes of Cloud service providers.

How can a VM help with Cyber Security?

There are multiple reasons for using VM’s for Cyber Security related activities, here are two commonly encountered scenarios:

  1. Running multiple, often different, O.S.’s on a single computer to test different types of attacks or scenarios. This provides a cost effective method of doing this without having to use multiple computers as well as providing an environment that can easily be restored and restarted or replayed if something gets corrupted or a demonstration is needed to a client.
  2. Running a different O.S. for Penetration Testing purposes than is used on a day-to-day basis on a computer for email, writing document etc plus VM’s protect the Host machine from the activities carried out within a VM.

An example of using VM’s for Cyber Security purposes is having a Macbook laptop running MacOS that has VirtualBox as the Hypervisor. On VirtualBox there are two images of popular O.S.’s loaded:

  • Kali Linux – this provides Penetration Testing tools for identifying vulnerabilities in the target.
  • Microsoft Edge (Windows) – this is the target machine for attacks being tried out on.

In the above scenario VirtualBox enables Kali & MS Edge to run on the same hardware sharing access to CPU cycles, hard drive storage, memory to run processes in, and Ethernet or wireless adapter to access the Internet or local network if permitted and configured appropriately.

Pros & Cons

This section covers the main advantages and disadvantages of using VM’s over using multiple machines with different O.S.’s installed on them.

Pros:
  • Cost – saves needing to purchase multiple computers i.e. one computer per O.S.
  • Convenience – the ability to run multiple O.S.’s on the same computer provides ease of access via different windows for usability and portability in the case of a laptop.
  • Backup & Restore – reinstalling a VM image of an O.S. or saving a snapshot of the current setup then restoring back to it is far easier and quicker than reinstalling and configuring a whole O.S. on a single computer.
  • Compatibility – VM’s provide the ability to install different O.S.’s on a range of hardware where compatibility or lack of drivers may otherwise be an issue. This can also enable the use of legacy hardware or provide future-proofing for new hardware.
  • Security – VM’s provide a secure environment for O.S.’s and their processes to run in without fear that they might harm or interfere with the Host O.S. and its data.
  • Stability – each VM’s has a virtual hard disk so if the Guest O.S. crashes it does not impact the Host O.S. or any of its processes.
  • Software licensing – if the license of a software package is tied to the hard drive ID, a physical MAC address, or an external IP address then multiple installations on VM’s may generate cost savings.
  • Thin clients – if VM’s are run on powerful remote servers then clients can utilize more cost effective thin-clients.
Cons:
  • Performance – VM’s are less efficient that an O.S. running on hardware directly, this is due to the indirect access to resources. The result tends to be either slower performance or the need for a higher specification computer e.g. more memory, faster CPU, quicker hard drive access times, increased bus speeds etc.
  • Reliability – bugs or flaws that impact the Host O.S. can impact the stability of VM’s running Guest O.S.’s, also having the additional layer of a Hypervisor can introduce issues that would not exist if the Guest was installed directly onto the Host computer.
  • Costs – the need for more powerful and faster hardware such as CPU’s, storage, memory etc can have financial implications.

The above lists are not exhaustive but provide an idea on some of the key Pros and Cons of using VM’s.

Products & Options

There are many Hypervisor products available on the market, here is a list of some of the key players at the time of writing:

Boot Camp

“Boot Camp is a utility that comes with your Mac and lets you switch between macOS and Windows.”

This is more of a dual-boot solution rather than an actual Hypervisor.

  • Host OS – MacOS
  • Guest OS – Windows
  • Costs – Free
Citrix Hypervisor

“Citrix Hypervisor is a leading virtualization management platform optimized for application, desktop and server virtualization infrastructures.”

  • Host OS – Installs direct onto 64-bit x86 servers.
  • Guest OS – Windows (7, 8.1, 10), Windows Server (2008, 2012, 2016, 2019), and Linux (CentOS, Red Hat, SUSE, Oracle Linux, Scientific Linux, Debian, Ubuntu, CoreOS, NeoKylin Linux Advanced Server)
  • Costs – Paid
Microsoft Hyper-V

“Hyper-V is Microsoft’s hardware virtualization product. It lets you create and run a software version of a computer, called a virtual machine. Each virtual machine acts like a complete computer, running an operating system and programs.”

Hyper-V replaced Windows Virtual PC.

  • Host OS – Windows 10, and Windows Server
  • Guest OS – Windows (8, 8.1, 10), Windows Server (2008, 2016, 2019), Linux (CentOS, Red Hat, Debian, Oracle Linux, SUSE, Ubuntu), and FreeBSD
  • Costs – Free
Parallels Desktop

“The fastest, easiest and most powerful application for running Windows on Mac – without rebooting.”

  • Host OS – MacOS
  • Guest OS – MS-DOS 6.22, Windows (3.11, 95, 98 SE, ME, 2000, XP, Vista, 7, 8, 8.1, 10), Windows Server (NT 4.0, 2003, 2012), Linux (Ubuntu, Red Hat, CentOS, Fedora, SUSE, OpenSUSE, Mint, Mageia, Debian), MacOS, Chrome, Solaris, FreeBSD, OS/2, and Android
  • Costs – Paid
QEMU

“QEMU is a generic and open source machine emulator and virtualizer.”

  • Host OS – Linux (Fedora, Debian, Ubuntu, Mint, SUSE), BSD (FreeBSD, NetBSD, OpenBSD), and MacOS
  • Guest OS – Linux, Solaris, Microsoft Windows, DOS, and BSD
  • Costs – Free
VirtualBox

“VirtualBox is a general-purpose full virtualizer for x86 hardware, targeted at server, desktop and embedded use.”

Owned by Oracle.

  • Host OS – Windows, Linux, macOS, and Solaris
  • Guest OS – Windows (NT 4.0, 2000, XP, Server 2003, Vista, Windows 7, Windows 8, Windows 10), DOS/Windows 3.x, Linux (2.4, 2.6, 3.x and 4.x), Solaris & OpenSolaris, OS/2, and OpenBSD
  • Cost – Free
VMware

VWware offer a huge array of products so we will focus on Workstation Player.

  • Host OS – Linux (Ubuntu, Red Hat, CentOS, Oracle Linux, OpenSUSE, SUSE)
  • Guest OS – Windows (XP, 7, 8.X, 10), and Linux (Ubuntu, Red Hat, SUSE, Oracle Linux, Debian, Fedora, OpenSUSE, Mint, CentOS)
  • Costs – Free
Xen Project

“Xen Project software is extremely versatile and customizable due to its unique architecture bringing the power of virtualization everywhere.”

The Xen Project Hypervisor is the basis for many commercial products such as ‘Citrix Hypervisor’, ‘Oracle VM for x86’ and more.

  • Host OS – Linux (CentOS, Debian, Ubuntu, openSUSE, SLES, Fedora), and NetBSD
  • Guest OS – Linux (Alpine Linux, Arch Linux, CentOS, Debian, Fedora, OpenEmbedded, OpenSUSE, Oracle Linux, Red Hat, SLES, Ubuntu), BSD (FreeBSD, NetBSD, OpenBSD), Solaris, Windows (Vista, XP, 7), and Windows Server (2000, 2003, 2008)
  • Costs – Free

In future articles we intend to cover some of the above products in more depth.

What do you think about the use of Virtual Machines in Cyber Security, Ethical Hacking and Penetration Testing? What is your preferred Hypervisor? Please comment below to share your preferences.

Leave a Reply