Create dual system by virtualization software to enhance the security?

Discussion in 'Security Software' started by cc, May 9, 2005.

  1. cc

    cc Guest

    Hi, folks.
    I just read about an article about security advice below:

    http://www.forbes.com/forbes/2005/0314/064_print.html

    So, creating dual system (not dual computers) by virtualization software can
    enhance the security of data?

    Can the effect be the same as dual (multiple) computer strategy?

    It seems that it is not a new idea.
     
    cc, May 9, 2005
    #1
    1. Advertisements

  2. cc

    Roger Abell Guest

    For a high end firm, they really should do some usability studies
    on their web presence. I get a scripting error and a prompt to see
    if I want to lower my default precautions (ActiveX), which I refuse,
    and then the page just hangs and fails to complete loading.

    If they are saying that use of virtual machines, like with VMware's
    products or with Virtual Server, then they may not be aware that
    there are ways to detect that an execution is taking place within
    such a virtual environment.
     
    Roger Abell, May 9, 2005
    #2
    1. Advertisements

  3. cc

    cc Guest

    Hi,Roger. There is another link for the same article about this topic.

    http://www.vmware.com/news/press/forbes_2.html

    What do you mean by "there are ways detect that an execution is taking
    place within such a virtual environment"?

    "Roger Abell" <> дÈëÏûÏ¢ÐÂÎÅ:...
    For a high end firm, they really should do some usability studies
    on their web presence. I get a scripting error and a prompt to see
    if I want to lower my default precautions (ActiveX), which I refuse,
    and then the page just hangs and fails to complete loading.

    If they are saying that use of virtual machines, like with VMware's
    products or with Virtual Server, then they may not be aware that
    there are ways to detect that an execution is taking place within
    such a virtual environment.
     
    cc, May 9, 2005
    #3
  4. The idea is basically the same as using dual computers. You have one machine for
    surfing and one for doing important stuff. If you want, you can go even further
    by doing everything in virtuals and segregating them. For instance, you could
    have your tax programs done in one virtual that has no network access at all and
    have another virtual for web surfing.

    Another benefit, in my eyes, of using virtuals is that your web surfing virtual
    machine could be configured to roll back at the end of the session. I actually
    have that configured for my virtual machine I use to test things and web surf to
    sites I don't trust. At the end of the session I simply say shutdown and don't
    save any of the changes that have been made (undo).

    It is interesting that they mention vmware and not the caveat vmware has for
    probably 98%+ of the readers of Forbes. Windows isn't really supported on
    vmware. It is entirely best effort and only if you have a Premier Support
    Contract with MS. Windows users for the time being should be using Virtual PC
    (how's that for driving your market?).

    Overall I think that article was poor quality, very jumping and disjoint. They
    seemed to want to say a lot of things and didn't really say any of them very
    well. I had a difficult time focusing on it to read it.

    joe
     
    Joe Richards [MVP], May 9, 2005
    #4
  5. cc

    Roger Abell Guest

    Thanks for the alternate link, which does work for me.

    What I was referring to is fact that rootkit researchers have
    circulated a couple of ways to simply discover whether the
    current execution environment is "native" on the hardware or
    is in a virtual machine environment. One is an API call which
    should be general on all environments, one depends of state of
    specific Intel processor register (but which is present in the
    current generation of virtualize machine environments).

    What does that mean? Basically, that use of a virtual machine
    may not for long, if now, provide the "air gap" between the
    host and the guest operating systems that are running. Anyway,
    the host and guest are now most often automatically configured
    for sharing . . .

    Do not get me wrong. I am not wanting to seem pessimistic.
    As matter of fact, I look to something along these lines as a
    future path with much promise. However, today I see this as
    another obsfucation technique rather than as a hard boundary
    that is inherently defensible. What I would like to see is that
    OS vendors again pay attemtion to the code vs data distinction
    so that when I cycle a virtual server I can have guarantee that
    all is unchanged except for data state information persisted by
    the prior execution. Even that would present vectors/risks,
    but at least where the extra care and oversight are needed would
    be isolated so efforts could be tightly focused. As it is, the OS
    code, its run state persistent store, application code, its state and
    data, etc. are a relatively amorphous lump with a few fuzzy
    boundaries. With rearchitecting of how what is persisted, I could
    envirion a non-stop server environment of constantly rolling
    refresh of system images in execution without loss of persisted
    or of in-progress session state.

    As long as an adversary has a simple means to detect whether
    they are running in the only OS on the hardware, I will assume
    that they can then make use of knowledge of how the leading
    virtualizing products allow host and guest systems to interact
    in order to know which environment is at hand and what its main
    sore points are. For today we seem to me to be in a window
    where this is not a concern, except for perhaps the most valuable
    systems (which should have a real air gap anyway) that might be
    target of advanced efforts. I do not however expect that to remain
    the case, and believe that if everyone were using a base system for
    their safe-harbor and a virtual for network activity then I would
    not expect it to remain this way for very long at all.
     
    Roger Abell, May 9, 2005
    #5
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.