In full virtualization, existing hardware resources are utilized more efficiently by running multiple OS instances. It increases operational efficiency. Although, if one OS instance can access resources allocated for another OS instance, it becomes a security concern. Recent advances in CPU architecture have made full virtualization more secure by strengthening hypervisor restrictions on resources.
Full virtualization has some negative security implications. Virtualization adds layers of technology, which can increase the security management burden by necessitating additional security controls. Also, combining many systems onto a single physical computer can cause a larger impact if a security compromise occurs. Further, some virtualization systems make it easy to share information between the systems; this convenience can turn out to be an attack vector if it is not carefully controlled. In some cases, virtualized environments are quite dynamic, which makes creating and maintaining the necessary security boundaries more complex.
Types of Full Virtualization
There are two types: bare metal aka native virtualization and hosted virtualization. In native virtualization, the hypervisor runs directly on underlying hardware; whereas in hosted virtualization, the hypervisor runs on top of the host OS. In both bare metal and hosted virtualization, each guest OS appears to have its own hardware, like a regular computer. This includes CPU, memory, storage, storage controllers and ethernet controllers etc.
Deciding between these two types of virtualization is an important operational and security decision. Bare metal virtualization may offer better security depending on how well-secured hypervisor is, while hosted virtualization adds complexity and as a result increases vulnerabilities. On the other hand, bare metal hypervisors run on a limited range of hardware than hosted hypervisors.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment