Virtual environment security threats have become a reality by the theory – hackers, virtual machine – Security Industry
HC Network Security Â Escape from the virtual machine has always been seen as similar to a black operation. You constantly hear researchers to study some of the rumors of malware samples, which malicious software can escape from a virtual client to Host Ri. At the same time, other researchers are also looking at allowing an attacker to escape from the virtual machine vulnerability.
These physical attacks threatened the sanctity of virtualization projects, but virtualization in many Company In fairly popular, because the server consolidation and power consumption, they have a great advantage. However, the number of vulnerabilities using tools are also growing, will increase the number each month.
In late July 2009 Black Hat USA conference, a number of research institutions on the virtual machine, this vulnerability made the most clearly understood. Immunity is a Security Assessment and penetration testing company, to the outside world provides a software tool called Cloudburst more information, the tool developed by the senior security researcher KostyaKortchinsky. Cloudburst Immunity currently provides to the CANVAS testing tools with the user to use, it uses the VMwareWorkstation6.5.1 and even earlier versions of the display bug, but this bug is also found in VMwarePlayer, Server, Fusion, ESXi and ESX [see CVE2009-1244, to get the exact version number].
Kortchinsky in the Cloudburst in the development of some innovative thinking, he chose to use the virtual machine and the dependence of some equipment (such as video adapter, floppy disk controller, IDE controller, Keyboard Controllers and network adapters), to gain access to the host. In the Black Hat conference, he made a report to the outside world, explains how he used analog video equipment VMware vulnerability to attack, he also demonstrates how to use the host to the client’s memory leaks and how to host from client memory write arbitrary data to any location.
“Video adapter handle the most complex data,” he said. “It has a particularly large shared memory.”
Kortchinsky that the same code simulation for each VMware Product The equipment. “If there is a vulnerability exists, then every VMware product on the vulnerability exists, and by I / O port or memory-mapped I / O ports can be accessed on the client.” Immunity said, Cloudburst is available Damage (Corrupt) memory capacity, which allows it to form a tunnel in the client frame buffer (framebuffer) to establish and host MOSDEF above link to and host Communicate . MOSDEF is a set of tools inside CANVAS exploits tool developed by the Immunity founder DaveAitel.
April 10 this year, VMware has patched the vulnerabilities of these versions. 4 days later, Cloudburst released and added to concentrated CANVAS tool. This makes the Cloudburst and it is different, it is no longer trigger a vulnerability code confirmatory (proofof concept), this, and most of the different virtual machine malware.
Article written here, the safety of the contents of the technical part is over, but the buying power and as a safety manager responsible for decision-making, it does mean for you? No recession in the economy two years ago time, this issue will give us more inspiration, you will argue that the expenses and should be more security in mind, rather than economic factors. Because of security issues may affect the company’s IT environment, and this effect will be immediate feel.
Threat of virtualization has been abstract and theoretical than practical. Of course, there are also some subtler, virtual rootkit technology (such as BluePill), but this requires the understanding of technology hackers have talent, but to some very complex things as the tools of the hacker attack seems to be feasible of. Experts warned that the threat of physical virtual environment has emerged, but these theoretical thing, you still can not develop its own strategy and buy the corresponding enterprise virtualization products. You may need to do is to keep up with the trend of virtualization, because it can bring great benefits, so that the user still empty. The security issue in the future it will be rapidly approaching.
However, in the future. Attacks against the virtual machine slowly from theory into reality. At present, there have been five on the virtual machine escape CVE warning, in Kortchinsky, iDefense’s Greg McManus, and CoreSecurity company based on the work study group, researchers and other attackers will continue to analyze this issue, research Therefore, more security vulnerabilities that emerged after the thing is almost inevitable.
Experts say, the network should not rely on traditional security measures, because they can not resist the threat of each virtual machine. So far, most organizations are in response to the virtual environment, security issues, and the continuous emergence of new attacks, exploits and vulnerabilities confirmatory trigger code (proofof concept). Virtual machine security situation is at a cusp.
Two years ago, security experts, the current Cisco cloud and virtualization solutions director ChrisHoff once said: “Virtualization security threats and vulnerabilities obscure, and the corporate management of the safety performance of these negative, they think the deployment of virtualization technology, when the focus of security problems is not considered. So even if the attempt to think through the establishment of the business case for security investments in a virtualized environment, these efforts will not have much effect. “
With the Cloudburst is seen as the latest attacks against the virtual machine, in this context, Hoff, and other security experts dedicated to the virtual environment prediction seems to be verified.
It is also two years ago, Hoff wrote an article about a virtual machine vulnerability article. At that time, the attacker using the flaw in the VMware client operating systems can run arbitrary code. In that article, his last words were: “This is a virtual machine for the first attack, there will be more later, it is certain … you have to reconfigure or to your Global Virtual Data Center (serverfarms) before the patch … you can start with examples of such discussions with the management of a calm, rational discussion … “
The future has arrived.