O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Virtualization for Security

Book Description

One of the biggest buzzwords in the IT industry for the past few years, virtualization has matured into a practical requirement for many best-practice business scenarios, becoming an invaluable tool for security professionals at companies of every size. In addition to saving time and other resources, virtualization affords unprecedented means for intrusion and malware detection, prevention, recovery, and analysis. Taking a practical approach in a growing market underserved by books, this hands-on title is the first to combine in one place the most important and sought-after uses of virtualization for enhanced security, including sandboxing, disaster recovery and high availability, forensic analysis, and honeypotting.

Already gaining buzz and traction in actual usage at an impressive rate, Gartner research indicates that virtualization will be the most significant trend in IT infrastructure and operations over the next four years. A recent report by IT research firm IDC predicts the virtualization services market will grow from $5.5 billion in 2006 to $11.7 billion in 2011. With this growth in adoption, becoming increasingly common even for small and midsize businesses, security is becoming a much more serious concern, both in terms of how to secure virtualization and how virtualization can serve critical security objectives.

Titles exist and are on the way to fill the need for securing virtualization, but security professionals do not yet have a book outlining the many security applications of virtualization that will become increasingly important in their job requirements. This book is the first to fill that need, covering tactics such as isolating a virtual environment on the desktop for application testing, creating virtualized storage solutions for immediate disaster recovery and high availability across a network, migrating physical systems to virtual systems for analysis, and creating complete virtual systems to entice hackers and expose potential threats to actual production systems.

About the Technologies

A sandbox is an isolated environment created to run and test applications that might be a security risk. Recovering a compromised system is as easy as restarting the virtual machine to revert to the point before failure. Employing virtualization on actual production systems, rather than just test environments, yields similar benefits for disaster recovery and high availability. While traditional disaster recovery methods require time-consuming reinstallation of the operating system and applications before restoring data, backing up to a virtual machine makes the recovery process much easier, faster, and efficient. The virtual machine can be restored to same physical machine or an entirely different machine if the original machine has experienced irreparable hardware failure. Decreased downtime translates into higher availability of the system and increased productivity in the enterprise.

Virtualization has been used for years in the field of forensic analysis, but new tools, techniques, and automation capabilities are making it an increasingly important tool. By means of virtualization, an investigator can create an exact working copy of a physical computer on another machine, including hidden or encrypted partitions, without altering any data, allowing complete access for analysis. The investigator can also take a live ?snapshot? to review or freeze the target computer at any point in time, before an attacker has a chance to cover his tracks or inflict further damage.

Table of Contents

  1. Brief Table of Contents
  2. Table of Contents
  3. Copyright
  4. Technical Editor
  5. Contributing Authors
  6. Chapter 1. An Introduction to VirtualizationSolutions in this chapter:
    1. Introduction
    2. What Is Virtualization?
    3. Why Virtualize?
    4. How Does Virtualization Work?
    5. Types of Virtualization
    6. Common Use Cases for Virtualization
    7. Summary
    8. Solutions Fast Track
    9. Frequently Asked Questions
  7. Chapter 2. Choosing the Right Solution for the TaskSolutions in this chapter
    1. Introduction
    2. Issues and Considerations That Affect Virtualization Implementations
    3. Distinguishing One Type of Virtualization from Another
    4. Summary
    5. Solutions Fast Track
    6. Frequently Asked Questions
  8. Chapter 3. Building a Sandbox
    1. Introduction
    2. Sandbox Background
    3. Existing Sandbox Implementations
    4. Describing CWSandbox
    5. Creating a Live DVD with VMware and CWSandbox
    6. Summary
    7. Solutions Fast Track
    8. Bibliography
  9. Chapter 4. Configuring the Virtual MachineSolutions in this chapter:
    1. Introduction
    2. Hard Drive and Network Configurations
    3. Physical Hardware Access
    4. Interfacing with the Host
    5. Summary
    6. Solutions Fast Track
    7. Frequently Asked Questions
  10. Chapter 5. HoneypottingSolutions in this chapter:
    1. Introduction
    2. Herding of Sheep
    3. Detecting the Attack
    4. How to Set Up a Realistic Environment
    5. Summary
    6. Solutions Fast Track
    7. Frequently Asked Questions
    8. Note
  11. Chapter 6. Malware AnalysisSolutions in this chapter:
    1. Introduction
    2. How Should Network Access Be Limited?
    3. Looking for Effects of Malware
    4. Examining a Sample Analysis Report
    5. Interpreting an Analysis Report
    6. Bot-Related Findings of Our Live Sandbox
    7. Antivirtualization Techniques
    8. Summary
    9. Solutions Fast Track
    10. Frequently Asked Questions
  12. Chapter 7. Application Testing
    1. Introduction
    2. Getting Up to Speed Quickly
    3. Debugging
    4. Summary
    5. Solutions Fast Track
    6. Frequently Asked Questions
  13. Chapter 8. Fuzzing
    1. Introduction
    2. What Is Fuzzing?
    3. Virtualization and Fuzzing
    4. Choosing an Effective Starting Point
    5. Preparing for External Interaction
    6. Executing the Test
    7. Summary
    8. Solutions Fast Track
    9. Frequently Asked Questions
  14. Chapter 9. Forensic Analysis
    1. Introduction
    2. Preparing Your Forensic Environment
    3. Capturing the Machine
    4. Preparing the Captured Machine to Boot on New Hardware
    5. What Can Be Gained by Booting the Captured Machine?
    6. Summary
    7. Solutions Fast Track
    8. Frequently Asked Questions
  15. Chapter 10. Disaster Recovery
    1. Introduction
    2. Disaster Recovery in a Virtual Environment
    3. Simplifying Backup and Recovery
    4. Allowing Greater Variation in Hardware Restoration
    5. Recovering from Hardware Failures
    6. Redistributing the Data Center
    7. Summary
    8. Solutions Fast Track
    9. Frequently Asked Questions
  16. Chapter 11. High Availability
    1. Introduction
    2. Understanding High Availability
    3. Reset to Good
    4. Configuring High Availability
    5. Maintaining High Availability
    6. Summary
    7. Solutions Fast Track
    8. Frequently Asked Questions
  17. Chapter 12. Best of Both Worlds
    1. Introduction
    2. How to Set Up Linux to Run Both Natively and Virtually
    3. Issues with Running Windows Both Natively and Virtualized
    4. Summary
    5. Solutions Fast Track
    6. Frequently Asked Questions
  18. Chapter 13. Protection in Untrusted Environments
    1. Introduction
    2. Using Virtual Machines to Segregate Data
    3. Using Virtual Machines to Run Software You Don't Trust
    4. Using Virtual Machines for Users You Don't Trust
    5. Summary
    6. Solutions Fast Track
    7. Frequently Asked Questions
    8. Notes
  19. Chapter 14. Training
    1. Introduction
    2. Setting Up Scanning Servers
    3. Setting Up Target Servers
    4. Creating the Capture-the-Flag Scenario
    5. Out Brief
    6. Cleaning up Afterward
    7. Saving Your Back
    8. Summary
    9. Solutions Fast Track
    10. Frequently Asked Questions
  20. Index
    1. SYMBOL
    2. A
    3. B
    4. C
    5. D
    6. E
    7. F
    8. G
    9. H
    10. I
    11. J
    12. K
    13. L
    14. M
    15. N
    16. O
    17. P
    18. R
    19. S
    20. T
    21. U
    22. V
    23. W
    24. X
    25. Y