Chapter 1

Virtualized Environment Attacks

“Have no fear of perfection—you'll never reach it.”

—Salvador Dali

“…our instruments are open to committing serious errors.”

—Jules Verne, 20,000 Leagues Under the Sea

Virtualization is the creation of virtual resources from physical resources. Virtualization can combine the resources of many computers into a pool of resources and then subdivide that pool of resources into many virtual machines (VMs). It is also commonly applied to desktops to run multiple operating systems on the same computer. It offers benefits such as fault tolerance and disaster recovery capabilities, snapshotting, cloning of virtual machines, and many more.

The benefits of virtualization include the ability to increase efficiency of IT through automation and the reduction of overhead from physical control. These benefits are double-edged, however. Removing controls and increasing flexibility gives attackers new opportunities. This chapter takes you through the basics of why and how virtual environments and cloud computing are attacked.

No one should be surprised that virtual systems are attacked. The number of systems that are virtualized continues to rise year after year. As the prevalence of virtualized systems grows, so do attacks against that virtual infrastructure, and the need to protect it. Old attacks against legacy systems are being adapted to exploit targets on new platforms.

A Brief Introduction to the Cloud

Virtualization of computing resources has a long ...