Thursday, October 22, 2009

Use of Virtualization in Security

One of the CompTIA Security+ (Exam SY0-201) objectives is "Explain the purpose and application of virtualization technology." You may be wondering what this is about.

First, virtualization centers around virtualization desktop infrastructure (VDI) where a single physical computer can host multiple computer operating systems. Many virtualization technologies exist such as VMWare and Microsoft's Virtual PC (upgraded and renamed to Windows Virtual PC in Windows 7). I'm more familiar with Virtual PC (VPC) but the uses between brands are common. One great feature is that if something goes wrong with the virtual system, changes can be easily rolled back or undone.

As a simple example, I am running Windows 7 on my desktop PC and have a virtual mini-lab running on the system with Windows Server 2008 in one virtual system running as a domain controller, and a Windows 7 computer running as a client in the virtual domain. I have configured both of these two be able to communicate with each other but they are isolated from the host system or the Internet.

With an understanding of virtualization and VDI, we can now discuss how it can be used in security.  From a security perspective, virtualization can be use for a couple of purposes such as:

  • Testing of patches. When patches for the operating system or applications are released, they can be applied in a virtual environment. They can be tested here in a safe environment without any impact on the production environment.
  • Testing of malware. Once malware is discovered, security professionals want to know what it does and how it does it. This often entails releasing it and observing what happens. Again, a virtual environment is safe and won't impact the performance of the host operating system or the regular network.