“Before virtualization, we had isolated servers. A cracker
taking over one server meant that he controlled just that server.
The cracker would then have to launch network attacks against other
servers in the environment. System administrators had lots of tools
to defend against network attacks on machines: firewalls, network
traffic analysis tools, intrusion detection tools, etc.“After virtualization, we have multiple services running on the
same host. If a virtual machine is broken into, the cracker just
needs to break though the hypervisor. If a hypervisor vulnerability
exists, the cracker can take over all of the virtual machines on
the host. He can even write into any virtual host images that are
accessible from the host machine.“This is very scary stuff. The question is not “if”, but “when”.
Hacker/cracker conventions are already examining hypervisor
vulnerabilities. Crackers have already broken though the xen
hypervisor, as I documented in one of my previous blogs.
LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.
Property of TechnologyAdvice. © 2025 TechnologyAdvice. All Rights Reserved
Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.