Virtual Machines: A Power Tool for Security

Virtual machines have a lot to offer CISOs and security researchers alike. (And, unfortunately, hackers too.)

It's faster to work with disk images of virtual computers because today's virtualization servers are better at intelligently managing hard drives than physical servers ever could be. Instead of having a block-by-block copy of the logical drive, virtualization servers employ a variety of compression and remapping techniques so that the virtual disk contains only the disk sectors that the virtual computer actually needs. Some virtualization servers, like Microsoft Virtual PC, can even store virtual disks in two files: a "base" or reference file and a second file that just keeps track of the changes. With this kind of configuration, the second file contains a perfect record of the damage that the spyware has done. To restore the original computer, you just throw away that second file. What could be easier?

Throwaway virtual machines can be used for a lot more than testing spyware. Positively the safest way to browse the Web today is to download a copy of the VMware Player and the company's "Browser Appliance" virtual machine. Start it up and within a few seconds you'll have a virtual machine running Ubuntu Linux with a copy of Mozilla Firefox ready to surf. Firefox running on Linux is an extremely secure configuration for browsing the Web. And if some hacking group has managed to find an exploit that allows them to take over your virtual machine, what do you care? The worst that exploit will do is corrupt the virtual machine—there is no way for the hackers' hostile programs to break out of the VMware Player and infect your desktop. Likewise, there is no way for a cross-site scripting attack to steal your home banking authentication cookies, and there's no way for some zero-day exploit to search for your confidential documents.

Remote Possibilities

Organizations can also use the VMware Player as a tool for providing their employees with a consistent set of applications for their home computers or secure remote access. Instead of using a resource-intensive remote-access system like Citrix or Microsoft Terminal Services, you could create a VMware virtual machine that is preconfigured with a trusted operating system, all of your organization's productivity software and a virtual private network client. Employees would run the virtual machine to access company software or network resources, storing their work either in separate virtual disks, in the host operating system or on network shares. Software updates could be distributed as whole-new VMs.

Increasingly, I'm also seeing VMs as a way to protect myself when I'm working on a sensitive network that belongs to a client. Instead of bringing up a VPN client on my home computer, I'll create a VM and use that to connect to the client instead. Now I can be sure that no unrelated activity on my desktop will inadvertently make it into the client's network. Likewise, I'm assured that any confidential information I download will be confined to that VM.