The third video in the Cloud Security series. More information at www.network-insight.net

The cloud is a technology that combines resources such as CPU, Hard Disk Drive, Network Interface Cards, Bandwidth and places them into a virtualization pool for consumers to use as required.

Virtualization and orchestration are key components to the cloud. The virtualization side of things is carried by what is known as the hypervisor.

And it is this abstraction layer created by the hypervisor that allows the sharing of the system's physical resources.

The hypervisor essentially allows multiple operating systems to share a single physical host.

Many people refer to the hypervisor as a simple piece of software or lightweight operating system running on a host.

However, its attack surface is far larger to that of a normal O/S as it could potentially hold hundreds of virtual machines running their own independent O'S and application set, ALL having the potential for compromisation.

Shared responsibility model

This shared responsibility model and multi-tenant nature can open up the cloud to a number of threats such as 4.hypervisor breakouts, also known as VM Escape and Network Level attacks directly targeting the hypervisor.

The ideal situation is to limit the number of virtual H/W resources available.

The functionality of the hypervisor should just be down to resource scheduling and isolation.

The hypervisor is here only for VMs and the VM only. Harden the hypervisor by removing as much as you will, therefore, reduce the attack surface.


Music from Bensound.

свернуть