Guest OS vulnerabilities

An operating system is an essential component of the system software in a computer system .It is a collection of software that manages computer hardware resources and provides common services for computer programs.

In virtualization world the OS which resides on virtual machine is called guest OS. It shares resources with other virtual machines on the same physical host. For example, one VM with a Windows guest operating system can readily co-exist with a second VM running a Linux guest operating system on the same physical host server at the same time.

Because OS is a software it may have vulnerabilities inside no matter whether it is a Linux, Windows. BSD.

Guest OS vulnerabilities

Vulnerabilities in the OS are exploited by a malware or some kind of network attack. The purpose is to disrupt computer operation, gather sensitive information, or gain access to private computer systems. It can be in the form of code, scripts, active content, and all other kind of hostile and intrusive software. Malware is used primarily to steal sensitive information of personal, financial, or business importance. Infected computers are put under control (zombified) and are used to send email spam, to host contraband data or to engage in distributed denial-of-service attacks.

Attacks against guest OS could be:

  • Active attack – it attempts to alter system resources or affect their operation
  • Passive attack – it attempts to learn or make use of information from the system but does not affect system resources
  • Inside attack – it is an attack initiated by an entity inside the security perimeter, i.e., an entity that is authorized to access system resources but uses them in a way not approved by those who granted the authorization
  • Outside attack – is initiated from outside the perimeter, by an unauthorized or illegitimate user of the system (an “outsider”). In the Internet, potential outside attackers range from amateur pranksters to organized criminals, international terrorists, and hostile governments.

A whole industry is working trying to minimize the likelihood and the consequence of an information attack.

Mitigation techniques

Guest OS vulnerabilities mitigating techniques follows some basic rules:

  • Regular software patching of virtual machine operating system
  • Installing minimum software application, because they also could have vulnerabilities
  • Use of virtual security appliance which has traffic isolation and fire-walling capabilities