Using Virtualization for Security

OTHER SECURITY BENEFITS
Another benefit of using virtualization is the ability to visit websites without fear of malware getting onto the host operating system. If the virtual computer is affected by the malware, it can simply be shut down. However, if the browsing is done on a production computer, any malware infestations that occur have to be removed before the user can be productive again. Inappropriate content can creep into a computer through seemingly innocuous methods such as Internet advertising from search and social networking websites. Sometimes, this advertising may contain questionable or inappropriate material that is undesirable in a business environment. By moving this website content to a virtual machine, it will also move any inappropriate content to the virtual machine without impacting the host machine in any way. If the host machine becomes infected with malware, it can either be rebuilt or simply deleted and a new virtual machine created.

Virtualization provides a strong benefit for browsing the Internet, especially by employees who like to visit shopping sites, social networking sites and other sites with a questionable business purpose but for which you might allow them to visit if it does not affect the productivity and production environment of firm computers. By pushing the browsing to a virtual machine, the risk of a production impact to the primary computer is significantly reduced due to any malware that might get installed.

SUMMARY
Virtualization provides a means of building guest operating systems for testing various configurations and software in a virtual environment without affecting the production computers used in everyday work. By shifting this over to virtualization, it keeps the production computers free of test versions of software or potentially from being impacted by malware. Whether the use of virtualization is to test new software or to prevent malware in the computer environment, it is a great tool that allows us to do things that we might otherwise avoid since it would affect our production computer(s).

-----------------------------------

VIRTUALIZATION IN REAL LIFE – TWO EXAMPLES
Having personally worked with virtualized computers using Microsoft’s Virtual PC 2007, Microsoft’s Virtual Server 2005 and VMWare GSX, it is an interesting technology that opens doors to testing that were previously unavailable without having a spare computer sitting around. I have set up about 25 virtual computers (both servers and workstations) over the past several years as this technology has become more prevalent and easier to use.

The first example is a machine we use for production for our legacy practice management software. We recently converted to a newer and different platform for our practice management software. This conversion wasn’t really a conversion but was more a process of starting over. Even though both products were developed by the same company, the older product was not 100 percent compatible with the newer software, and we decided not to convert between the two products.

We knew, however, that for a period of time we would need to look at data stored in the old practice management software. We decided to set up this legacy software using Virtual PC 2007 and a Windows XP operating system. After the virtual computer was set up, we installed the practice management software and installed the Virtual PC 2007 software on the workstations of the users who would use the legacy software. The other collateral benefit we obtained from using virtualization was that the virtual machine is now hardware and OS independent. Since the virtual machine is set up and configured with its own separate operating system from the host, it will run whether the host operating system is using Windows XP, Windows Vista or some other operating system.

The second example is more testing and security focused. I have set up a virtual computer using Microsoft Virtual PC 2007. This virtual computer is going to be used to test Internet Explorer 8.0 Beta 2. It will allow me to test this beta version to determine compatibility with our Vista Enterprise operating systems without causing any type of compatibility or stability problems on my production computer.

I will be able to use this virtual computer to test this product, including testing it with our accounting suite software. Should something happen to the virtual machine during testing, I can simply shut it down and start over with a clean copy of the hard disk or I can rebuild it while working on some other productive task. While writing this column, I was actually working on building the virtual machine and installing the beta version of Internet Explorer 8.0.