CET324 – Advanced

Cyber Security
Assignment 2
Prince Appiah (Student ID: 209181913)
CET234 – Advanced Cyber Security
28 May 2021
Introduction
ABC Insurance explored the possibility of migrating their current JRA server architecture to
virtual machines. As part of the feasibility study for this migration, an in-depth study was
conducted to ascertain whether this was the correct decision from a security perspective. Given
the amount of sensitive data held on the servers, it was imperative to examine the vulnerabilities
of the various assets of the organization when implementing a virtualized server environment.
Furthermore, the likelihood of the vulnerabilities being exploited was to be discussed as well as
the danger posed to the assets upon successful exploitation of the discussed vulnerabilities.
The NIST methodology is an important tool that will be used to gauge risk levels associated with
the vulnerabilities and mitigation steps are discussed on how these vulnerabilities can be
covered. From these considerations, a final justification and recommendation is given to the
Chief Information Security Officer on whether the idea to virtualize is the best decision to make
for the company.

1. Vulnerabilities to Assets
Server virtualization provides benefits to organizations like reduced electricity usage, a
reduction in maintenance costs and improved information security due to centralization (Lee et
al., 2015). Following practical tests in the form of DR drills, Sligh and Owusu, (2014) asserted
that the lower reliance applications have on the hardware layer bodes well for enterprises,
specifically in the case of disaster recovery since virtual images are can easily be uploaded and
restored. ABC’s assets can be divided into Server Technologies, Company Data Assets and
Customer Data Assets. The vulnerabilities associated with each of these assets are shown in
table 1. Given the peculiarities of ABC Insurance’s case, however, further vulnerabilities exist
outside of unforeseen disasters. Some general threats facing virtualized platforms are
enumerated below:
Vulnerability A (VM used to gain access to a Host)

This threat emanates from an attacker leveraging the lack of isolation and communication
restrictions in virtualized environments that require communication between applications running
on separate VMs and Hosts. As shown below in figure 1 an attacker may gain full access to a
host’s resources, leaving its file system vulnerable.

Figure 1 – Attack on a host by attacker that gains access to a VM (Kent et al., 2011)
Vulnerability B (VM used to monitor activity from another VM)

Like vulnerability B, the case of a lack of isolation leaves VMs prone to monitoring and control
by other VMs within a network. Although modern CPU architectures include a built-in feature
that hypervisors use to isolate memory between VMs, virtualization environments normally
make use of a virtual hub or switch to connect VMs. This gives attackers the possibility of
sniffing sent packets or utilizing ARP spoofing techniques to redirect sent packets from or to
affected VMs.
Vulnerability C (VM Escape)

VM Escape occurs when a compromised guest machine gains full access to the host machine’
by completely bypassing the VM layer and gaining control of the hypervisor (Nagireddi et al.,
2013). Controlling the hypervisor ultimately gives the attacker administrator privileges in the
virtualization environment, including access to all VMs running in the territory as well as the data
they have stored. According to Sabahi (2012), This probably makes VM escape the most
significant security risk facing virtualization environments.

Vulnerability D (Denial of Service Attacks)

System performance can be severely hampered in the event of an attacker gaining access to a
VM and configures subsequently sends an excessive number of requests for resources beyond
what it is configured run on (Nagireddi et al., 2013). This ends up starving other guest VMs
running on the server from resources, causing critical processes to halt (Buch and Bhatt, 2018).
Vulnerability E (Outsider attacks caused by Employee Negligence)

Clients making use of a virtual machine instance may unknowingly compromise the whole
server virtualization environment by running insecure applications on their machine (Buch and
Bhatt, 2018). A malicious application may request rights to make significant system changes
that can render the security defences in place redundant. Furthermore, the successful
installation of malware such as worms, viruses and backdoors can subvert restricted user rights
to attack the entire virtualized system after successfully finding an entry point.

ID Asset Vulnerabilities
Server Technologies
1 Main Server Hardware ▪ A, B, C, D, E
2 Database Server ▪ A, B, C, D, E
3 J2EE Application Server ▪ A, B, C, D, E
4 Web Application Server ▪ A, B, C, D, E
Company Data
5 Employee Virtual ▪ A, B, C, D, E
Machines
6 Agent credential data ▪ A, B, C, E
Customer Data
7 Customer credential & ▪ A, B, C, E
insurance policy data
(Individual & Business)
8 Customer Personal Data ▪ A, B, C, E
Table 1 – Vulnerabilities associated with ABC Insurance’s assets
 2. Likelihood of vulnerabilities being exploited.
According to the NIST methodology, the likelihood rating of each discussed vulnerability
represents ‘the probability that [the] potential vulnerability may be exercised within the construct
of the associated threat environment’ (Stoneburner et al., 2002). To guide the determination of
this probability, the following can be considered:
❖ The source of the threat, its motivation and capability
❖ The nature of the vulnerability
❖ The presence and effectiveness of current controls in place
Furthermore, a literature review was done on past case studies that roughly match the identified
vulnerabilities so as compare the events that led to the exploit the company’s situation and
policies. This helps to determine how likely a similar situation is to occur in the case of ABC
Insurance.
As outlined in the NIST Special publication, this likelihood can be deemed either high, medium,
or low as shown in figure 2, where each rating is described:

Figure 2 – Rating the likelihood of a vulnerability being exploited (Stoneburner et al., 2002)

The likelihood of each vulnerability being exploited as well as a short justification is detailed
below in table 2:

ID Vulnerability Likelihood Justification

A VM used to gain access to
a Host
High As per the requirements outlined in the
scenario, there should exist the ability for
different operating systems, web servers
and database servers to run on separate
virtual machines. Since these different
components will need to communicate with
each other, isolation of VMs will have to be
foregone therefore the likelihood of this
vulnerability being exercised by an attacker
is high.

B VM used to monitor activity High Since this vulnerability also takes

from another VM advantage of a lack of isolation, the
likelihood of this situation occurring is high.

C VM Escape Medium The skill level required by an attacker to

successfully exploit this vulnerability is quite
high. Taking this into account as well as the
 fact that this is the most significant threat
facing the technology with a likely high
motivation the part of the attacker, the
likelihood of this vulnerability be exploited is
medium.

D Denial of Service Attacks Medium Since ABC Insurance is already such a

large institution with a lot of requests for
resources bombarding the server, the
likelihood of an attacker successfully taking
advantage of this vulnerability to clog the
network is determined to be medium. The
threat source is more likely to be an
employee trying to speed up their system
performance.

E Outsider attacks caused by High The massive size of ABC Insurance

Employee Negligence company with its numerous employees,
branches and high turnover would make it a
high priority target for cyber criminals. The
motivation of the attacker would be to trick
unsuspecting employees to divulge enough
information to potentially escalate the attack
and make away with large sums of money.

Table 2 – Likelihood of vulnerabilities being exploited.

 3. Impacts of exploited vulnerabilities.
A successful cyber security breach against an implemented virtualized server environment can
impact the organization in the following ways:
❖ Destruction of Data – The successful threat exercise of some vulnerabilities such as A, E
and C can cause loss and damage to data contained on individual instances of virtual
machines running on the network. If an attacker has access to the hypervisor, they can
proceed to delete any instance of a VM, effectively wiping out all data contained in virtual
storage. This would mean many important company documents could be permanently
lost if adequate steps are not taken for data backup such as Redundant Array of
Inexpensive Disks (RAID) setup.
❖ Monetary Losses – An attacker can gain access credential data sent across the network
through exploiting vulnerability B whereby sent packets are ‘sniffed’. This can enable
them to impersonate someone within the organization and subsequently employ
methods of social engineering to gain very sensitive information that enables them to
access company funds. In the case of the Chief Executive Officer (CEO) being
impersonated, they may attempt and succeed at instructing a subordinate to transfer
them a large sum of money.
❖ System Outage – Successfully exploiting vulnerability D (DOS Attacks) cause system
performance to suffer. In the case whereby the attacker uses multiple computers to flood
the server with requests (Distributed Denial of Service Attack), the system can cease to
operate normally, preventing employees and clients alike from accessing information
they require daily. This in turn causes monetary losses as well because normal business
is ground to a halt.
❖ Loss in reputation due to leaked customer data – The vast amounts of sensitive
customer data held on the company’s servers is at risk in the event of a successful
threat exercise. If an attacker chooses to make such sensitive data public, this may
result in irreparable damage to ABC Insurance’s reputation in the eyes of not only their
valued customers but also the public.
❖ Competitive advantage to rival firms – An attacker with intentions of selling compromised
data to the highest bidder raises the issue of rival insurance firms getting a competitive
advantage by discovering insurance policy data of ABC’s clients. This would enable
them to target existing clients with advertising of more competitively priced packages,
potentially enticing them to change their insurance provider.
 4. Risk of vulnerabilities based on NIST methodology.
The National Institute of Standards and Technology (NIST) formulated a guideline to identify,
assess and take steps to reduce the risk involved with the vulnerabilities discussed. This
process of risk management involves first determining the extent of the potential threat and
vulnerabilities against the organization’s assets, steps already completed in the previous
sections. After this is done, it is prescribed that the risk level of each identified vulnerability
associated with the IT system being implemented is determined.
Figure 3 below outlines how the vulnerabilities can be classified in terms of risk posed to the
organization. Table 2 enumerates each vulnerability and defines their associated risk level with
a short justification:

Figure 3 – Classification of Vulnerabilities according to risk levels (Stoneburner et al., 2002)

Table 3 below uses the NIST methodology to determine the risk level associated with each
vulnerability as well as a justification for the risk rating:
ID Vulnerability Risk Level Justification
A VM used to gain access High Given the system requirements and
to a Host resulting high likelihood of an exploit,
corrective actions is time critical to
ensure that while the whole IT system
performs its business functions, the
company’s assets are not left
vulnerable.
B VM used to monitor High Given the system requirements and
activity from another VM resulting high likelihood of an exploit,
corrective actions is time critical to
ensure that while the whole IT system
performs its business functions, the
company’s assets are not left
vulnerable.

C VM Escape High Although the likelihood of this

vulnerability being exploited is medium,
the risk level of this breach is high due

D Denial of Service Attacks
E Outsider attacks caused
by Employee Negligence
Table 3 – Risk level of vulnearbilities.
to the complete control an attacker can
get over the company’s resources by
managing to access the hypervisor.
Corrective measures are vital to ensure
that company assets remain secure.
Medium Although this vulnerability is a concern,
a breach in this regard would mostly
affect system performance and not
potentially destroy or access data
assets. This vulnerability is therefore
rated at medium risk level and
corrective measures should be made
reasonably soon.
High Since there exists a high likelihood of
the organization being targeted and
attacked by cyber criminals and there
exists many potential entry points into
the system. This vulnerability is rated at
high risk level. Corrective measures will
have to be made as a matter of
urgency.
 5. Strategies and Methods to Mitigate Virtualized Server Risks
Although the implementation of virtualization technology in ABC’s server infrastructure comes
with some risks, there are some steps and best practices that can be followed to mitigate the
risks involved in virtualization. As per the NIST guideline, these identified controls should be
prioritized, evaluated, and implemented to ensure that the risk is either reduced or eliminated.
Kent et al., (2011) proposed the careful configuration and maintenance of isolation between
VMs to effectively eliminate vulnerability A, preventing attackers who gain control of one virtual
machine from subsequently gaining access to other VMs in the same environments or any
connected hosts. Nagireddi et al., (2013) also stressed the importance of logging events and
keystrokes for audit purposes. This allows security breaches to be reported to control and for
action to be prompted before the attack escalates.
Vulnerability B can be combated by making use of authentication to verify network traffic
(Nagireddi et al., 2013) and applying encryption to network data to prevent unauthorized access
(Buch and Bhatt, 2018).
Nagireddi et al., (2013) propose that taking the extra step to configure host/guest interactions
can help prevent the occurrence of the VM escape (vulnerability C). On the other hand, Kent et
al., (2011) proposed methods to securing the hypervisor, stressing the importance of adding a
layer of security to protect programs that control it by restricting access to authorized
administrators only. In the case whereby remote access to a hypervisor is enabled, the authors
further proposed that access to all interfaces be restricted through use of a firewall. Tayab et al.,
(2015) outlined an architecture for this ‘virtual firewall’ as seen below in figure 4, meant to
safeguard the hypervisor and prevent communication between VMs (Vulnerability B):

Figure 4 – Proposed architecture of virtual firewall (Tayab et al., 2015)

As seen seem, there exists a connection between the end users and a virtual switch and
another connection from the virtual switch to the virtual firewall. The virtual firewall exists at the
interface between the virtual switch and virtual server, where packet the decision is made to
either allow or block traffic flowing from outside sources (packet filtering). It also offers additional
protection from threats such as spoofing (Vulnerability B) and packet over flooding (Vulnerability
D).
Vulnerability D (DOS attacks) can be also mitigated against by ensuring that the virtualized
environment is properly configured to prevent one guest from consuming excess resources and
ensure that open resources cannot be exploited without permission from the systems
administrator (Moghadam, 2013).
To combat against vulnerability E, Buch and Bhatt, (2018) suggested an approach that involves
active monitoring. This method would provide a hook within the kernel of the Virtual Machine to
actively trap different forms of malware, diverting it to another dedicated Virtual Machine for
detection. This is an improvement on more passive approaches whereby monitoring is only
carried out by privileged VMs using remote access. Equally, Noura et al, (2013) suggested a
defense strategy whereby a single administrator is setup in virtualization zones and worked in
two stages. The first stage would involve a real time process operating in a sandbox with trojan
and virus cleaning capabilities while the second stage, operating in an inaccessible zone, would
be responsible with communicating with the internet to regularly update libraries that keep track
of the latest vulnerabilities and their required security patches.
 6. Recommendations and Justification
Upon careful consideration of the various vulnerabilities, risks, potential adverse impacts, and
mitigation strategies, it is recommended that ABC Insurance takes up the opportunity to
virtualize the JRA architecture. Lambropoulos et al., (2021) noted that despite the new security
concerns raised by implementing virtualization solutions, the growing need for organizations in
the financial services sector to provide their customers with more services necessitates the
migration.
It was determined, using the NIST methodology, that most of the vulnerabilities associated with
the technology were high. Despite this, from the mitigation strategies discussed it was found
that if the right actions and best practices are thoroughly followed in the initial installation, most
of the risks deescalate to medium or low. This would help ensure the security of the virtual
environment for guest operating systems, clients, and all relevant stakeholders in relation to the
organization’s regulations and policies.
This is supported by the observation of Kent et al., (2011) that most of the performance and
security issues can be attributed to a lack of adequate planning and management controls.
Such steps, which have been taken, result in a maximization in security of the infrastructure and
a further minimization of costs in the long term as well. This will be because much fewer security
issues are likely to be raised after deploying the secure virtualized environment and the costs
associated with addressing breaches is much higher after deployment than during the initial
implementation.

Summary
A comprehensive risk assessment was done on behalf of ABC Insurance Company whereby the
vulnerabilities associated with the IT system to be implemented (virtualization) were identified.
The likelihood of each vulnerability being exploited as well as the potential adverse impacts
were also discussed before the risk level of each vulnerability was assessed based on the
likelihood and potential impacts. Finally, strategies to mitigate and control the risks are
presented. After weighing all the factors discussed, it was recommended that ABC Insurance
goes ahead with the migration to a virtualized environment while taking special care to ensure
that the initial setup is carefully done to safeguard all their crucial assets.
List of References

Buch, D. and Bhatt, H., 2018. Taxonomy on Cloud Computing Security Issues as Virtualization
Layer. International Journal of Advanced Research in Engineering and Technology (IJARET),
9(4), pp.50-69.
Kent, K., Souppaya, M. and Hoffman, P., 2011. Guide to security for full virtualization
technologies. Gaithersburg, MD: U.S. Dept. of Commerce, National Institute of Standards and
Technology, pp.3-1, 3-2.
Lambropoulos, G., Mitropoulos, S. and Douligeris, C., 2021. Improving Business Performance
by Employing Virtualization Technology: A Case Study in the Financial Sector. Computers,
10(52), p.4.
Lee, Y., Kim, H. and Kim, B., 2015. Desktop Computer Virtualization for Improvement Security,
Power Consumption and Cost by SBC (Server Based Computer). International Journal of
Security and Its Applications, 9(5), p.141.
Moghadam, S., 2013. A survey of virtualization security. International Journal of Scientific &
Engineering Research, 4(9), pp.1533-1536.
Nagireddi, V., Jindal, R. and Mishra, S., 2013. Security Issues in Server Virtualization
Environment. International Journal of Advanced Research in Computer Science, 4(3), pp.266-
270.
Noura, M., Mohammadalian, S., Fathi, L. and Torabi, M., 2013. Secure Virtualization for Cloud
Environment Using Guest OS and VMM-based Technology. 2013, 1(2), pp.61-67.
Sabahi, F., 2012. Secure Virtualization for Cloud Environment Using Hypervisor-based
Technology. International Journal of Machine Learning and Computing, 2(1), pp.39-42.
Sligh, D. and Owusu, T., 2014. Considerations for Employing Server Virtual
Technologies. Issues in Information Systems, 15(1), pp.418-426.
Stoneburner, G., Goguen, A. and Feringa, A., 2002. Risk management guide for information
technology systems. Gaithersburg: U.S. Dept. of Commerce, National Institute of Standards and
Technology, pp.1-36.
Tayab, A., Junaid, Talib, W. and Fuzail, M., 2015. Security Challenges for Virtualization in
Cloud. Technical Journal, University of Engineering and Technology (UET) Taxila, Pakistan,
20(3), p.113.