| SPDX-FileCopyrightText | SPDX-License-Identifier | title | author | footer | description | keywords | color | class | style | ||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
© 2022 Menacit AB <foss@menacit.se> |
CC-BY-SA-4.0 |
Virtualisation course: Security benefits |
Joel Rangsmo <joel@menacit.se> |
© Course authors (CC BY-SA 4.0) |
How virtualisation helps organisations build and operate more secure systems |
|
#ffffff |
|
section.center {
text-align: center;
}
|
- A smaller attack surface
- Fewer privileged users per system
- Tighter network restrictions
- Easier anomaly and intrusion detection
Qubes OS and unikernels such as MirageOS represent the logical extreme of these arguments.
Snapshots enable a more aggressive security patching process.
Properly cleaning up a hacked server is no trivial task - neither is forensics.
Modifications and malware cannot only hide in the OS, but also in firmware and OoB mechanisms.
