Virtualization: Risks and Mitigation Strategies in IT Risk Management
VerifiedAdded on 2024/07/01
|7
|1397
|371
AI Summary
This assignment explores the concept of virtualization, its characteristics, and the associated risks. It delves into real-world threats within virtual environments and examines various types of virtualization. The paper also discusses risk mitigation strategies, including complex infrastructure, organization, overflow management, and security patches. By understanding these aspects, organizations can effectively manage and mitigate risks associated with virtualization.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
ITC 596
IT RISK MANAGEMENT
ASSIGNMENT 1
IT RISK MANAGEMENT
ASSIGNMENT 1
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Topic Name: Virtualization
INTRODUCTION
According to Microsoft (2018), Virtualization is a technique that is used for the creating a
simulated environment or sometimes called as a Virtual Environment. It is opposite of the
Physical Environment in which there is need of the Physical Components locally. Mostly the
Virtualization includes Operating System, Hardware, Storage Devices that are computer
generated. This helps in making partition for the each and every single physical machine to be
distributed as a bunch of Virtual machines. The Created Virtual machines could be used a
different machine. Also, every virtual machine could have a different set of configurations.
Simpler terms, Virtualization is a technique that is used to create a virtual environment using the
physical or host system resources. It is helpful as it gives you the advantage to access different
type of Operating System over one single machine.
Characteristics of Virtualization:
Encapsulation: Most Virtual Machines are stored in the physical system as one single file
this makes the identification of the machines easier. So, the encapsulation of those Virtual
Machines could be represented as a whole entity. So, it increases the protection of the
application as they cannot infer with each other processes.
Partitioning: In a Virtual Environment, a single host system could be partitioned between
different applications and the Operating systems.
Isolation: In the Virtual Environment, each Virtual Machine Instance is stored in a way
that it does not affect other virtual machines. Due to this Characteristic if one instance of
the Virtual Machine Fails it does not affect other Virtual Machines.
Flexible: The Virtual machine Servers are Flexible as they could be configured according to
the needs of the software or the production.
Scalable: It is very Important characteristics in the Virtualization. One can easily scale up
or scale down the system according to the needs.
Other characteristics include Accessibility, Efficiency, Security within the Virtual Machines
(Sareen, 2013).
Risk Associated with Virtualization:
Loss of Sensitive Data stored within the Virtual Machine
Compromisation of Hypervisor Security
Use of Self-Service Portal for the hijacking
Over-allocation of the Resources
Resources Exhaustion via various Virtual Machines
Risk arises due to the API’s provided by the Cloud Service Provider
INTRODUCTION
According to Microsoft (2018), Virtualization is a technique that is used for the creating a
simulated environment or sometimes called as a Virtual Environment. It is opposite of the
Physical Environment in which there is need of the Physical Components locally. Mostly the
Virtualization includes Operating System, Hardware, Storage Devices that are computer
generated. This helps in making partition for the each and every single physical machine to be
distributed as a bunch of Virtual machines. The Created Virtual machines could be used a
different machine. Also, every virtual machine could have a different set of configurations.
Simpler terms, Virtualization is a technique that is used to create a virtual environment using the
physical or host system resources. It is helpful as it gives you the advantage to access different
type of Operating System over one single machine.
Characteristics of Virtualization:
Encapsulation: Most Virtual Machines are stored in the physical system as one single file
this makes the identification of the machines easier. So, the encapsulation of those Virtual
Machines could be represented as a whole entity. So, it increases the protection of the
application as they cannot infer with each other processes.
Partitioning: In a Virtual Environment, a single host system could be partitioned between
different applications and the Operating systems.
Isolation: In the Virtual Environment, each Virtual Machine Instance is stored in a way
that it does not affect other virtual machines. Due to this Characteristic if one instance of
the Virtual Machine Fails it does not affect other Virtual Machines.
Flexible: The Virtual machine Servers are Flexible as they could be configured according to
the needs of the software or the production.
Scalable: It is very Important characteristics in the Virtualization. One can easily scale up
or scale down the system according to the needs.
Other characteristics include Accessibility, Efficiency, Security within the Virtual Machines
(Sareen, 2013).
Risk Associated with Virtualization:
Loss of Sensitive Data stored within the Virtual Machine
Compromisation of Hypervisor Security
Use of Self-Service Portal for the hijacking
Over-allocation of the Resources
Resources Exhaustion via various Virtual Machines
Risk arises due to the API’s provided by the Cloud Service Provider
Real Threats within the Virtual Environment:
Infecting the Virtual Machines using the Malware
Malware from One Virtual Environment starts to infect the Host Servers
Data Loss due to Ports Hijacking
When the different Virtual Environments are associated with the different levels of trust
Pathway hijacking from public cloud to the hybrid cloud system (Lombardi & Di Pietro,
2014).
Types of Virtualization:
Hardware Virtualization
Desktop Virtualization
Nested Virtualization
Cloud Virtualization
Software Virtualization
Memory Virtualization
Storage Virtualization
Data Virtualization
Network Virtualization
Risk Alleviation in the Virtualization:
Complex Infrastructure: The more complex network of the Virtual Machines could help to
minimize the risk of exposing to the minimal risks like server hijacking and it could help in
spotting anomalies.
Organization: A development plan needs to be associated with the creation of the Virtual
Environment beforehand
Overflow Management: It is hard to track when a single system has too many Virtual
Environment so a proper flow of management needs to be implied in order to make a
better system.
Security Patches: To minimize the security within the Virtual Environment, the Host
System along with the Virtual Environment needs to improve Security every short span of
time (Yang, Lee & Yoo, 2014).
References:
Microsoft. (2018). Retrieved from https://azure.microsoft.com/en-in/overview/what-is-
virtualization/
Sareen, P. (2013). Cloud computing: types, architecture, applications, concerns, virtualization
and role of it governance in cloud. International Journal of Advanced Research in Computer
Science and Software Engineering, 3(3).
Infecting the Virtual Machines using the Malware
Malware from One Virtual Environment starts to infect the Host Servers
Data Loss due to Ports Hijacking
When the different Virtual Environments are associated with the different levels of trust
Pathway hijacking from public cloud to the hybrid cloud system (Lombardi & Di Pietro,
2014).
Types of Virtualization:
Hardware Virtualization
Desktop Virtualization
Nested Virtualization
Cloud Virtualization
Software Virtualization
Memory Virtualization
Storage Virtualization
Data Virtualization
Network Virtualization
Risk Alleviation in the Virtualization:
Complex Infrastructure: The more complex network of the Virtual Machines could help to
minimize the risk of exposing to the minimal risks like server hijacking and it could help in
spotting anomalies.
Organization: A development plan needs to be associated with the creation of the Virtual
Environment beforehand
Overflow Management: It is hard to track when a single system has too many Virtual
Environment so a proper flow of management needs to be implied in order to make a
better system.
Security Patches: To minimize the security within the Virtual Environment, the Host
System along with the Virtual Environment needs to improve Security every short span of
time (Yang, Lee & Yoo, 2014).
References:
Microsoft. (2018). Retrieved from https://azure.microsoft.com/en-in/overview/what-is-
virtualization/
Sareen, P. (2013). Cloud computing: types, architecture, applications, concerns, virtualization
and role of it governance in cloud. International Journal of Advanced Research in Computer
Science and Software Engineering, 3(3).
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Yang, H., Lee, D., & Yoo, S. (2014). A study on stable web server system using virtualization
technology against attacks. Multimedia Tools And Applications, 74(16), 6381-6390. doi:
10.1007/s11042-014-2109-9
Lombardi, F., & Di Pietro, R. (2014). Virtualization and Cloud Security: Benefits, Caveats, and
Future Developments. Computer Communications And Networks, 237-255. doi: 10.1007/978-3-
319-10530-7_10
technology against attacks. Multimedia Tools And Applications, 74(16), 6381-6390. doi:
10.1007/s11042-014-2109-9
Lombardi, F., & Di Pietro, R. (2014). Virtualization and Cloud Security: Benefits, Caveats, and
Future Developments. Computer Communications And Networks, 237-255. doi: 10.1007/978-3-
319-10530-7_10
Topic Name: Pageup Data Breach
Introduction:
PageUp is an Australian Organization that helps in managing the Data of applicant for the ease of
HR, they provide software that is managed by various companies for the Recruitment process. On
May 23, 2018, the company data was compromised when the unauthenticated person gets the
access to the PageUp mainframe and get the information of more than hundreds and thousands
of job applicants got leaked. It happened during a meetup when much more applicant has applied
for the recruitment process. According to PageUp, even if the application was sent for the
reference checking all the details related to the application of the applicant was compromised
and hacked. The Data Breach has exposed massive data on the applicants including their Date of
Birth, Cell Numbers, Home Address, Job Location, and so on. PageUp reported this to the
Australian Cyber Security Centre (ACSC) about this security breach and they are getting help with
other cyber-crime organization for this data breach.
How Did it happen?
This data breach happened without the knowledge of the PageUp Security team as an
Unknown/Unauthenticated Person go the access to the PageUp mainframe somehow and leaked
the information of thousands of users of PageUp. As the PageUp store, sensitive data like Date of
birth, Address, Cell Number, Financial Details of the Applicants this attack it could harm the users
on personal level as the hacker might use it for the personal gain. As per the PageUp, the attack
was contained and they claim it is safe to use now. They also suggest the users go through the
necessary steps for securing their accounts.
Exposure of Vulnerabilities:
The vulnerabilities that are exposed during this attack was:
Cloud Storage: The Data that was stored on the cloud was highly vulnerable and was
jeopardise at first and was leaked.
Use of third-party service provides for the data analysis and the data management
Another cause could be the inner hacking of the mainframe, meaning any employee use
the access token in an unauthenticated manner
As there was rush in the application of the applicants there might be a possible chance
that the PageUp corporation is using some measure that was not tested and lead to the
exposure of the system to unauthenticated person (Davies, 2018)
Recommendation by the Company
For those who think their accounts are hacked, company official said:
Change password for the PageUp account
Introduction:
PageUp is an Australian Organization that helps in managing the Data of applicant for the ease of
HR, they provide software that is managed by various companies for the Recruitment process. On
May 23, 2018, the company data was compromised when the unauthenticated person gets the
access to the PageUp mainframe and get the information of more than hundreds and thousands
of job applicants got leaked. It happened during a meetup when much more applicant has applied
for the recruitment process. According to PageUp, even if the application was sent for the
reference checking all the details related to the application of the applicant was compromised
and hacked. The Data Breach has exposed massive data on the applicants including their Date of
Birth, Cell Numbers, Home Address, Job Location, and so on. PageUp reported this to the
Australian Cyber Security Centre (ACSC) about this security breach and they are getting help with
other cyber-crime organization for this data breach.
How Did it happen?
This data breach happened without the knowledge of the PageUp Security team as an
Unknown/Unauthenticated Person go the access to the PageUp mainframe somehow and leaked
the information of thousands of users of PageUp. As the PageUp store, sensitive data like Date of
birth, Address, Cell Number, Financial Details of the Applicants this attack it could harm the users
on personal level as the hacker might use it for the personal gain. As per the PageUp, the attack
was contained and they claim it is safe to use now. They also suggest the users go through the
necessary steps for securing their accounts.
Exposure of Vulnerabilities:
The vulnerabilities that are exposed during this attack was:
Cloud Storage: The Data that was stored on the cloud was highly vulnerable and was
jeopardise at first and was leaked.
Use of third-party service provides for the data analysis and the data management
Another cause could be the inner hacking of the mainframe, meaning any employee use
the access token in an unauthenticated manner
As there was rush in the application of the applicants there might be a possible chance
that the PageUp corporation is using some measure that was not tested and lead to the
exposure of the system to unauthenticated person (Davies, 2018)
Recommendation by the Company
For those who think their accounts are hacked, company official said:
Change password for the PageUp account
If the password for any social media account is same as the previous PageUp account.
Change it also.
2 step verification needs to be enabled if was not enabled previously
Do not respond to the potential phishing emails
Install Reliable Antivirus on the system
Patch the Operating System with the recommended application or software
(Pageuppeople, 2018)
Data that might be lost:
According to the PageUp, the following data might have been compromised:
Employees data of PageUp
Clients Data of PageUp
Job References of those Clients
Agencies details (Pageuppeople, 2018)
References:
Pageuppeople. (2018). Pageuppeople.com. Retrieved 28 July 2018, from
https://www.pageuppeople.com/unauthorised-activity-on-it-system/
Davies, A. (2018). PageUp data breach: thousands of job seekers' details potentially
exposed. the Guardian. Retrieved 28 July 2018, from
https://www.theguardian.com/technology/2018/jun/07/thousands-of-job-seekers-details-
potentially-exposed-in-hack
Change it also.
2 step verification needs to be enabled if was not enabled previously
Do not respond to the potential phishing emails
Install Reliable Antivirus on the system
Patch the Operating System with the recommended application or software
(Pageuppeople, 2018)
Data that might be lost:
According to the PageUp, the following data might have been compromised:
Employees data of PageUp
Clients Data of PageUp
Job References of those Clients
Agencies details (Pageuppeople, 2018)
References:
Pageuppeople. (2018). Pageuppeople.com. Retrieved 28 July 2018, from
https://www.pageuppeople.com/unauthorised-activity-on-it-system/
Davies, A. (2018). PageUp data breach: thousands of job seekers' details potentially
exposed. the Guardian. Retrieved 28 July 2018, from
https://www.theguardian.com/technology/2018/jun/07/thousands-of-job-seekers-details-
potentially-exposed-in-hack
1 out of 7
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.