Virtual machines and their disk images are simply files residing somewhere. So I supposed this means that, for example, a stopped VM is potentially accessible on a file system. What could an attacker learn from the virtual image that might undermine security - especially given that cloud technologies are built on VMs
Asked
Active
Viewed 139 times
2
-
Ask yourself what an attack can do with an exact copy of your computer or server. – Jarrod Christman Dec 17 '21 at 00:03
1 Answers
3
An attacker that grabs a disk image can take a lot of things:
- credentials
- source code
- database data
- configuration files
- log files
- application files
- passwords
It can make a copy of the disk image, start it somewhere, and have a deep understanding of everything inside, and that simplifies the process of finding vulnerabilities.
Extensive data leakage would be the result, and it's as bad as it can get.
ThoriumBR
- 53,925
- 13
- 135
- 152
-
I'm surprised passwords are stored in there? What type of passwords are we talking about and why on earth would they be there? – Beginner Dec 16 '21 at 22:15
-
1@Beginner A virtual machine is just an operating system. The operating system you are using right now is storing passwords. – Dec 16 '21 at 22:25
-
@beginner, a VM image is basically a virtual hard drive, so whatever your server/computer has on it, so does the image file. Heck, a lot of backup software even gives the ability to boot into a VM of the backup. – Jarrod Christman Dec 17 '21 at 00:05
-
@Beginner Passwords for database access, passwords for any proxy, OS user passwords, application passwords... – ThoriumBR Dec 17 '21 at 01:48
-
Thanks folks. I don’t think I appreciated the gravity of risk posed by a stolen VM snapshot. If I was a cloud customer I think I’d be very uncomfortable about having little control over it (in PaaS and SaaS, and would want strong controls in IaaS) – Beginner Dec 18 '21 at 16:53