Book Image

Hyper-V Security

By : Eric Siron, Andy Syrewicze
Book Image

Hyper-V Security

By: Eric Siron, Andy Syrewicze

Overview of this book

Hyper-V Security is intended for administrators with a solid working knowledge of Hyper-V Server, Windows Server, and Active Directory. An administrator with a functional environment will be able to use the knowledge and examples present in this book to enhance security.
Table of Contents (10 chapters)
9
Index

Leveraging Generation 2 virtual machines


A new feature of Hyper-V in the 2012 R2 series is Generation 2 virtual machines. While the traditional virtual machine uses an emulated BIOS, these make use of the newer, more efficient and robust Unified Extensible Firmware Interface (UEFI) model. The greatest benefit of using these virtual machines is quicker boot up times. They don't offer a great deal more than that and almost nothing in terms of security. A Generation 2 virtual machine doesn't use emulated hardware, so a compromise of vmwp.exe would theoretically have less impact on a Generation 2 guest. However, the likelihood of such a compromise is so low that this is of little concern.

What the Generation 2 VM does offer in terms of security is Secure Boot. Secure Boot is an agreement between the firmware and the boot image whether it is a DVD, hard drive file, or PXE image. This is handled by a PKI configuration in which the firmware can recognize the digital signatures presented by the boot...