What is the name of the software that lets you run multiple operating system?

Virtualization and guest OS

Virtualization technology allows a single computer to run more than one OS at the same time. Thus, a single physical machine can be configured as multiple VMs. These VMs are isolated sections of hardware with storage, processing, memory and network capacity. Virtualization also allows resource sharing between the host OS and guest OS.

A guest OS provides an additional OS for applications and is required before a VM can be deployed. It can be used for testing by developers without impacting anything outside that VM, such as the data already in production use. An example of a guest OS would be Windows Server 2022 in a VM created by the VMware ESXi hypervisor. Another example would be Boot Camp, which allows Mac users to run a Windows OS as the guest OS within a VM on their Mac.

A guest OS on a VM can be different from the host OS. But when the guest is deployed on a partitioned disk, the guest OS must be the same as the host OS. So, if the host is running Windows, then any guest OS on a partitioned disk must also run Windows.

How does a guest OS differ from a host OS?

A guest OS is installed on a VM, while the host OS is installed on and runs the computer (host). The host OS also interacts with the underlying hardware. There can be multiple guest operating systems running on a computer, while the host is usually restricted to one OS.

A physical server can have multiple VMs, with each VM running its own guest OS. One guest OS could be Windows, while another could be Ubuntu or Linux, for example. The guest OS and host OS are separate and operate independently of each other. They can run simultaneously, although the host OS must be started first.

A Type 1 hypervisor (bare-metal hypervisor) can create VMs, which can run guest OSes. In other words, the guest OS is delivered in a VM environment through a hypervisor. The host OS will run on the host machine and the guest OS operates within it, which can limit file saving and other operations in the VM.

Advantages of a guest OS

Since a guest OS operates independently of the host OS, one of its significant advantages is that it allows programs or applications to run that are not compatible with, or cannot run in the host OS. A guest OS features a "lean" build which helps alleviate memory and other system requirements in a virtualization environment.

Additionally, a guest OS comes in handy to test programs or applications, and run them if they require different operating systems, on the same machine or hardware.

Installing a guest OS through an ISO image

There are several ways to install a guest OS on a virtual machine, including the following:

• Installer disc: CD-ROM or DVD-ROM;
• ISO image file, an OS file stored on an optical disc; and
• PXE server, a preboot execution environment downloaded from the network.

Explore the difference between Type 1 and Type 2 hypervisors and what to know for your virtualized storage selection process. Also, see how microservices and containers work apart and together, how to design your systems with virtualization architecture in mind and some examples of embedded hypervisors.

In short, Snort is a packet sniffer/packet logger/network IDS. However, it's much more interesting to learn about Snort from its inception rather than just to be satisfied with a brief definition.

Snort was originally intended to be a packet sniffer. In November 1998, Marty Roesch wrote a Linux-only packet sniffer called APE. Despite the great features of APE, however, Roesch wanted a sniffer that also does the following tasks:

▪

Works on multiple OSes

Uses a hexdump payload dump (tcpdump later had this functionality.)

Displays all the different network packets the same way (tcpdump did not have this feature.)

Roesch's goal was to write a better sniffer for his own use. He wrote Snort as a libcap application, which gives Snort portability from a network filtering and sniffing standpoint. At the time, only tcpdump was also compiled with libcap, so this gave the system administrator another sniffer with which to work.

Snort became available at Packet Storm (www.packetstormsecurity.com) on December 22, 1998. At that time, Snort contained only about 1,600 lines of code and had a total of two files. This was about a month after Snort's initial inception, and Snort was only used for packet sniffing at that point. Roesch's first uses of Snort included monitoring his cable modem connection and for debugging network applications he coded.

The name Snort came from the fact that the application is a “sniffer and more.” In addition, Roesch said that he has too many programs called a.out, and all the popular names for sniffers like “TCP-something” were already taken.

Snort's first signature-based analysis (also known as rules-based analysis within the Snort community) became a feature in late January 1999. This was Snort's initial foray down the path of intrusion detection, and Snort could be used then as a lightweight IDS.

By the time Snort Version 1.5 came out in December 1999, Roesch had decided on the Snort architecture that is currently being used in the Version 2.x code train (although it has been heavily rewritten and optimized since then to increase performance and stability among other things). After Version 1.5 was released, Snort was able to use all the different plug-ins that are available today.

However, Snort took a backseat to another IDS Roesch was working on for a commercial IDS start-up. That start-up took a sharp nosedive, and Roesch found himself unemployed. Because of Snort's increasing popularity, Roesch thought that it was time to work on Snort and make it easier to configure and get it working in an enterprise environment.

While working on Snort, Roesch discovered that working on coding and support for Snort was becoming a full-time job. In addition, he knew that if he could make Snort work for the enterprise, people would invest money in Snort and support for it. Roesch started Sourcefire from this idea. Sourcefire hired most of the core team members who developed Snort. However, Snort is still open source and will stay that way. Sourcefire has put a lot of work into Snort, but it's not Sourcefire's sole property. Although Sourcefire writes and supports Snort in a commercial release, there will be always be a GNU release of Snort available. The current version of Snort at press time is 2.6.0.2.

In addition to the addition of rules-matching IDS capability in the early development history of Snort, Snort has gone though a more in-depth evolution in other areas of its architecture as well. Snort did not start out with preprocessing capability, for example, nor did it start out with plug-ins. Over time, Snort grew to have improved network flow, plug-ins for databases such as MySQL and Postgres, and preprocessor plug-ins that check protocol implementations for common network protocols like HTTP or RPC, packet assembly, stream and flow assembly, and port scanning before the packets are sent to the rules to check for alerts.

Snort keeps everyone on the latest version by supporting the latest rules only on the latest revision. Rules may be downloaded from snort.org, and they are certified by Sourcefire's Vulnerability Research Team (VRT). Snort users who care to register with Sourcefire can download rule updates from the site, but there will be rule upgrades released with each major version of Snort for those who do not care to register for more frequent updates from the VRT.

Regarding rules, as time progressed, so did the number of rules. The size of the latest rules you download is increasing with the number of exploits available. As a result, the rules became organized by type, as they are now. The rule types include P2P, backdoor, distributed denial-of-service (DDoS) attacks, Web attacks, viruses, and many others. These rules are mapped to a number that is recognized as a type of attack or exploit known as a Sensor ID (SID). For example, the SID for the SSH banner attack is 1838.

Because of Snort's increasing popularity, other IDS vendors are adopting a Snort rule format. TCPDump adopted the hex encoding for packets, and community support is ever increasing. There are two major mailing lists for Snort:

▪

One on Snort's usage and application

http://lists.sourceforge.net/lists/listinfo/snort-users

One dedicated entirely to the Snort rules

http://lists.sourceforge.net/lists/listinfo/snort-sigs

There are also a number of smaller or forked Snort discussion mailing lists and forums, such as the resources for incident responders writing rules for new malware at www.bleedingthreats.net/.

Operating systems

Modern organizations often use multiple operating systems to support different systems and computing needs, most commonly including Microsoft Windows, various versions of Unix or Linux, and vendor- and platform-specific alternatives such as z/OS for IBM mainframe computers. Operating systems are highly customizable and can be implemented differently across organizations or within the same organization. To improve maintainability, administration, security, and support, organizations often standardize operating system configurations for servers, desktop and laptop computers, and mobile devices. Many operating system vendors offer configuration recommendations intended to optimize security or suitability for different uses. In the United States, both the military and civilian branches of government maintain secure configuration standards for specific operating system versions and publish configuration specifications that any organization can use [13,14]. Operating system audits confirm the use and appropriate configuration of operating systems on different computing platforms deployed within organizations.

Solutions Fast Track

Building an Attack Machine

The key is flexibility.

The ability to run multiple operating systems (sometimes simultaneously) is a must, whether it be via virtualization, emulation, or porting.

Portability is important in most cases, but remember to backup and encrypt your data.

Hardware is somewhat irrelevant as both PCs and Macs are equally capable in the right hands.

Building a Target Lab

The key is variety.

To emulate the real world, you need a cross section of operating systems, some with dedicated hardware.

Windows and Linux run well on x86 PCs.

Solaris and SunOS are best suited for the SPARC platform.

The best choice for HP-UX and AIX are the PA-RISC and IBM RISC platforms, respectively.

Required Peripherals

Your road kit should contain a combination of backup devices, cables, and other necessities such as desk locks and spare change.

Your lab gear should include power solutions, cabling systems, KVM-style switches (or VNC-style software), printers, hubs, switches, and routers.

Selecting the Target

Each exploit available within the MSF can possibly work against multiple operating systems with different service pack or patch levels. Often, all that is required to make the same exploit work against different operating system versions is to change the return address. This greatly increases the effectiveness of the exploit. To see which targets this exploit works against, we issue the show targets command as shown in Figure 1.10.

In this case, we see that the exploit works against Windows 2000 and Windows XP irrespective of specific service pack levels. We can also choose the target ID as 0, which will let the exploit decide what kind of a target it is up against. This is the option that we shall go with by issuing the set target 0 command.

OpenGraphiti

OpenGraphiti is unix-based tool that works great for multiple operating systems. This python-based tool allows you to graphically represent your network by mapping data flows allowing you to create custom datasets and drill down into a three-dimensional map without the need for or expense of oculus rift goggles. Viewing the multiple subnets can become visually overwhelming and many people tend to like looking at specific pieces, as it is easier to see the details and decipher what the map is attempting to show.

Two things need to be pointed out in Fig. 8.2. First is that the yellow dots are the nodes or systems on the network and the second that the pink bloom is a representation of an exploit kit. Many botnet trackers depend on this type of technology to track malware in the wild and as it allows the visually inclined analyst to see many problem areas within the environment without having to reformat the same data for other types of analysts with a very small learning curve. With some slight massaging of the data, the analyst is able to view large datasets quickly. This tool is currently being used to track

CryptoLocker and CryptoDefense ransomware, Red October malware, and

the Kelihos botnet; it is also being used in the various Syrian electronic army campaigns and carding sites.

The data visualization of this particular tool relies on a semantic network of relationships between multiple nodes connecting the dots in any relationship in data streams. From the highly complex to just a high-level representation, the analyst can create an immense amount of detail that he or she can show graphically based on the datasets that have been referenced. Please note that this is not entirely automatic and does require an understanding of how to build relational semantic networks.

“OpenGraphiti can apply the algorithms to affect the spatial representation and interconnectivity of the data nodes and edges” (Fig. 8.3).

Virtual machines

As someone who has migrated from one operating system to another I know that it can be very scary to make the switch. This is why I use VirtualBox (http://www.virtualbox.org) to test operating systems before making the switch. On my one (and only) computer I have the ability to work in five different operating systems, concurrently or at different times (see Figure 5.2).

VirtualBox allows you to create multiple virtual machines that make use of your primary machine’s hardware while running different software applications. This means that you can install VirtualBox on Windows or Mac OS and then install Ubuntu on it to learn how to use a different operating system before making a blind switch. It also means if you switch to Ubuntu you can still run Windows or Mac OS using VirtualBox.

This would allow libraries that teach technology classes to teach patrons to use multiple operating systems without having multiple operating systems running the machines in the library. As Heather mentions in her summary of VirtualBox, this is not the kind of application that you will use all of the time, but it is a great time and money saver.

5.2

Open source in the real world: VirtualBox

Why did you decide to use VirtualBox in your library?

The IT department and many of the staff have Macs, but we still need to be able to have ready access to Windows because most of the libraries we provide technology support to and work with are PC-based. BootCamp would work, except we wanted to use Mac and PCs (and other operating systems) side by side. BootCamp is a one-system solution. You can only run one at a time.

Our network administrator, Liz Rea, needed to be able to run multiple virtual servers in the background on her Mac. Initially, we purchased licenses to the Parallels software, but the program turned out to be clunky, slow and buggy. When launching the software, our computers would freeze for 10 minutes and often would require a reboot. We hated it and other staff members hated it. New versions were available but we didn’t want to keep paying for upgrades to the software every time a new version was released, especially when the software never worked well to begin with!

Then we found VirtualBox. We already use a lot of open source software at NEKLS (Koha, WordPress, Firefox and OpenOffice), and so VirtualBox was a natural fit for us. It just works for the times we need it. No freezing or rebooting necessary.

How are you using VirtualBox in your library?

We use it to emulate Windows, Linux flavors and Linux server flavors on Macs. Liz Rea uses it to run a test system of Koha on her iMac so that she can do some testing and figure out the system more.

How long have you been using VirtualBox in your library?

We’ve been using VirtualBox for about a year now. We don’t use it a lot, maybe once or twice a month, but it’s quite helpful when we need it.

Did you have any trouble implementing VirtualBox in your library?

No trouble deploying the software itself. Deploying the operating systems within VirtualBox can be easy or difficult. It depends on the version, and how good VirtualBox’s drivers are for different operating systems. [Author’s note: Both Windows and Ubuntu are supported and easy to install]

What was the process of switching from proprietary to open source like?

The process was easy. No license keys to keep track of or buy (for the emulating software anyway; still needed license keys for the Windows operating systems). VirtualBox ran much faster than Parallels ever did, especially on startup. And, the support on the VirtualBox discussion boards (http://forums.virtualbox.org) was great. Usually a question I had had already been asked there.

Did you have any help installing, migrating to, or setting up VirtualBox?

Nope. The only place I consulted was the VirtualBox website and the discussion forums.

What do you think of VirtualBox now?

Love it. I wouldn’t want it to be the way I would heavily use Windows, but for the times I quickly need to look at Windows or test out a stripped Windows disk or look at a Linux flavor, it works great. I know it can also be used within Linux and Windows, but I have never used it that way so far.

What do others in your library say about VirtualBox?

Liz Rea, the NEKLS System Administrator, loves it, as well. She’s the only other person using it at this time.

Anything else you want us to know about VirtualBox or your process of switching to VirtualBox?

If you’re a Mac user and you have that one Windows app you must always use, as long as it’s not too systemintensive, check out VirtualBox instead of keeping around a Windows computer just for that one application. Also, if you need to test Linux, but don’t have extra hardware lying around, try using VirtualBox to emulate those Linux flavors.

Resources

Terry L. Borden, James. P. Hennessy and James. W. Rymarczyk. Multiple Operating Systems on One Processor Complex, IBM Systems Journal, Volume 26, No. 1, 1989.

Brodkin, John. With Long History of Virtualization Behind It, IBM Looks to the Future. Network World, April 30, 2009.

Hay, Chris and Brian Prince. Azure in Action. Manning Publications, October 15, 2010.

Gerald J. Popek and Robert P. Goldberg. Formal Requirements For Virtualizable Third-Generation Architectures. Communications of the ACM, Volume 17, No. 7, 1974, 412-421.

Wilder, Bill. Cloud Architecture Patterns. O’Reilly Media, September 28, 2012.

Vaquero, Luis, Juan Cáceres, and Juan Hierro. Open Source Cloud Computing Systems. IGI Global, January 31, 2012.

10.2.6 Difficulties

While AMP designs have been around for a long time, the difficulty of integrating multiple operating systems onto a new SoC and platform continues to be a burdensome effort. Figure 10.2 illustrates a few of the design decisions involved when integrating the GPOS and RTOS into a system.

While Figure 10.2 shows only the high-level partitioning of the resources between the GPOS and the RTOS, there are many other areas that must be considered in this integration effort. For instance, the booting strategy for the device must be determined—who boots first, the GPOS or RTOS? Is a boot loader used (none, u-boot, etc.)? How will memory be partitioned and protected between the different operating systems? How can the system be optimized or fine-tuned for the specific platform? These are just a few of the many hard questions that must be answered just to integrate the multiple operating systems on to a single AMP SoC.

Unfortunately, time spent integrating and optimizing this environment detracts from solving the real problem—developing the applications that need to run on the GPOS and RTOS to realize the features of the device being created. This integration effort continues to grow with the ever-increasing feature sets of these designs and with the fast-paced advances in capabilities of the SoCs they execute upon.

Having the ability to purchase such tightly integrated GPOS and RTOS solutions and the development services that can support and optimize these solutions is becoming increasingly important. Access to these solutions and services will allow development teams to focus solely on the problem space being addressed by their device—this problem space find its answer at the application level and consequently, the underlying operating systems and the underlying communication strategy should not be a burden to the application development efforts.

Present Day Messaging Clients

As the years past, the messaging capabilities increased exponentially. Email clients were created for multiple operating system support and the breadth and depth of what they could do grew year by year. In today’s environment email applications are much more complex and robust with endless lists of features that made the early clients obsolete. Modern email clients such as Mozilla’s Thunderbird or Microsoft’s Outlook offer an almost dizzying array of features including multimedia content support, ability to tie into other applications seamlessly, and deep functionality in regards to not only email messaging, but also calendaring, the ability to keep archives and so on. Because of these advanced features, the security needed for these applications grew exponentially as well. An example of a modern email client can be seen in Figure 7.1.

Note

As with all other Microsoft products, you need to make sure that you update your software. Windows Live is no different than any other Microsoft product you install, it will still need to be updated and secured.

With new client support options, you can now use HTML. This provides the ability to add formatting to email such as different text fonts, colors, embedded pictures, and other media types.

You can also get delivery confirmation which is the capability for a sender to receive positive feedback on the delivery status of a message. This feature is different than receiving confirmation that a particular user has opened a message; this feature only states that it has been delivered to their inbox. The newer clients also offer cross platform support. Most, but not all, email clients available today support all platforms and operating systems. For example, Mozilla’s Thunderbird supports all major operating systems of consequence while Microsoft’s Outlook only supports the Microsoft Windows operating system. As you can see, there are many new robust features that are available to increase functionality; however this also increases the threat of being attacked.

For example, most email clients now have scripting support. Modern email clients have been shown to support more scripting languages as discussed in Chapters 4–6. As such scripting embedded in HTML formatted emails can be interpreted by the email client to present content in different ways. Because of this functionality, the same threats we discussed earlier in the book are identical in nature to what you can and will experience with email clients.

Because of these threats, there are many new security features enabled on modern email clients such as digital signature support. This gives you the ability to provide non-repudiation which is the ability to provide proof that a specific user or entity was the originator of an action. There is also enhanced encryption support. This gives you the ability to provide confidentiality to messages so that only the intended recipient or recipients will be able to view the message contents.

Warning

As mentioned with web browsers, email clients provide the same threats such as XSS, scripting attacks, phishing, and so on. Client desktop computers, mobile phones, pads, and any other device with an email client are considered exploitable. Chapter 9 will cover mobile devices in more detail.

Uses

The virtual machine offerings designed for clients are convenient for a number of scenarios. If your environment has to support multiple operating systems, virtual machine software can be used by:

Your Help Desk and support staff so that they can use a single piece of hardware to run different operating systems comparable to what different users have. In this way, the support staff can replicate the user's environment when providing support.

End users during operating system migration. If a particular business application isn't yet supported by more current versions of an operating system, it can challenge efforts to move the whole organization to the later OS version. By using virtual machine software, all users can be migrated to the new OS, and legacy applications can be run on an instance of an older OS.

The training room PCs can run various instances of operating systems, each configured similarly to various user scenarios. This allows the trainers to easily provide training that replicates the various user environments.

Software developers and testers can use virtual machine technology to test their applications easily from varying workstation configurations and environments.

Virtual machine offerings for servers also have distinct benefits and are quickly being embraced by organizations as a way to efficiently consolidate servers. By consolidating servers, the investment in hardware can be reduced. But, perhaps one of the most significant advantages is that it requires less physical space in the data center, and also less cooling and electricity. Virtual machines also let IT quickly create new environments for testing and development without having to buy new hardware. Server environments that are virtualized can be moved easily and quickly to different hardware, which greatly simplifies the effort of optimizing the resources and moving applications to more current hardware.

Also, legacy applications can be run on virtual servers without having to set aside dedicated hardware environments for them. It is important to note that with the growing popularity of virtualization, many software vendors have included specific references to this technology in their licensing agreements so that if you have multiple copies of their software running on virtualized servers, you need to be sure that each instance is licensed properly. The most popular solutions for virtualization are VMware from EMC and Hyper-V from Microsoft.

What is the name of the software that lets you run multiple operating system on a physical server?

What is the name of the software which we can install multiple operating systems?

Can you run multiple operating systems at once?

What is a multi