If you have ever created a fixed-size virtual hard disk that was larger than, oh - 2GB, you probably noticed that it takes quite a while to create. The reason why this takes so long is that when we create a new fixed-size virtual hard disk we take the time to explicitly zero-out all of the disk space that is being assigned to the new file.
Now - we could do this practically instantaneously by not zeroing out the data - but this has an interesting potential security problem.
Imagine the following situation:
- You have a virtual machine with a bunch of confidential data running on a central server (e.g. your company payroll).
- This virtual machine gets moved to a new physical server in response to increased work load.
- You create a new virtual machine which is given to someone on from the in-house dev team - but the virtual hard disk data was not zeroed out.
- Developer then runs data recovery tools on his new, blank virtual machine and is able to recover data from the old payroll server (yikes!)
You see - data is never actually deleted from a disk when a file is moved or deleted (it is just dereferenced) so to avoid the above scenario - we must take the time to "do the right thing" and zero out the VHD contents.
No comments:
Post a Comment