- More porn sneaks onto the iPhone
- 'Swatting' case shows need to ban caller-ID spoofing
- Why the iPhone can't be "killed"
- Nortel enterprise chief wants to bring back Bay
- US sets final emergency responder wireless pilot
 |
|
For years, Inttra, an e-commerce logistics provider to the world’s largest cargo-shipping organizations, has been using virtualization on its back-end IBM mainframe and Citrix Systems servers in a secure environment. Now the Parsippany, N.J., company primarily uses IBM blade servers running virtual Linux machines. VMware’s virtualization technology on an Intel platform powers this New Data Center infrastructure.
Other stories on this topic
Is virtualization bad for security?
Read the story (3/19/07) | Cast a vote
Virtual security virtually missing
04/18/07
Security and virtualization
03/19/07
 E-Mail article |
|
 Print article |
|
 Contact author |
 Reprint |
 AIM article |
 del.icio.us |
 Reddit |
 Digg |
 Stumble |
 Slashdot It! |
John Debenedette, Inttra’s vice president of IT, says he believed he could keep a virtualized data-center environment secure while emulating established best practices. He’s not ready, however, to risk running virtual Web servers outside his DMZ. Nor is he ready to allow virtual machines on the endpoints, which are harder to control.
“You can follow best practices on all of your virtual machines. But at the end of the day, you’re putting a lot of trust in the virtual-machine platform layer itself,” Debenedette says. “This layer — also called the hypervisor, the virtual kernel or virtual-machine monitor — sits between the hardware and all its device drivers, including the operating system, which puts it in a very authoritative position.”
Security watchers have not confirmed any exploits at this layer; but virtual-machine-aware malware, such as RedPill, and virtual-machine rootkits, such as BluePill, are common. Debenedette rightfully frets about this new platform layer: It’s a vector into which virtual-machine malware writers are trying to break, experts say (see graphic "Danger at the hypervisor").
In this virtual environment, effective security best practices are sorely needed. In addition to physical machines, virtual machines must be managed and secured. Network defenses must be tuned to watch for rogue traffic on them. And the virtual-machine layer must be built safely and defended from up-and-coming forms of attackware.
The Leader in Network Knowledge
Partner Content
Explore the Ultrium Edge
The powerful tape technology can address data security with tape encryption as well as long term data protection.
Find Out More
Disk and Tape Square Off
Discover what disk and tape really cost and which solution provides lower total cost of ownership and optimizes energy use for your organization
Download this White Paper
Don't Fall for the Myths
The Clipper Group explores the truth behind the myths of tape, digging into the misconceptions in the disk vs. tape debate.
Review this information
information examination
An examination of information security issues, methods and securing data with LTO-4 tape drive encryption
Read this analysis
Comments (2)
Hardening VMWare serversBy Phil on August 22, 2007, 4:20 amWe use a programme called STAT from Patchlink - ex-Harris to harden our servers. We couldn't even attach to our VMWare boxes to attempt the hardening process. ...
Reply | Read entire comment
RE: Virtualization security needed ? now!By frivera on August 20, 2007, 7:39 pmFYI
Reply | Read entire comment
View all comments