Skip to main content

Virtualization: Why legacy security measures won't apply


David Firth @ Siemans talks about it:

One of the great benefits of virtualisation as mentioned is the pooling of resources with the ability to re-deploy VMs ‘on the fly’. It is easy to create ‘Gold’ master VM images and replicate these as needed to increase computing resources. VM’s can be deployed instantly and shuffled around the infrastructure in a similar way as transferring files, however managing change and introducing security into this mix becomes incredibly complex.

Attacks on virtualised systems have so far been few and far between mainly due to only recent adoption, however the number of installed systems is set to double by 2012 and proof of concept attacks are already in existence. Attacks on virtual systems can come from an extension of older forms of attack such as Denial of Service (DoS), buffer overflows, spyware, rootkits and/or Trojans – all prone to lurk beneath guest operating systems.

Additionally new specific attacks include those from worms, guest hopping, Hypervisor malware and Hyperjacking all involving the Hypervisor itself being exploited and used to subvert each VM it controls. As the volume of virtualised software increases more exploits will be written and they in turn will become increasingly insidious (potentially compromising several VM systems at once).

In the recent rush to deploy virtualisation technologies, cost and mobility have been the top priorities and many other implications (such as security, integration, management etc..) have still to be worked out. Existing security technologies typically revolve around static and IP based controls (be they firewalls, IDS’s, VLAN’s etc..) however with the erosion of technology tied to a particular location, the tracking of IP or static based identifiers is no longer sufficient, indeed most network and admission control technologies are not virtualisation aware.


See the full article here and you will see Siemens and others ay the InfoSecurity in April.

Comments

Popular posts from this blog

DeepLearningTrucker Part 1

Redhot Future Of IT Part I :Marketing yourself as IT professional

I had promised about the "RedHot IT Future Series" and so we discuss here how you should market yourself EFFECTIVELY as an IT professional in this new (and dangerous) web age! Web is the place where you're a hero today and villain tomorrow. While there are lots of professionals who are active on the web, not all are enjoying a good reputation as they got "personal" with others and got into a cockfight. The passive IT professional has nothing to lose but nothing to gain at all!

I know "marketing" might seem as a greasy term but the idea is to have the truth about you out there. You know you're a good person and your family knows that you're really smart person but the rest of the world doesn't!

So the question is how do I market myself on the web as a true "nouveau IT professional". A guy who companies will be tempted to pick up the phone as say "Hey, we wanna talk with you. Can you fly over to Palo Alto (or Guatemala or Johan…

Avastu Blog is migrating to IdeationCloud.com; 1st Jan 2009 live

YOU DON'T HAVE TO DO ANYTHING. WITHIN 2 SECONDS YOU WILL BE REDIRECTED TO THE NEW HOME OF AVASTU BLOG. PLEASE DO UPDATE AVASTU BLOG'S URL to : http://www.ideationcloud.com on your website.

I will send out emails personally to those who are using my link(s) on their sites.

Thanks much for your co-operation and hope you enjoy the new site and its cool new features :-)




Not like the site is unlive or something..on the contrary, its beginning to get a lot of attention already. Well most of the work is done, you don't have to worry about anything though:

What won't change

Links/Referrals: I will be redirecting the links (all links which you may have cross-posted) to IdeationCloud.com - so you don't have to do anything in all your posts and links. Although, I would urge however that you do change the permalinks, especially on your blogs etc yourselfThis blog is not going away anywhere but within a few months, I will consider discontinuing its usage. I won't obviously do …