Skip to main content

How safe is VMware's hypervisor?

This article comes just about in time. today I was having a discussion with my colleague about why we should start putting the security and start hardening the ESX hypervisor against any malicious attacks/hacks.

I (and some other colleagues) have rewritten our "Virtualization: Design Guide" completely and I was the guy pushing the security into our every other deployments.

There is one thing for sure: "There will be a breach somewhere, The 451Group has predicted that a malicious ESX hack is coming, Joanna did also talk about the Escape phenomena.

I think the thinning of the TSA (Threat Surface Area) with ESX 3i will help the decrease the chances of the attack/hack getting thinner but a mere statement that: "Since the TSA footprint is much smaller, we are a lot safer than yesterday" is like hoping that a nuclear warhead will not hit your country since you are so small, and trust me you will feel nuked when that happens in your data center!

So my adivce to all firms, SIs, Consultants etc is to start looking of securing the ESX by taking security as a standard default option. today it may be you key differentiator against the "just-install-default" guys, tomorrow you will not be able to do without it.

Anyways this is too an interesting:

VMware is increasingly holding out ESX as a safer alternative for enterprise computing. It provides a hypervisor that runs directly on top of the hardware and in turn allows one or more "guest" operating systems to run above. VMware says the hypervisor provides an additional layer of protection that is much more resistant to malware than various operation systems. What's more, the hypervisor can sit below the OSes and perform various tasks such as malware detection and patch monitoring.

If the dissenters sound skeptical that hypervisor is impervious, they have their reasons. Poor said his firm received $1.2m from the Department of Homeland Security to look for ways attackers can penetrate hypervisors and ways security researchers can detect and prevent such escapes. Because the two years worth of research is under lock and key, Poor could only say: "We were successful in all three."

And it was only last month that researchers from Core Security Technologies found a bug in VMware's desktop virtualization applications that in some cases allowed attackers to take complete control of the underlying PC. While the vulnerability didn't affect the hypervisor in ESX, it did demonstrate that the protective layer in related VMware products wasn't always as secure as some researchers assumed.



Read the rest at El Reg.

Comments

Popular posts from this blog

Get Vyatta Virtual Appliance, now VMware certified!

We all know Vyatta, don't we?

Vyatta, the leader in Linux-based networking, today announced that its open-source networking software has received VMware Virtual Appliance Certification, thereby providing customers with a solution that has been optimized for a production-ready VMware environment. The company also announced it has joined the VMware Technology Alliance Partner (TAP) Program. As a member of TAP, Vyatta will offer its solutions via the TAP program website. With the Vyatta virtual appliance for VMware environments, organizations can now include Vyatta’s router, firewall and VPN functions as part of their virtualized infrastructure.

Vyatta combines enterprise-class routing and security capabilities into an integrated, reliable and commercially supported software solution, delivering twice the performance of proprietary network solutions at half the price. Running Vyatta software as virtual appliances gives customers many more options for scaling their data centers and cons…

3PAR adds native LDAP support to simplify administration

3PAR®, the leading global provider of utility storage, announced today native support for lightweight directory access protocol (LDAP). Support for LDAP enables centralized user authentication and authorization using a standard protocol for managing access to IT resources. With 3PAR’s support for LDAP, customers are able to now integrate 3PAR Utility Storage--a simple, cost-efficient, and massively scalable storage platform—with standard, open enterprise directory services. The result is simplified security administration with centralized access control and identity management.

“3PAR Utility Storage already provides us with a reliable, shared, and easy-to-use consolidated storage platform,” said Burzin Engineer, Vice President of Infrastructure Services at Shopzilla. "Now, with 3PAR support for LDAP, managing security commonly--across all our resources, including storage--is also simple and efficient.”

Press Release

DeepLearningTrucker Part 1