Skip to main content

How safe is VMware's hypervisor?

This article comes just about in time. today I was having a discussion with my colleague about why we should start putting the security and start hardening the ESX hypervisor against any malicious attacks/hacks.

I (and some other colleagues) have rewritten our "Virtualization: Design Guide" completely and I was the guy pushing the security into our every other deployments.

There is one thing for sure: "There will be a breach somewhere, The 451Group has predicted that a malicious ESX hack is coming, Joanna did also talk about the Escape phenomena.

I think the thinning of the TSA (Threat Surface Area) with ESX 3i will help the decrease the chances of the attack/hack getting thinner but a mere statement that: "Since the TSA footprint is much smaller, we are a lot safer than yesterday" is like hoping that a nuclear warhead will not hit your country since you are so small, and trust me you will feel nuked when that happens in your data center!

So my adivce to all firms, SIs, Consultants etc is to start looking of securing the ESX by taking security as a standard default option. today it may be you key differentiator against the "just-install-default" guys, tomorrow you will not be able to do without it.

Anyways this is too an interesting:

VMware is increasingly holding out ESX as a safer alternative for enterprise computing. It provides a hypervisor that runs directly on top of the hardware and in turn allows one or more "guest" operating systems to run above. VMware says the hypervisor provides an additional layer of protection that is much more resistant to malware than various operation systems. What's more, the hypervisor can sit below the OSes and perform various tasks such as malware detection and patch monitoring.

If the dissenters sound skeptical that hypervisor is impervious, they have their reasons. Poor said his firm received $1.2m from the Department of Homeland Security to look for ways attackers can penetrate hypervisors and ways security researchers can detect and prevent such escapes. Because the two years worth of research is under lock and key, Poor could only say: "We were successful in all three."

And it was only last month that researchers from Core Security Technologies found a bug in VMware's desktop virtualization applications that in some cases allowed attackers to take complete control of the underlying PC. While the vulnerability didn't affect the hypervisor in ESX, it did demonstrate that the protective layer in related VMware products wasn't always as secure as some researchers assumed.

Read the rest at El Reg.


Popular posts from this blog

DeepLearningTrucker Part 1

Avastu Blog is migrating to; 1st Jan 2009 live


I will send out emails personally to those who are using my link(s) on their sites.

Thanks much for your co-operation and hope you enjoy the new site and its cool new features :-)

Not like the site is unlive or something..on the contrary, its beginning to get a lot of attention already. Well most of the work is done, you don't have to worry about anything though:

What won't change

Links/Referrals: I will be redirecting the links (all links which you may have cross-posted) to - so you don't have to do anything in all your posts and links. Although, I would urge however that you do change the permalinks, especially on your blogs etc yourselfThis blog is not going away anywhere but within a few months, I will consider discontinuing its usage. I won't obviously do …

Redhot Future Of IT Part I :Marketing yourself as IT professional

I had promised about the "RedHot IT Future Series" and so we discuss here how you should market yourself EFFECTIVELY as an IT professional in this new (and dangerous) web age! Web is the place where you're a hero today and villain tomorrow. While there are lots of professionals who are active on the web, not all are enjoying a good reputation as they got "personal" with others and got into a cockfight. The passive IT professional has nothing to lose but nothing to gain at all!

I know "marketing" might seem as a greasy term but the idea is to have the truth about you out there. You know you're a good person and your family knows that you're really smart person but the rest of the world doesn't!

So the question is how do I market myself on the web as a true "nouveau IT professional". A guy who companies will be tempted to pick up the phone as say "Hey, we wanna talk with you. Can you fly over to Palo Alto (or Guatemala or Johan…