Skip to main content

How safe is VMware's hypervisor?

This article comes just about in time. today I was having a discussion with my colleague about why we should start putting the security and start hardening the ESX hypervisor against any malicious attacks/hacks.

I (and some other colleagues) have rewritten our "Virtualization: Design Guide" completely and I was the guy pushing the security into our every other deployments.

There is one thing for sure: "There will be a breach somewhere, The 451Group has predicted that a malicious ESX hack is coming, Joanna did also talk about the Escape phenomena.

I think the thinning of the TSA (Threat Surface Area) with ESX 3i will help the decrease the chances of the attack/hack getting thinner but a mere statement that: "Since the TSA footprint is much smaller, we are a lot safer than yesterday" is like hoping that a nuclear warhead will not hit your country since you are so small, and trust me you will feel nuked when that happens in your data center!

So my adivce to all firms, SIs, Consultants etc is to start looking of securing the ESX by taking security as a standard default option. today it may be you key differentiator against the "just-install-default" guys, tomorrow you will not be able to do without it.

Anyways this is too an interesting:

VMware is increasingly holding out ESX as a safer alternative for enterprise computing. It provides a hypervisor that runs directly on top of the hardware and in turn allows one or more "guest" operating systems to run above. VMware says the hypervisor provides an additional layer of protection that is much more resistant to malware than various operation systems. What's more, the hypervisor can sit below the OSes and perform various tasks such as malware detection and patch monitoring.

If the dissenters sound skeptical that hypervisor is impervious, they have their reasons. Poor said his firm received $1.2m from the Department of Homeland Security to look for ways attackers can penetrate hypervisors and ways security researchers can detect and prevent such escapes. Because the two years worth of research is under lock and key, Poor could only say: "We were successful in all three."

And it was only last month that researchers from Core Security Technologies found a bug in VMware's desktop virtualization applications that in some cases allowed attackers to take complete control of the underlying PC. While the vulnerability didn't affect the hypervisor in ESX, it did demonstrate that the protective layer in related VMware products wasn't always as secure as some researchers assumed.



Read the rest at El Reg.

Comments

Popular posts from this blog

Redhot Future Of IT Part I :Marketing yourself as IT professional

I had promised about the "RedHot IT Future Series" and so we discuss here how you should market yourself EFFECTIVELY as an IT professional in this new (and dangerous) web age! Web is the place where you're a hero today and villain tomorrow. While there are lots of professionals who are active on the web, not all are enjoying a good reputation as they got "personal" with others and got into a cockfight. The passive IT professional has nothing to lose but nothing to gain at all!

I know "marketing" might seem as a greasy term but the idea is to have the truth about you out there. You know you're a good person and your family knows that you're really smart person but the rest of the world doesn't!

So the question is how do I market myself on the web as a true "nouveau IT professional". A guy who companies will be tempted to pick up the phone as say "Hey, we wanna talk with you. Can you fly over to Palo Alto (or Guatemala or Johan…

Redhot Future Of IT Part 2 :Virtualized Workplaces

Click on the title to hear what I have to say, alternatively click here to listen to what I have to say here.

So what is a virtualized workplace? Does it mean it does not exist? That it's virtual? Well in a certain way YES. This is where the future of our workplace is going to be. Well it is already a reality in some countries.

OK lets start by asking ourselves these questions:
Do you really bond with your colleagues? (think Team cohesiveness)
Do you spend great amount of hours talking about great things that you will do together? (think collaboration)
Do you really feel that you give 100% at work? (think effectiveness)
What do you really miss at your desk? (think personalization)
Is your desk comfortable enough? (Again think optimizing personalization, OK you have done your best to make it your place)Does it really matter to your employer that you are there for him/her? (think commitment)
Or do you get micromanaged over petty issues? (think mismanagement)
Do you see your employees perfor…

A Collection of Threnodies : Part 1

Whale Fall
-----------------

Dress me up in my new threads
clasp my greasy palms
grease my hair
I'm ready for the fall


Watch at all the decadence
watching the avalanche
I'm slipping down
losing my buoyancy


What's become of us
where have we come
this far, this close
close to the doors


I hear them, sublimal chants
I'm on the run
I race through the human sea
I am the king!


I'm the slave
to my own undoings
I'm the jester in my courtyard
We jest as we run


We're strolling on that thin rope
we grope as we rope
we're true heros
we're the survivors


we're the scavengers
we're the friends
we're the lovers
we're the unbred


Soon awaiting the fall
we're lurking on us
we're osedaxing us
we're soon going to be done
we'll soon be arrested




*osedax(bone devourer, newly discovered marine genus) feeds on a fallen(sunken) whale carcass(which is also called a whale fall). Read more here