Skip to main content

Good news! Hackers focus on Virtualization




Update: I've update the text so I can let Chris Hoff (our drunken security friend) comment and help us all understand better what he understood/understands...well...better :-)


So why is this good news? We need the endorsement of those hackers of understanding that it's not the OS where all the energy will be spilled but on the Virtual Data Center OS, as VMware puts it.

So again why it's good news?

  • This is a validation of the fact that Virtualization is going mainstream.
  • Security and Compliance will be core focus of all organizations (as regulators will come knocking at your doorsteps)
  • Virtual Infrastructures are easier to batten down and secure due to its uniformity.
  • Regulators will increasingly ask for audits, where as in traditional environments (I've seen such audits by the like of KPMG etc) and always wondered like "wow--you are so prepared, dude, NOT!", Virtual environments suddenly enables auditors to ask the right questions and get or not get the expected results.
  • Focus on security would mean that we will have to work harder to provide a secure and compliant virtual platforms.

So, I welcome this shift. Virtualization platform are secure and have been secured, the ones that aren't, should start doing it right away. I'll be personally speaking in an event in November on security and why a "secure and compliant practice will enhance your competitive edge", its not just about securing, your customers want to know if they are secure with you. Feel free to mail me if you need more information.

For now the report:

Graham Titterington, principal analyst at Ovum, told ZDNet Asia in an email interview that, with the increasing prominence of virtualisation, threats to virtual machines (VMs) are becoming more significant.

"There is little evidence of attacks on the foundation layers of virtualised environments yet, but we need to be vigilant as attacks will surely come," he noted.

"Virtualisation [can offer] the attacker the bonus of taking down many VMs with one attack, if successful. There is also the risk of attacks on the information held in all the VMs sharing the same physical platform if hypervisor security is broken," said Titterington.

Ronnie Ng, Symantec's manager for systems engineering in Singapore and Indonesia, concurred with Titterington's assessment. "While actual hypervisor breaches are still rare, there is still the potential threat of the hypervisor layer being compromised, putting at risk all the virtual servers running business applications," he said in an email.

The key problem with the growth in adoption of server virtualisation, Ng explained, is the lack of control — or 'VM sprawl' — in the datacentre. The ease of deployment of virtual servers makes it difficult to audit and enforce security policies, noted Ng.

Benjamin Low, managing director of Asia South at Secure Computing, added in an email that the mobility of virtual environments and the fact that VMs can "hide" when they are not active make it difficult for traditional network-security tools to monitor and control traffic within virtual networks.

Acknowledging that it would be a matter of time before hackers act on "unprotected vulnerabilities that the technology presents", he warned: "Virtualisation may become the next frontier for black hats."


ZDnet Security Blog

Comments

Popular posts from this blog

DeepLearningTrucker Part 1

Redhot Future Of IT Part I :Marketing yourself as IT professional

I had promised about the "RedHot IT Future Series" and so we discuss here how you should market yourself EFFECTIVELY as an IT professional in this new (and dangerous) web age! Web is the place where you're a hero today and villain tomorrow. While there are lots of professionals who are active on the web, not all are enjoying a good reputation as they got "personal" with others and got into a cockfight. The passive IT professional has nothing to lose but nothing to gain at all!

I know "marketing" might seem as a greasy term but the idea is to have the truth about you out there. You know you're a good person and your family knows that you're really smart person but the rest of the world doesn't!

So the question is how do I market myself on the web as a true "nouveau IT professional". A guy who companies will be tempted to pick up the phone as say "Hey, we wanna talk with you. Can you fly over to Palo Alto (or Guatemala or Johan…

Avastu Blog is migrating to IdeationCloud.com; 1st Jan 2009 live

YOU DON'T HAVE TO DO ANYTHING. WITHIN 2 SECONDS YOU WILL BE REDIRECTED TO THE NEW HOME OF AVASTU BLOG. PLEASE DO UPDATE AVASTU BLOG'S URL to : http://www.ideationcloud.com on your website.

I will send out emails personally to those who are using my link(s) on their sites.

Thanks much for your co-operation and hope you enjoy the new site and its cool new features :-)




Not like the site is unlive or something..on the contrary, its beginning to get a lot of attention already. Well most of the work is done, you don't have to worry about anything though:

What won't change

Links/Referrals: I will be redirecting the links (all links which you may have cross-posted) to IdeationCloud.com - so you don't have to do anything in all your posts and links. Although, I would urge however that you do change the permalinks, especially on your blogs etc yourselfThis blog is not going away anywhere but within a few months, I will consider discontinuing its usage. I won't obviously do …