Skip to main content

How safe is VMware's hypervisor?

This article comes just about in time. today I was having a discussion with my colleague about why we should start putting the security and start hardening the ESX hypervisor against any malicious attacks/hacks.

I (and some other colleagues) have rewritten our "Virtualization: Design Guide" completely and I was the guy pushing the security into our every other deployments.

There is one thing for sure: "There will be a breach somewhere, The 451Group has predicted that a malicious ESX hack is coming, Joanna did also talk about the Escape phenomena.

I think the thinning of the TSA (Threat Surface Area) with ESX 3i will help the decrease the chances of the attack/hack getting thinner but a mere statement that: "Since the TSA footprint is much smaller, we are a lot safer than yesterday" is like hoping that a nuclear warhead will not hit your country since you are so small, and trust me you will feel nuked when that happens in your data center!

So my adivce to all firms, SIs, Consultants etc is to start looking of securing the ESX by taking security as a standard default option. today it may be you key differentiator against the "just-install-default" guys, tomorrow you will not be able to do without it.

Anyways this is too an interesting:

VMware is increasingly holding out ESX as a safer alternative for enterprise computing. It provides a hypervisor that runs directly on top of the hardware and in turn allows one or more "guest" operating systems to run above. VMware says the hypervisor provides an additional layer of protection that is much more resistant to malware than various operation systems. What's more, the hypervisor can sit below the OSes and perform various tasks such as malware detection and patch monitoring.

If the dissenters sound skeptical that hypervisor is impervious, they have their reasons. Poor said his firm received $1.2m from the Department of Homeland Security to look for ways attackers can penetrate hypervisors and ways security researchers can detect and prevent such escapes. Because the two years worth of research is under lock and key, Poor could only say: "We were successful in all three."

And it was only last month that researchers from Core Security Technologies found a bug in VMware's desktop virtualization applications that in some cases allowed attackers to take complete control of the underlying PC. While the vulnerability didn't affect the hypervisor in ESX, it did demonstrate that the protective layer in related VMware products wasn't always as secure as some researchers assumed.



Read the rest at El Reg.

Comments

Popular posts from this blog

Security: VMware Workstation 6 vulnerability

vulnerable software: VMware Workstation 6.0 for Windows, possible some other VMware products as well type of vulnerability: DoS, potential privilege escalation I found a vulnerability in VMware Workstation 6.0 which allows an unprivileged user in the host OS to crash the system and potentially run arbitrary code with kernel privileges. The issue is in the vmstor-60 driver, which is supposed to mount VMware images within the host OS. When sending the IOCTL code FsSetVoleInformation with subcode FsSetFileInformation with a large buffer and underreporting its size to at max 1024 bytes, it will underrun and potentially execute arbitrary code. Security focus

Splunk that!

Saw this advert on Slashdot and went on to look for it and found the tour pretty neat to look at. Check out the demo too! So why would I need it? WHY NOT? I'd say. As an organization grows , new services, new data comes by, new logs start accumulating on the servers and it becomes increasingly difficult to look at all those logs, leave alone that you'd have time to read them and who cares about analysis as the time to look for those log files already makes your day, isn't it? Well a solution like this is a cool option to have your sysadmins/operators look at ONE PLACE and thus you don't have your administrators lurking around in your physical servers and *accidentally* messing up things there. Go ahead and give it a shot by downloading it and testing it. I'll give it a shot myself! Ok so I went ahead and installed it. Do this... [root@tarrydev Software]# ./splunk-Server-1.0.1-linux-installer.bin to install and this (if you screw up) [root@tarrydev Software]# /op...