|
|
|
Protecting Virtual Environments
By: Brian Prince
2008-04-30
Article Rating:  / 3
There are 1 user comments on this Network Security & Hardware story.
Given the sparse options for monitoring traffic between VMs, smaller vendors can make a play.Larger firewall vendors may face challenges from smaller companies looking to make their mark filtering communication between virtual machines.
The interest in protecting virtual environments has spurred a number of startups and established vendors to make plays in several areas to address security concerns. One issue is the need to monitor and inspect traffic between VMs, as network firewalls located outside the physical servers supporting virtual machines cannot filter traffic between those VMs. The result is that communication between the VMs can go undetected.
With larger firewall vendors moving slowly when it comes to providing VM-aware products capable of addressing this concern, there is an opportunity for startups to make a play, said Gartner analyst Greg Young.
"There's an opportunity for smaller vendors [and] newer vendors to really move quickly into virtualization if that's what they chose to do particularly when right now the need [for such products] outstrips the supply," Young said.
Among the smaller players offering intrusion prevention and firewall capabilities for virtual environments are Reflex Security and Catbird Networks. Another is Altor Networks, which CEO Amir Ben-Efraim said is planning to release a virtual network firewall in summer 2008 that will support VMware. However, the product will not initially integrate with network firewalls from third-party vendors, Ben-Efraim said.
To read about VMware's security initiatives, click here.
The presence of the incumbent firewalls can pose a challenge for smaller vendors looking to either unseat or operate alongside other firewalls, as enterprises are often loathe to have more than one vendor's firewall in-house, Young said.
Bill Jensen, product marketing manager at Check Point Software Technologies, said his company places the firewall on the physical server that houses the virtual systems and can filter traffic between VMs. Though its firewall technology is not VMware-certified, Jensen said Check Point is actively engaged with VMware and its VMsafe initiative.
Point products, Jensen said, increase complexity and costs, whereas Check Point can offer a larger infrastructure. Deploying Check Point's VPN-1 in a virtualized environment and then deploying the Power-1 appliance at the edge of the data center gives customers a scalable, centrally managed answer to security, he said.
"A main benefit of this approach is that it enables administrators to get very granular on security for virtual machineslocking down individual applications and protocols, for instance," Jensen said. "[The] ability to have both network and application layer protection is key."
Another company, Secure Computing, has plans for a VMware ESX server-enabled appliance that will allow users to run Secure Computing's Sidewinder firewall on a platform with IP-defined virtual machines. That product is slated to ship later in 2008, and is one of several company initiatives involving VMware, said Scott Montgomery, vice president of global technology strategy at Secure Computing.
|
|
�������x}r㶲s\@♵M푦d[ъmyYԩRQ$$1H|I
7]hI'㩱%\�@h4��y$3W7-gL]sfS;uA@
Z.%w>;�'(+o��1m�n�f](� _h���oL|N�(��{��j"�K&�O|gM$ƮlM1
d�ckdp��,c�w�h{9D@�~5[��6m��(GL��Ż?�K���E!wO�C�(*>rP
ߩ���aNETǖþ����M"h4"j�>wl3�w23���X]~�D4�2]�pj:�N`QFdn
KQ��F���r�=��BM*-�D�ƞ4ICsh�;E�Ý�е�}2|p�
�09ju�j=nfO-�n@w�0\'p}j� �b@rhưcIp��|2X�pi�GJj�#ϟ~b[�4��:�geނuoez^ku�7cߝ9�I�z]],s&,U+u ͻ��
��P2zhN4,2Q�Ȳn�Mw�+a[Mѡl7ZkuE9,}�Uwcwm9{�2+�h_KL(罋� a|�`h
v�u]+i0�n{'�wy@ΰ�{A~A7"
DT*jZ*�ND�@aBjL�a9 uz3P��%oJe_�P+)H.C#M-Lc|+H0CВF^8ri�O'SK߾ڤ>xti"|#)Ġj�PEb�+%�2h\t\\?]r\w.N=rڽ"'ϝv�I; �i
Og�fV�z�k'^D].7kDm,-Ⱥ�35ͷY?�iYwθyn?]OH{vІ%�I����F
I�!e4%�gV%UGVOTU*P\?,CEe_U�X8ʕ81n!SG�ñA���&�3;,w~�N��(��mNR'}�bl�ꎓJX�I"|�e��uDyq�j.͏V���4@!>�&-��'pGb.�HۋrX�¤�$֔�^탊�I$�>6�ZЉ\?c
V�CB떂:�;�ښB�"(Qޒ]ӡ4�мa���y�j =�*~3`�=g��{`���ޚ�ouև
*��SsfPB=x?�K1
�Dt|JIILh"D& �
��T�A�G�EBFN�l�bo(ϞH�XZp։h
T=�H:s@T+esR裲B�^�/E_R
2[3#Edɬa�6�"[�91yU�#�BU`"]ᛦDMa�m`D]A,CMۯ!M[�ڣeXy� {[�Wޣe�[0Xآ:!9A?f! q SQ���:� ?;
g!7!a\�40x>fX�VZjpBa
"����dU nN-�6�˘
\
�W?f,���qٛw�yE"R��7!�+�Ͱ'q_G;oo�zjv��#*FKMzJ);m97��y_CuE�c7�˅L< +ePL�g<)*h3.1A�/aڵ(&�u�j`�b�E��%UV�LLX�kX)Z-Y2g5�klP!�/Ȁ2�(进�l�ن
Yr6<:]�9y~g�u3$?;��3QJ-C,
��P*}a�1*403yb|F�ȸ�:qmX?XR`�<�\қC~zo�g��i{q_ؕ.ZRL�|zn� X�> Jc�T�lb8l��X*uou�j�1كE�4mQ_(%UMPF�[�d"�vd6˰A\�m��#�Oa+<�yhR+rf!�
˙p+�*`�G?
S]�JUaaʣu~�Pc6ư�7�7p��H}�Lݡ����\wlSIB?�MKRM]&Xk4�y��}c"�qFx@C� �Ez�.҈
�Zs�g0�DrIab й%��:V$H0l) 54l*zuiMy�m! 8�+E%$�'�u2D$�5f>O{C{nc>T�ZE�j,�zgk�R`��ZUU+òZp}*xϸo��G�M yO¦ ','Ќ^ɐZNZ��e}RIc�_Cs�2ܝ+�(:H3�ki��ﬢz8_n&?9L!I��8�D"p-Ψ'V`�<.@1p�em��`
�wk٤S*'-qRCY� �O7亢#݀ލ�n.�F���+ hF��6@=!$�vg��(f�f{B��
`cZ-O9-b����:x�bqiy�@0xo8pT )h�
UK*~i:'
^�4ߜ�MpH1�)dzD4D+�qh
��NUt�8&��jJ�~v3T|x�9k�Z%q�f+FyZjz|yƥ!IXyE3is}<:s-_N��`z[>ݙY$C�G�(Fe(�Y�+|�` 6fȵ� u0m84~��Y�50�>[\մJji`��s*?�.}l�3pٳ.j22/wO�}}R�c�p��a�dH7nf|/�U;I)XYhb5B�J9��ޣx�P)�XS7@^G@I�@
j���G8v?)9$*,3)㪧RQ�u@VI �3YˡYF 3_�Sq:go�蝦yc_7)~(\{C>+m�
{~B>s�r[S*.?�CU\+Ԋ�?IXᐋII#Gx"u.N: C�?\u?]Hև6�M�F&;f�B�,
8o�IvI!3^2urҹ ]:lQY�yp0\^��!=ШQ�8筫��%Y_;$gu�߽�7�9$x�!:�.�X��G^9>k�ͦ���zpRb^�s�3{0l%z�i+��R(X�K}ʼn��|9�ki*D|=t_5gDܰ�T
p0Z��vjΒ#s�}}�XLXPH?X!wa��P��H��T
�dIwy�_�αgV_D�ZC@np�Kz!NU��⯈y,e$��e52%KW-N�x�|�-r
ψEщҎ\^
,~)F�Blߗ&o8��}{A�hS(+�x,VdkJ=t�Q?xD�>6�Bz?$YZ�g_��{w J�E�P�XIR"�9oũ-xOӚO|�BB�A�J;OA:ބv?Ik�vۺ���LpN32%I��bϔ 5m$Mj3f�k��C@$_KIv(+VH+dAz�J�SӚMdygjt?l6V"9#&0Gv�\$(Ґ �q��@��)R^sG�(#Ţ�鳁Ѫ}+
ŏhu�81
ƻ<[V�AH0G�W|,rq�Mʩ_uwX̧{�E~#rFntM��Ýԉ+*qY"K+:Q� C�W��.k ��v��cFآU̴jt�d̮%Ƅ�{`sBk9G�R�sr0&xg&�4nl�Ewy'("�(\q")Zf�>V@kN,H.%3�$t�?K.}:뷯HK#arԆ�#A�Ԃ�>3�ᛷ
6n�R�>' �r[k_=3'䢅~+ћ^P{20t[x�ؕvd{qOsn4�]9h�鐇4vdLc!I )VԺ5vv7`ʜ9%'+wr72c�Ӣ�(�o9(P2�tIK�rG3`Ⱦ�qC7L�b��c8w�B7�X�]
{~W�]ߣPHݣx;WR�,"rDq�B�1Vx/ɩ&9Β<�&Y�%:#Z/ۥ{,+i\xlS�Oo
?ֈ��&xL 6x1�t`��A�AXŀ0!Vo
̸G
q�cx�2�HC%�ր7Zp�.
Oz�!F%xk��y(6-�@|PXs�h(0p0p�a�8\}1�_:"Y1!c+g3�-(�ǜ؎��U�%p1-kKϱ�!]9ߨ3�[@�)���wC_ƭpE+.q�h&pb�ow�x7���#g/oE`�tj9�-G!rt�\1e��
d_G}E�sCXu|�{%r�{=y`v�
Dw�lɩe�(6���/I14J'lQ*Z-�z%z>Q�ˎv*ns8NHܝ�h ��-W�+�]Ý9B�����*O�c�fzsN�Hx\.a1?tK�q⏱Ӗ�eQ"��(�&c#��6�2lb��fZ껋�#�-s��%'u�"s�M^�>v�-�(Q��p�cg%8|<�S&N(K*z�/xʓ%VJpTS'ZrY8PLLt+iU%!�)ɜ����~�zI$Af�iE6.�&"�YD(�ל�=e=eOXh�lwk42yr3
}0�ȺMp`�
�=gN,UF<@kJӔ\>{=؊�T4�`ee�ϻ7ӒJZmv_�jӪ8|�tMl�f#�{�"K�t@$�d&9V�I:G┿[�$��4u~�O d*R
>[Tڜ�Xzve~K 6�0? ҩẤ!]�?WrRΑ�d'�x$�$a�pK>n��۠E-$_e]Z+?;\mXA0d:l}É�pXwG13�>/Cj1D�=H DnG\* .r�-�FBsˊ�Q]MRV^*NuFkD)��1o_p�A(]Y:7�y&Oq�-$�$ _�m��#q
e�P:ZݞP�E9
3يt�Ȭ3[�sDu$�Z�X �d,�a *KS�
!6�-�%,uI$r黿R#��L0aL@�N~'}Ɩ&ĀN 5�$"�뢗�a6)�%U�u�8
2rۮ=�]���3~3~3~3 fފ<7Wo*�/tO�W6
B*]ѩ�x@Q f^n]@jlG[f!���^�> Ϝ4�>I_,�S�^�)=�Қ�jM:՞NYe sfHc�,z3}�f~K�2]qd�# <���u+�B|F�Q�Xin]uM*yi�K7ϣ�g�_ε��V�j"�LGԲb;�8Pњ >GWB�ύ�?㥹u5 rr"~g,
z!Oc"F�jj%a.U#k>Vb~3t~3t~3t~3tnCgE+ y�:> a`P�yi{$5g[&(��MU+Z�:kچCF7fN˛�s;͗|iǣ/�1ÀB;ƷP#?��tz�(��S�,~M"�֟8/�5[ࣹym |>>:6]��gV�^=/t@�0��Pc;fn-J�*004]ڳP:69&s*��&X�)6�Î7�h7`rd??.u?��##�1]?YH ��ifT(s _�5�¤?��ԛ3�5J;�0g� Ô[�i^
O>���&6�~s/oQZM-�\�ĕ�V<�4s*h&{�k'p�0n�2PPE��D�תm�nC<47z��(np]�C�4ĝ_}yP\$of�^�lw�j{o�-{)
�h %?kW�V=$UCVS #tSzM�\@ū}NM�E%oA�rO|k��fNH"�d^�wg@�>Bm`|#$;2LHj�~֭��b+u���,-1,��ų@]{�L +Ƒ�}:uoBy,n�+;5}��ĺ
ꈆ=
z!�d ʬ�+"gEQ3
ƹ)�;\dbX2,,!] gf[8'��j�puA�LI`�=EOa�Iv|wouv1
_ASpn]|@V_ՂϋҞ_ZK�G>-
Q "`9W�'b�>j�)Z`z8Sk�xz1
{Cv16y
LDo��tgC|UԸol`ȝ�tq"�wo�~�Q�{ʞVS�,[�K�U+
R�bDݵg#��'QZ�-G'�䏹L/o�O.Hf�VM
,̉aD5�Gü�G#0k�~'~Ѝ߱"j\8n�Js�#UĤ�A�҂�B<ըw�ĨWsjD*�Ts.��K\G(�z�dI+<�/ c|Ż�RO�&�K�J�9)֤�O=#ԔwW�pU%
&
PZ���OksM�>ڜ>3-iM15цX5�0~�,fBGa�{vDoez�W\AO[fKwgP╛�`֝e'6%7Ƅ�YF]TSzX 1��7�1c� �drL�Z��[l3,´oI*d�H�
ק6�F�̽K_MDF0K*�j%VC/C~Q�iw~Ǯ5*>5BT][��(,0
+�l֘/�bGP}"�cqȝGF^hR�y[�~
��[�)@o��'a%�}�K�RJP`3 59l�gŚpsz y~@u1Q]�|Όֲk
!�,Χ&�_cLѾG1DSB�^*@L-A�]K ,�7�&�{|�>gOx�Rkuea(�Z�Akj��=s<ҁp_;q~ƨ6g�Z �Gt�Mx80*
>!7AG6p<|SR=U%=y*hp����̊(HKt4*:�>m[=|LfRO��a��/gL�N�_s�_�ݰ�,VI myd��i#�=ȓ+�2�1�h�l�_i/�ul_?#=:g};k�ZxX�2d>��嵅DG�(O�A?�ы;�;5&�g)5$�d��V)�5��Y|TO.8<9
��Lxk
:�LZP4eu7F}EOWJƈ\䐟�Ð�3�[��VŰDƴ c� 4F�H[1~���cMN�s��Қ <�v��\NA�cs}|B�cDRRiF�}�tKXa؊g7��40
uA9@"\2�Gzan2?y
:�R�o�L�c)zy�:tQS=1U&���Ǟ,nN��wL Ur����H${=9~ieTaJ~{��dO 0��2�K1c�~EWo֔J�u�S�J�we
zykwy��GfU3{84\OSr%+
%uVнA i�2bw4tܽA%@�0>6#�Dwn���uyyvH^ۤw|չw�}ֽS֒E�_gnԝɗEsgPJ�_3}iP�o$E�ũ6{8��,�%�Y�:w"<ǨL urr|l%֜N#g%^�Nˢ�#Ǯ#u�ԦF(p@q력2D��GM*��IK8���S^}'v�ԼV(:�r<��ɿ-VN~�9H'vN1�?��CN?|O?v
͏Bs��3|'?
͟{9_ 3��Vys��~s{�99.s�_Կ�ʡ�3�3>_?�)>C|�}�}5_�^55u�:IY gK8=J��W
ͣ�zTA^կ�?�4'�sYU�zvCU^Z*43*ௗUߗdҹ<�BR;�+]q->=-{☴[˚�rs���e|2�Y&�\�����)htWYdSrl�b{De?~VRR枌u�]�CZL�r!{]�2XѦ�^5}^93=U2�6C�K�}�m "%Yܻ�CzʈnS�'
�\2fA�4�'Ԏ�lOAp^Ew9�Cw~2G0`\O{w8 }58]Wn8Wј�8wƮ;�
P7�m�I�P5ZUj;�"���#O1�Q5YUdN.��jUeR�L�3DA�I3
��.3u^ed FMȡ�!,�pA�FJ�]#DK(� |@-|1�"�1 ͛�-�Mu?�/� {_B �#�H���f@�9�6b'`{�z9��çNY0`�):Vɤ[�Tl!&ή�w�gu̿O&гN�w&��ӄ�7Y@D˼���hգ�=D1B�~�22��VH'Ճo\<߂�.LyUz~u;w-8��,^bY\�:X0Z�o3˸ 2d jJr�XuND{eYry{sdgK�X)43GGP{aw�;�./ @Ny]ox|ca.�zO��7���Ck��ka5��cpg11Kv nf
AL
�6@ԺCcjd>Lk���#͙P�,c���PFĊ(1�L9-i��|�j�-@-�0E^ 20t�gG�|ם.ۈZإ]:3o�j@@z6EN 6a�q��c͘#{�L::D7�b/&c�?J�wRax�z8Y�#e-&&%l }_ |f9{h��}C%O!"q0u��``a?�>F@>Fыpa�z�BG�hO�t(E,�MO w[8�:\5%J�&A,L\q$�T�
�r8��`K��쒇�}���0Fĺr]�R4mLEpO�R6c����K�d嚙/'m�ƝOQso�9�1�,"e�x ��?[���<-v3
fC
&K_�v /-(G�6J~�Q.t��tli��@�JT>�� �m73�T���` GY�e`ZKr
�ǩkW�xx�� �w}�uKy!��0��W *ɟ=|TIަ�7(G,cմsQ`S:*6
V�n�
U�o߉o^ߏ,ؿ6y\
FX�3#�c��b@xϖO�_\_q�x�FF|�/�X�:˧t
c)�dt̄�6 !yyev҅
N䢸ʍI,F`a^d;+)ؐ�;W
���{O0bV@���1l�,�oԟ'TS*a#o�*��AV7�.]2�8LDxZ&�:x~eQ�= Vt*n�`wX;E�\(O�}u9r]*gV}�&5z_QyBcFLl4�$·%ݳU��nܣ�.N@Q�eW',��!�lt.>�c=;`on73tg�s7*@�Q~oyPVK9F6붢36EOZ�\֓}\/;Ǎo=�F姰f9TUɜK�\SK4%OY/�WЧTNe&Nұ �wk&l1)|m-k6�]-;�%#q*��
|
Network Security & Hardware 
