|
|
|
Virtualization Security in Spotlight During VMworld
By: Brian Prince
2009-09-01
Article Rating:  / 4
There are 0 user comments on this Network Security & Hardware story.
With VMworld in full swing, virtualization security is at the tip of some people's tongues. Based on a new paper from RSA and some user surveys, IT pros are advised to keep security high on their list of concerns when it comes to virtualized environments.In some ways, the virtualization security market may be in a good news, bad
news situation.
The good news: More tools are appearing that focus on securing virtual
environments. The bad news: Many may not be making their way into the IT
infrastructure. A survey by Nemertes Research found that only 10 percent of
organizations have deployed virtualization security technology, and 70
percent of respondents have no plans to do so in the next three years.
A separate survey
by identity management vendor Centrify also provided a glimpse into the
mindset surrounding virtual security. According to the study, 55
percent of the 480 respondents said they had virtualization
security concerns but were proceeding with deployments anyway. It is
against that backdrop that IT pros are flooding the VMworld conference in San
Francisco Aug. 31 to Sept. 3.
To
read about securing virtual environments in the face of audits, click here.
"The biggest mistake is that organizations are failing to appreciate
how little visibility or control into [and] over the security of the
virtualized environment they really have," Scott Crawford, an analyst with
Enterprise Management Associates, said in an e-mail interview. "Because
virtualization offers a lot of inherent security benefits (such as VM [virtual
machine] isolation), and because threats that target virtualization
specifically have yet to make a significant appearance 'in the wild,'
organizations are moving aggressively to take advantage of the business
benefits of virtualization with limited investment in proactive or preventive
security controls."
To help organizations deal with security concerns, RSAthe
security division of VMware parent company EMCreleased
some new advice to help
organizations meet the security and compliance needs of virtual environments.
(PDF) In a paper entitled "Security Compliance in a Virtual World," the
authors touch on subjects such as platform hardening, administration access
control, and configuration and change management using VMware's management and
security tools.
The paper emphasizes the importance of learning how to harden
virtualization software using guides from the Center for Internet Security,
Defense Information Systems Agency and an organization's respective
virtualization vendor. In addition, organizations should pay attention to the
speed of changes enabled by virtualization, VM mobility and offline VMs coming
online. As servers and networks are consolidated within the virtualization
infrastructure, the paper recommends the use of fine-grained access control to
ensure separation of duties between administrator roles within the
virtualization software.
"The lag in a mature approach to virtual systems management has been
one of the biggest roadblocks of all to taking full advantage of
virtualization," Crawford said. "This is a symptom of enthusiasm for
the vision running up against the hard wall of reality. Vendors and enterprises
alike are still coming to grips with this realityno small thing considering
the central role virtualization plays in even grander ambitions such as cloud computing."
Forty-six percent of the respondents to the Centrify survey counted security
as the leading reason virtualization adoption could be slowed. Bolting security
on after the fact doesn't always work out, Frank Cabri, vice president of
marketing at Centrify, told eWEEK in an e-mail.
"There can be technical challenges with this, or even operational
challenges," Cabri said. "Securityin the form of access controls,
segregation of duties and the likeshould be built into virtualization
deployments whenever possible. It's often less expensive in the long run, and
more secure."
|
|
�������x}ks۸q�f89�Ei;RJX'c)dj� I�S$�IVfϟ_n߸�҃xƩ��6Fh4~ 'I"gf;̢dw���5靿K$��m�w�L9P[��Ϡ^=W�Zj:@a5�Nz���p��D�d�>J�`OS;S
� 5Ǔ6ޙ1=+SmL}�F�6�\�3�m��eb
^�Qk$Ё_
ܢ�%y�Rp�ER�B@Te�$oQX}_�V�:ALéM}!
{�|@JKd/B(?F#�s�C=|'�?<�i@aUw0vK]K�7SѠ*v�25v>6^�;�s9Fȹ�3�z$5d9c';���{ �-�Xd�UjL�wbC2R!1k;T*�T*65-晚G|͖|#XulAzf@h �ɠ�ݢ�&q!_C�p`iōF�Wʉ�<{e6O(L|@�ɠiģz�r ˚7�h42M�Yn�U\WkaZ�J{]δ
ηL{vo*sܼLzgysz#���-;��ග�Eu�s|uO}vN�6y��vtx/o0wND߀"�QYTi|/LZ@
��WP=� uΑjzQҏZN-ZKE��KPOR�])����N,RGb9괏-Ҿ路.:6鷏O:�$IJ1<�jUU�*H�j�vB�oMEIs^Iڟ;��g�:�R��ڟl3Hok���lxiuHZz>54�0���V+KJ=�OqeL�xY$Y.�r"�!}O}�fr"GrI/�o,{�$�cM�|`Ap6
2X��c��]v�Rl�>o4�3@_x0Fukfs@̀k��fPX��D@A�N)��61t9kM`3R˼Z(o�dz!C�C�j9nVȨ�U�SAB!I���F:ACA�4icŦwh4N@'&�h`C:}ҍ:L �_a;Nh>[W �Ҥ7=� K9��ܺyfe&,@�PCb�;*����=�sY�
h? OzuK�����+�Zsƾ��
:���jra�*{j
+)d�jz�#Jw�^`��3h{q#%Ag
�=�e河�xOt�YKnuo?յpz9(KӺJ�J'/�H#oh��m_Eڠ�eeLGy K-C�� IP֦�(X+e�zdxy��62�&CI�n�Px���{8`O�k�=0�)\T5 Kˌu�yPjAJ,Yvn������(�M�8!z?VLl9K[ ,֩w츀��="I;k\O)cg@>`��әǟG
)a!��w1�Z�JoX�,,aTJMIlbbp=�z˸�Bq,P XbO@{s�UruXkj2이�])Ϥ(�'W6���v�=&:Le�"6X#�ji!Wʈ�h-0נa2�EEq?O~�6��=2.eX"�{��9ec�Of:Y$�Fi.z297Y�8p@�w'~~�L4�,|)�57~�};݂�/�r͙���|rqZ�L�av"O`��%M_w��>CyVA�K1SdcS�yt(�dݙ0n !VP�Ŗῦ
�O�� g�#lhCx�R�&�`Q`:4gӢ
�7{AMzO)ɨ��4`VsnC�<��ꗦK�$�?{ݮ�#Z`�zž+~֬Ӫ`f/ElcD�H!�
�2�:е�%ԒjY�V~
r?^=]3�>(/M3DJ1N�*,7ATK5ExjCW9.^ٸ�İhwy�U-'u0�hRIpg=HY9Vs�jz6eV�A<~�jv�oa2\ LG{�+~5e�r6=_�>�M=��;L4G�;��.E;`8S"�v�bGymrO�8���O��`Җ
Ћz �'i6r�uA�?�ۥq}c��a#2�"n�}���k�⛇-BP��r
R=cx�864>uGci
lmKQ
�z�F<�H�3J!OdЦ厰��H�z9f�vل+ecxX�*Xy�0wJ_8�jA~�fZX)C=+@,J\QG�z=͠1�pS
Fu1H>rc-b drAT�URXUʅO
�\t[E�&&���g%!B��ӛuN,@ m|C�T��!I#�̸y0×!��w�' O@lB�-5i��Rg͋5�u;f̬9_I�gY{�!ke��H@X��|P�~#+jm_@5I-֊R{��
�=2fc��$�}/�[F�IOS+f+
Cut�g\D@Sc�
4c�ć�usgCRR�Hw�ضZVr?'̅BMÀ1⺆a�RvQ��X@r�r�ZR�`?�&�ʠ��K=� �J�;!�8�`�&�Ux)m�K Rٟ8sɖB�z$DDOC�~Un�gX&��Պ
6şc�1ΉyO{{V}{$� }MMXޟ9
�d#��;?J䏝�;�)l/{їN睳/�x�Źϥ/Nӽ8 �"hCr|8Gg�ZٽR���5
}M\ڿ�!�WO�-si\[Tez�LR(��!I�16dd+]=-ao/Vta
Oa�嵀7ۓ�
_9s�ys!}=^fsі's5B� :ڥY�KAV�C�=gUxq)q��m2�Y$C42e\8$]w��D/8 ù@
c^WX08x!>ӱB�ZKUe1 |
ڠk�!�����g�4r㿜Y݇$M��0xc�|.A-H7ܾ�J> �0�QJh"g�8�E;�)~ڰ{�+�/�=�;PHu[=HT(lOܢM]�kց�S9\)L iuȠ3%dBU]��6�O�`J0w�9+R~�]X_6uwj̣{cy~δGNx��wĎ#^@(NV1k=�x'��_Y)t0���9]#Σd�tWcT1;z�>^�g�h9[�R�f'x."64N%ywy#�x�EJrm��WyZ7�vY��?yxX��T3m�b'ͳ~4/OA�6W�{�O$��V��=4GoQw�P]9Yz$ACvk~愜71@;z{w6Ş`6tͥovV<}�'i?vݷ;¾"CWq�k:�@Nt,$�$yEQj/W�3$]Bn':�K9z �`<
,f}��x3D?,�yi9>�P3-�|4ݷPc�|�y~}q�.�~(TR-.fO뻬,J骇v�9���c]MT-/^\RK>]ϫ���ꀞ< h��vo"Ba"fFs�8EE[o\Ӧ{mef7#ց!{� Rb�MN���i���zc{ƹ=39��1= <�v4�.�߮���� ?#B��;BJ��[4��2�UCn�?�u�k=Ǭ
,Gi�ƿÕ�c#ޚU^�?�2�%;l�ߔ��ŷc͘37�cp/*
_�?�XR|����.��i{\na�a0^
=�"s�(ı��߂KݤCƧSӆUesZɝԱGѸ:�tE)}yW,w1�?{{xp�ǥH�QLPb5֯Hҧ�93�),gia5���_F#Y��z��VN@0�րMOx�Iͷ3u٩fN1x�8�x@ikQro.$H/lC0_&��,ڔ�
v�讜dKh尤�9ovς/[5�6Ae^|��rm<7DDTp'K.J.�9&&_d
d.Ý_E<��<�Lx\c#K-i�P� wvYl%P��9��̏>�S$5k�!?Lw����YЕuYZa�� SBlgd5>9fe�xt�:m�S^�>8V�c"[Ol����ގ�eF �s,n'U#YT0*g�~]d~b�Ďe�oe<7f"P$J]y�2�RJ!!�-Hđ�Lzq2rDgK&��CBr+&�Nz,."G Nf0�R)һS,1�6��>������V�BV^T�s@yS7%sA|�nM�1d�nw)p$�f-th�t3H7@�="ZXb�� |n`�kWA/�oφsAڊk�RZ�L8VSͼkKxA9aaaa�Uetu,o͕�ƋxhG9ұys;�ތ-F3K(��b�����:�= �^�
#�A�YN��ѢƘF?#�y$V�~uCR_l�XE�+���:'�pݼ%e��_Li�pI?' ^��t�Hk<�
BtY2Arm֗g�-9#ӗ�2$�꼢x]�,!T4b3|��zj�?��?KѯnH`�V�LA\&F/pф�WB7A`ԍnH v�ҵKscPMTֈ0�3�9W^ldTѱ�i~ul�k$~H��fѦσck�K6�^!o�d)�ք�m4#^�Va�B┥�M,,⣘6xO'
u]9FF˻6^�Krqa0��GY��=d~r�
�(�ȡ�Ax"@y}htjmjk'2�|�rB�pn$��Ӈ��L@NR;�:eV���h�,�j>]
ϗ�msj7�Iu W%!|�6ՙ�?`Չ�>�jh�byx�0/2zNd����u]�L�ܼד�@��H
�s3!Wjnh�io~[ئ
�s��y\�i"t��
c��^`=
h3tM-F��ock=va&z pG"�i,�s�x/�3v�ZKhr]�dJ��ş
/z�{+Ʈ��W{o�{/߂�r<�\즎W
�{zmM�
Q>V=6۬7oDNHvJ}m(嵙t=n{{�7i��w`�Wݰ:ư:��/2ˌ2o}�W�=�w�4�S�2Ě�aa+I�iqnrNߋ�j�Sƚe<
,~Mm%�@=(�bb>8XBO<�cн�:u]L+5h�έc�o
P0>k~~~/u~A{cU`�2�&]Ӳ�뿓�$y'nz`'ʹX,hMÙ@t�œ3�a�Iq��Dx)s~�M0�͝vKe�
�ٿcgWSk{��t�^Yo\kE_A-
˴hgϡ6
��?5�2�ͨ4$p{�-�>6_*�tk�Dz/� 3LM?C"�`Y�l
2MQ�Ӭfo!_`n2�y+9q3({ga(�(�wjO�]����^g~
J5?4+O|oc��d�)?��)מ.�^�o�7N Ivxr7
4?h�_)aw�Ƕ.7=Fc`Z>BX;k{$5d�_M�,�a�ٵ5)ȁ.�NTVg`*Dz'Nt�f�]E*ǹUaWv%'0-g�ܕŤ�=BH�4~AX�^q_U1"cz�~6#eT[QS]ӭ��Z�f/8�[Ԓ3r�h!@ BrXD
Ň� "�K��qb�y3�M5kiaBɰ1f f(xѴB*]�sN
U}e5b?=G/ttAj-biA�.c�2·ܴ
n �o=T�J�9t[`�ɣ.�j"-=��JD:&
fx�-F5֠]�6ݫOj��6j=!`5�8?�f�n&-m']қ≠DU(�ĹUȓ�P}³1-* ;,��ˍ�{�D��Aƛ�Эq0e�_J
��?%')3ʭ�G-t��sH<�`6���9TR��y-0�CU_�;RS�UVR,�,`(<���|0�o;7\=#d`z�EPP.(6cJ3l9:�d �\�z9~j<֛�kJ���6J>�0y��XC�@�H}#nA'�,Ut:IN�Dnx&-Sý,&HP�jߚc�#/6�S#�=XfXYrRf��p�ͬG[Vj湐�.04&����tNN5[Mm�@&�("RP̏XJ0_]�z%|�##�oDi&:�#..�ˣZ�$|ɌV:m����O�b`pX$QcD�U<�1�1t#PʲjN�T]֏pY�=XCE3 ��_~b^�v�&r�&}�*� 5�;m7k|~�
�_F}D`߄>�F�S�.�oJuOQoIg/I8��}xx�m@�1"s?"�Ia:$�.+JAW7U͂�5�Y6mG�g}ِ
tC�
|9[CG)W��9Ĕ#M>�S^o_��E�cDTw.2OaH��P=SabX"cR1��Q(Vpx�~1&'v+"��(9a� kE�$�06c1x��I@�s4�3Dtkn͘FLNj5�KmE�n璱1rO�T-B@a=Q#�3(�9t_j~ x�%R�x�tQ:..�(�� o$�H(�[P�XP؟�?pk2�%TJTmn$KCu�~fV�K)
&�X`IB4�A"�\2,�GAn2u:�-.fé�`�\�ovN���ի
|{�C@u�3�*s���RS¤vx`T+=<' .yHcI�� �^iN4_\!�㯛6�}���=<�RXX_1ԻPSr$4k�|:(��+R0cE)'��uxO6nV?WS.4!W�)WT�h����s##vFC�dRs�>�\�;�1
E�9^&9jIQst/Q{g�}�'RKG٪;G֗嗓Es5NL�41F;��6ϴM&ƋBY22 '�6Sf�ri.ͅdUh,Y284dG�1}4��yL|=���U6üj�Uzq7
��DTA~պjzj6Z�NA��/|veQcȐ:|jQ=�}uR�\js�gZ&���
)n}>E;�MjV}Qy�xQ�?f�e_A&Pj3�r�(?'�|OPi}i'8/rN+��g:��NF?r/Pe}�?ˀ�ڮq1?0�,��~3s�?�9y�}�}g'E/>CS(?(�#�3a~/2�".`.2�f�! _��2>.ˌ~2�e�e�ϠPO@_23*}�g�]CuV9u�^C�_�]g_RIR�f�5/qv%sQ^52\�y~�)�P�'�P!*�(Ϡ�Xi7�Zee�+\��z�^�}NF&on+��^a(芪g-U噗fZk
Ǹju16
4xW��/ByeoRD���A)a.�
3l?V\[[,Oн�ۺ{'ϊ'NW4C�ﹲ��d^ Wsr>VD=՞bM�xG,D<�mc�sl��Ⱦ91ʛ�QGЬag]#=Dz剹?|�[2��xI0? ۓ{� �W]�6ppSn$� U��O��s}�.nmG;yh#ֽ2�b;�w6�K췡\2'G4WB�)�*3Up&
I7�T`'��9}Ǧ a48w߰ r:'쭰F����|m+�\2S�Fӹ ݊Y?(L݄)�mød |A«�E/=�׆"��cX
=��w�vMR�~Q�^Ռ]#|F WMPL\,"���7ϒezLT zZ�;]v�!/�v,0%^z'Io=Gmc_V�e�ńK�!z>HYUҎZ;@BW oX�)u�n'|oS�{/)0XP�y74<�p2�I>� n�9aSYD:�>����Am{'ٺ*lٹsӘ2L1А8ڶ2COAt'>.EzE�z�?��3&�
Pt>[:SAW��C��3қZ�S1$(+nNvG�D
'7>��6'كl4p6g@�!(_Gْk0��?�Fq:h�/�A.�Sl2q�W4�@FWD0;"6����Zi},#sE��%��X,8/# kuf㿵�ƝMQh|�W�9���,�.J~�f�ŧS+ot%(�5x2[v�ΆOV�ek[(|�
_b[0~X��+mKbA,\�n2?>�i3}��@ =(
oF8�`y%K@4�4{�
�pSGg�hwq#��14��VB\
(a��tAL?Q!?cm'nJQi#¶54-���eщ�&�o߉�n^SQa[_�k:ill,eLW�`YX&�5ęV3/O C�ׅѰ0�L;,lyE�G%��RrNCb
0F �c:p2
1>,O)h<�4W�6IĶq��yn5}~X>0#ErsgCe.^S �{e��7�5w�HR#z.I|Ԃ!�gnh�]1fnBM��.&DW6K�5�4ƘbYy&��L�9�2lv*�
X>!ˣŬ"&D0Ȯ��'R:tsh;h�[3T*Ha$�:�R3 KEj z.�t1��\04Nyq�Ba��ʩȩ(v�}_\%hw2b5�biS*��
|
Network Security & Hardware 
