« A POV On VMware's Site Recovery Manager | Main | The Hybrid Access Network and Disaster Recovery »
Saturday
Jan052008

Extending Virtualization Security Issues to Configuration Management

Thanks to David Marshall at VMblog.com for drawing attention to this post by David Frith on SecurityPark.net.  The post is worth reading in its entirety, but I'm going to spoil the ending for you by giving you a few of its final paragraphs.

A couple of points worth emphasizing here which transcend the requirements of security, and address other elements of VME resilience and availability:

  • VMs that require like levels of security, reliability, availability and resilience need to be grouped together, managed as an assemblage and this has to remain uniform, especially when VM migration (e.g. VMotion) is utilized.
  • The security settings and configurations of the underlying virtual and physical networks need to be understandable by the administrators and network managers, which implies that unnecessary complexity be hidden and the burden assumed by automation.

Virtualisation: Why existing security measures are no longer enough - Security Park news
...

With potential attacks first compromising one VM and then spreading to others, each needs to be protected with secure policies configured and adapted as needed. Here existing vendor tools can be used in the partitioning, isolating and segmenting of each VM with resource management controls to allocate, schedule, monitor and cap resources as required. Such tools can ensure that the VMs that require like levels of security are grouped together and that controls are in place to stop any unauthorised replication.

...

Management tools are required to provision VMs as necessary together with their associated security settings, such tools also need to map interdependencies and data flows ensuring that with all the complexity administrators do not lose an understanding of their environment.  With VM’s being deployed and re-deployed, patching tools are also required.

...

The complexity and dynamic nature of virtualised environments means that new threats and vulnerabilities have appeared and will increasingly manifest themselves. Because traditional security practices only go so far new architectural models, design practices and security tools are required. The existing tools however are generally immature and not yet certified, while such vendors and their tools need to evolve, the market also needs to educate itself, raising awareness of potential issues, new vulnerabilities, evolving threats and where necessary pressuring the vendors to enhance their security offerings.

Powered by ScribeFire.

Reader Comments

There are no comments for this journal entry. To create a new comment, use the form below.

PostPost a New Comment

Enter your information below to add a new comment.

My response is on my own website »
Author Email (optional):
Author URL (optional):
Post:
 
All HTML will be escaped. Hyperlinks will be created for URLs automatically.