Attacks/Breaches
9/8/2011
11:15 PM
Charles Babcock
Charles Babcock
Commentary
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Virtualization Security: No One Product Does It

VMware environments demand multiple tools to build barriers, trap intruders, maintain VM security-- and keep the Jason Cornishes out.

Symantec, as another VMware security partner, offers a suite of backup, recovery, and data protection products. In addition, in May, it announced Virtualization Ray, or V-Ray, to supply visibility into a variety of virtualized environments and help protect them. It "provides you the visibility needed to peer inside your VMs and understand how to protect these systems" it said at the time.

How does that make you more secure? Well after the announcement, Stephen Foskett explained in his Packrat blog that V-Ray has been embedded in Symantec products such as NetBackup and Backup Exec. V-Ray can identify files within a virtual machine image that have been changed, compared to a secure, backup image, and recover the original virtual machine by restoring the correct file. This is quicker than rebuilding an entire virtual machine from scratch.

The visibility offered by V-Ray will be embedded in other Symantec products that work in virtual environments.

Sophos provides spam and malware protection and email encryption, as well as data loss protection, in its Virtual Email Security Appliance. Data loss protection is an inspection service that detects and prevents the exposure of sensitive data, such as credit card or social security numbers, being moved around carelessly in email. The Sophos virtual appliance combines runs in the virtual environment alongside a virtualized email server.

The Sophos antivirus protection engine, however, has its shortcomings, according to some observers. For a summary of its weaknesses, read this report on the findings of Google researcher Tavis Ormandy at the Black Hat USA event last month in Las Vegas.

Data loss protection is one of the latest measures VMware has added to its vShield 5.0 framework, Chuang said. It included DLP from EMC subsidiary, RSA, a sister company to VMware. "Many people don't know when they have sensitive information resident on virtual machines. Our goal is to do whatever we can do to help insure compliance," he said.

File protection and compliance protection are strong security measures to add to the virtual environment, but they still don't amount to much protection against a character such as Jason Cornish, due to be sentenced for the $800,000 in damage he caused Shiongi last November.

I was discussing that point with Eric Chiu, CEO of HyTrust at VMworld Aug. 31, and he claimed, "80% of the people we talk to have not secured their virtual machines." As the virtualized part of the data center continues to grow, that picture has to change.

He recommended products that can log who is accessing and copying virtual machines. "They may be stealing," he notes matter of factly. Only give virtual machine administrators the level of privilege they need to do their jobs. Don't give the "god-like root privileges" to everyone.

In addition, limit the number of servers any one administrator may access, and include an alerting system that tells responsible parties when bad things are happening, such as the deletion of a production server or multiple productions servers, he recommends.

This still would not have prevented Jason Cornish from doing damage, but it would have limited the damage one former systems administrator could have done, even with illicitly restored privileges. In the virtual world, new boundaries can and must be identified and watchdog measures, as well as the more traditional filtering mechanisms, put in place to sound the alarm when something starts to go wrong.

Virtualization is taking over enough of the data center to raise particular security concerns. For VMware's wider view, see VMware's Next Act: Operations Expert.

Previous
2 of 2
Next
Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-8802
Published: 2015-01-23
The Pie Register plugin before 2.0.14 for WordPress does not properly restrict access to certain functions in pie-register.php, which allows remote attackers to (1) add a user by uploading a crafted CSV file or (2) activate a user account via a verifyit action.

CVE-2014-9623
Published: 2015-01-23
OpenStack Glance 2014.2.x through 2014.2.1, 2014.1.3, and earlier allows remote authenticated users to bypass the storage quote and cause a denial of service (disk consumption) by deleting an image in the saving state.

CVE-2014-9638
Published: 2015-01-23
oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a WAV file with the number of channels set to zero.

CVE-2014-9639
Published: 2015-01-23
Integer overflow in oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (crash) via a crafted number of channels in a WAV file, which triggers an out-of-bounds memory access.

CVE-2014-9640
Published: 2015-01-23
oggenc/oggenc.c in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted raw file.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
If you’re a security professional, you’ve probably been asked many questions about the December attack on Sony. On Jan. 21 at 1pm eastern, you can join a special, one-hour Dark Reading Radio discussion devoted to the Sony hack and the issues that may arise from it.