Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

4/7/2008
11:17 PM
George V. Hulme
George V. Hulme
Commentary
50%
50%

What Is Virtualization Security?

It's RSA week. Which means we're going to be inundated with security news, and the hype is going to be loud. And a number of research firms predict virtualization security will be near the top of the hype-o-meter this year.

It's RSA week. Which means we're going to be inundated with security news, and the hype is going to be loud. And a number of research firms predict virtualization security will be near the top of the hype-o-meter this year.There's no doubt that virtualization changes the ground rules for many aspects of IT security. Consider the issue of intrahost traffic: take a few application servers, toss in a database or two, and now you have to worry about all of that intrahost traffic which can travel on the host server oblivious to inline security controls (such as intrusion prevention systems) waiting on the wire. And as I'm talking to CISOs, I'm hearing horror stories of admins shutting down the AV on virtual machines (can't lower CPU load for the sake of security) and what sounds to me as bailing-wire-and-string solutions (v-lan and network segmentation tricks off the host to the physical wire) just so the traffic can be vetted by a firewall or IPS.

The answer, of course, lays within "virtual security solutions." But what's the difference between an actual virtual security solution and just an old-fashioned security solution with the "v" word slapped in front of it?

In a recent blog post, Burton Group is taking a stab at developing an answer.

Here are some questions they suggest you ask any security vendor hawking virtualized security solutions:

What virtualization platforms do you support? If they say "all of them" that is your first indicator that this is a strategy and not a solution. Is your solution running on physical memory (i.e., at the hypervisor level) or is it using virtual memory (in its own VM)? Did you have to rewrite code to integrate into the virtual environment? If so, what components required this? (This is a higher-level question that consumes a lot of the following questions). Does your solution leverage the VMsafe API? On other platforms, does it have access to CPU, memory, network, and file system operations of the physical host? Can your solution track VMs that leverage VMotion across physical hosts? How does your solution identify a VM (e.g., by MAC or IP address, by VM ID, etc.)? Can your solution integrate with Virtual Center or other management platform to take actions specific to VMs? Are you managing configurations (patch/vuln mgt), encrypting communications, "inline" network security (NIPS or firewall), or providing some other security capability?

This list looks like a good start at clearing through the virtual security clutter. More on the post is available on Burton's Web site.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/21/2020
Hacking Yourself: Marie Moe and Pacemaker Security
Gary McGraw Ph.D., Co-founder Berryville Institute of Machine Learning,  9/21/2020
Startup Aims to Map and Track All the IT and Security Things
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-8344
PUBLISHED: 2020-09-24
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
CVE-2020-8347
PUBLISHED: 2020-09-24
A reflective cross-site scripting (XSS) vulnerability was reported in Lenovo Enterprise Network Disk prior to version 6.1 patch 6 hotfix 4 that could allow execution of code in an authenticated user's browser if a crafted url is visited, possibly through phishing.
CVE-2020-8348
PUBLISHED: 2020-09-24
A DOM-based cross-site scripting (XSS) vulnerability was reported in Lenovo Enterprise Network Disk prior to version 6.1 patch 6 hotfix 4 that could allow execution of code in an authenticated user's current browser session if a crafted url is visited, possibly through phishing.
CVE-2020-15850
PUBLISHED: 2020-09-24
Insecure permissions in Nakivo Backup & Replication Director version 9.4.0.r43656 on Linux allow local users to access the Nakivo Director web interface and gain root privileges. This occurs because the database containing the users of the web application and the password-recovery secret value i...
CVE-2020-15851
PUBLISHED: 2020-09-24
Lack of access control in Nakivo Backup & Replication Transporter version 9.4.0.r43656 allows remote users to access unencrypted backup repositories and the Nakivo Controller configuration via a network accessible transporter service. It is also possible to create or delete backup repositories.