Virtualization Advisor

Expert analysis and advice on server virtualization technologies, deployments and management.

RSS
All Posts | RSS

Our bloggers: Kevin Fogarty is a veteran technology journalist and analyst who has previously worked for Computerworld, Baseline, eWeek, and Illuminata. Virtualization expert Edward L. Haletky is the author of "VMWare ESX Server in the Enterprise: Planning and Securing Virtualization Servers", Pearson Education (2008) and runs his own firm, AstroArch Consulting. Laurianne McLaughlin serves as technology editor for CIO, focusing on virtualization as a primary area of coverage.

Mon, May 19, 2008

Today's Virtualization Security Tools: One Hidden Risk

By Edward L. Haletky

PAGE 2

It is trivial, with this additional capability, to maliciously gain access to login credentials, credit card numbers, used over web pages, classified documents, and other bits of private data that are valuable in themselves, and can often be used to gain further access into a company's files.

These tools while trying to increase security could place VI3 further at risk.

The real protections should be lower down, and port level controls should be made available on the vSwitch in order to protect against malicious or accidental use of security sensitive portgroups.

VMware's security specialists should be thinking in this direction as VMSafe products are developed. Until this happens, use of such tools requires extensive monitoring to see if anything is out of the ordinary — automated monitoring that does not currently exist.

What these security tools do is offer auditing reports that are sorely needed. But users should also be aware that using them unwisely can increase risk at the same time.

Virtualization expert Edward L. Haletky is the author of "VMWare ESX Server in the Enterprise: Planning and Securing Virtualization Servers," Pearson Education (2008.) He recently left Hewlett-Packard, where he worked in the Virtualization, Linux, and High-Performance Technical Computing teams. Haletky owns AstroArch Consulting, providing virtualization, security, and network consulting and development. Haletky is also a champion and moderator for the VMware discussion forums, providing answers to security and configuration questions.

Loading...
Virtualization Vendor Matrix

Find out what vendors offer the products you need.

View the Vendor Matrix »
Virtualization ABCs

Get up to speed on virtualization.

Learn More »
Virtualization MarketSpace
MarketSpace White Papers
HP and VMware: Virtualization to consolidate server resources for maximum efficiency
 Virtualization enables proven cost savings and efficiencies. Now you can tap that power by consolidating multiple applications and heterogeneous operating systems on a single server... Learn more »
Gartner Paper: U.S. Data Centers
 According to Gartner, the majority of existing US datacenters have not been designed to handle future energy demands. Strategic decisions, including the implementation of virtualization, must be made quickly... Learn more »
Gartner Paper: How IT Management Can "Green" the Data Center
 Datacenters consume large amounts of energy, so it is imperative that IT management establishes energy efficiency goals and an integrated approach to energy-saving initiatives... Learn more »
 
SPONSORED LINKS
 

Consolidation: Just the Starting Point for Virtualization

Getting in Compliance with Government Data Regulations

Forrester Total Economic Impact (TEI) report: Save Millions in Fraud Losses.

The Benefits of Data Deduplication for Data Protection in the Enterprise

File Integrity Monitoring: Secure Your Virtual & Physical IT Environments

How the Mac is Becoming an IT Standard in the Enterprise

Storage Efficiency: The Key to Green Storage Operation

Oracle Database 11g: Real Application Testing & Manageability

Reap the Benefits of Unified Communications

Efficient by design: Watch this flash demo of the Quad-Core AMD Opteron Processor

HP and Oracle deploy unbreakable computing infrastructure at Replacements, Ltd.

Optimizing Infrastructure Control

Effective Security with a Continuous Approach to ISO 27001 Compliance

Best Practices for Providing Secure and Cost-Effective Remote Access

How Does Your IT Help Desk Measure Up?

White Paper: Businesses Thrive by Unifying Business Communications

Sheriff's Office Uses PocketCop to Access Police Databases from BlackBerry® Smartphones

The BlackBerry Solution Adds Significant Benefit to Toshiba

Network Immunity Manager Video

Spam-proof your business with Google's hosted security solutions

Global Crossing is the most viable alternative for voice, video and data

Plan better, manage better

Dell Latitude: Battery life up to 19 hours. Learn more

Video: 21st Century Networking for a 12th Century Castle

Speed, agility, flexibility - The HP BladeSystem c-Class

The Latest Advancements in SSL Technology

How to Offer the Strongest SSL Encryption

Destination: Intelligent Data Center Automation

Build up or Tear down? See how UC makes sense with Nortel. Calculate your UC ROI

Protecting Data in a Highly Networked World

Maximizing Site Visitor Trust Using Extended Validation SSL

Standalone Server vs. Open Source Toolkits

Getting Off on the Right Foot: Avoiding Common Master Data Management False Starts

The Challenge of Network Access Control -- Is a Managed Service the Answer?

Renowned Engineering Institution Chooses AMD Processor-Based Servers

New research validates telepresence solutions.

Configuration Assessment: Choosing the Right Solution

They Can't Steal What You Don't Have: Smart Security Choices for Mobile Workers

How to Calculate the ROI of Remote Support

31 Best Practices for the Service Desk

Unified Communications Software: The Death of VoIP?

Heinz Uses a Wireless, Automated, Auditing process on BlackBerry® devices

Write an RFP for Master Data Management: 10 Common Mistakes to Avoid

HP Puts Its Disaster-tolerant Capabilities to the Test

Compuware.com - See how we make IT rock around the world

CA delivers deeper insight into your assets, resources, projects & services so you can make more informed IT decisions

Discover PMI's credentials and career path tools

SOA Educational Library at the TIBCO SOA Resource Center

TDWI Report shows strong validation for investing in predictive analytics

Learn about the software-based VoIP solution from Microsoft

 
 
RESOURCE CENTER
 
buy a link »
Ads by TechWords