Virtualization Technology News and Information
Drawn to Vegas by Virtualization

Quoting ComputerWorld

A couple of weeks ago, my boss asked me if I would consider going to Interop. It’s my custom to attend the SANS and RSA security conferences each year. But my boss was offering to get me out of the office for a week, in Las Vegas in May. How could I resist? I booked my flight and hotel within the hour.

Conferences can be overwhelming, and Interop had a lot of content on the schedule related to information security, possibly more than for any other discipline. You can feel like a kid in a candy store — you want to be everywhere at once, taking it all in. My strategy is to focus on a couple of topics and then learn as much as I can about them. For Interop, I decided that the topics would be virtualization and configuration management.

Virtual Enthusiasm

Virtualization is nothing new, having been used on mainframes for years, but it’s a hot topic at my company right now. We are aggressively virtualizing server environments for almost every new application we deploy, and we’re migrating a lot of existing applications to such environments.

Of course, virtualization carries security implications. For example, in typical architectures for Web-based applications, the Web, application and database servers are installed on separate pieces of hardware, each running its own operating system, locked down according to the security baseline and patched appropriately. There are also virtual LANs and firewalls to segment each resource. Firewalls configured for a “rule of least privilege” ensure that the relationships between the Web server, application and database servers are restricted. Usually, there would be no relationship between the Web server and the back-end database server, since the application server would act as a sort of proxy between them. The setup ensures that a compromised Web server won’t give a bad guy the ability to launch an attack directly against the database server.

Things are different in a virtual environment. The Web, application and database servers might all be installed on the same piece of iron. The cost savings are hard to say no to, and you might even get a performance boost. But, as speakers noted at Interop, if you don’t have controls in place to provide the needed separation of duties within the virtual environment, you could be in trouble.

At Interop, there was a lot of talk about the virtualization concept of the master control server, sometimes called a hypervisor. This is the control center for the virtual environments living on a single piece of hardware. Anyone who compromised the hypervisor would essentially be in control of many of the resources that the virtual environments living on that piece of hardware need access to. In other words, lock down the hypervisor to restrict access by role, or face the consequences.

Read the rest of the article, here.

Published Monday, June 11, 2007 5:41 AM by David Marshall
Filed under:
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<June 2007>