ViewYonder

Excellent articles. However, it is my feeling that there is a section that could be added:

Virtualization Barrier #7: The Security Guy.
Some of the most frequent “reasons”.
- VMware is insecure.
- It is Linux, so it can be hacked.
- Compromising a VM will compromise the kernel
- By compromising a VM, you can gain access to other VMs.
- Trunking multiple VLANS is insecure (see Barrier #4)
- You can’t mix zones (like DMZ and Production) on the same ESX server.

And many, many more.

I’d love to hear your comments. Thanks!

Pablo

The Hoff’s Four Horsemen presentation is awesome for hitting the security issues.

Actually, he’s got a lot of writing that’s really useful. If you’re interested in Cloud, Virtualisation and Security, his blog is a must-read.

Here’s a search to get you started
http://www.rationalsurvivability.com/blog/?s=Four+Horsemen+Of+the+Virtualization+Security+Apocalypse

most of the time the people who are doing the arm waving don’t have a proper handle on their security; they’re arguing about the merits of various locks and how easy they are to pick but the crims are thinking “eh? locks? my plan is to knock the door off its hinges with a sledgehammer”

SANS courses are awesome for helping you cut through all the theoretical BS and getting down to the real threats. they talk about “being in good shape” not being “secure”. the only way to be completely secure is to cut all the cables and smash all the HDDs.

I’m excited about VMsafe. it brings Network IDS style snooping to the hypervisor. no longer are we only able to snoop whats going on over the wire, we can snoop on apps and OSs as they interact with the hypervisor. I’m excited like when i found out about DTrace in Solaris 10.