Share what you know with millions of people
Focus is the best place to turn what you know into remarkable content
0
Security management in virtualized environments?
How do you ensure desktop security in virtualized environments? What software do you use? How do you make sure that virtual applications don't experience a lag in performance due to security software? I saw an article awhile back talking about Cisco and McAfee joining forces to simplify security in virtual environments -- would a partnership between those companies be beneficial for your company?
Events
- Dos and Don'ts of Small Business Marketing May 29 @ 11 am PT
- Lead Nurturing 202: The Next Generation May 31 @ 11 am PT
- The Tricks to Paid Media June 6 @ 11 am PT
- Display Advertising for Brand Awareness June 20 @ 11 am PT
Related Activity
5 Answers
An interesting question.
Quote: "How do you ensure desktop security in virtualized environments?"
If we are talking about the use of remote desktops, where the desktop is operating in a VM, then you have exactly the same issues as dealing with virtualized servers and keeping them secured.
One issue is detecting when the virtual machine hypervisor has been virtualized. As has been demonstrated using Xen, it is possible for malicious software to exploit a vulnerability in the hypervisor, and virtualize the entire installation. With the virus sitting between the now-virtualized hypervisor and the hardware, it can see everything going on in the machine.
It is also possible to virtualize a non-virtualized system on the fly, and achieve the same goal.
The challenge when trying to defend against this capability is detecting when the hypervisor has been hijacked and virtualized. Because the malicious software sits outside of the virtual machine it just created, it can be impossible for security software to detect its presence once installed.
In the words of one security researcher: it is the ultimate root kit.
Quote: "I saw an article awhile back talking about Cisco and McAfee joining forces to simplify security in virtual environments -- would a partnership between those companies be beneficial for your company?"
I can't see how a networking technology firm partnering with an anti-virus vendor can help prevent an attack agaist a VM any more than they already do to prevent other malicious software reaching a host.
The people that really need to focus on VM security are the VM developers and hardware manufacturers.
The Energizer Duo USB battery charger had a back door on port 7777, and that be within your intranet perimeter. Even virtualization seems weaker in light of inter protocol comm exploits where a target payload is encoded in a carrier protocol and reverse tunneled back through a web XSS opening.
I think perhaps it is better to ignore the virtual and real dividing line and base security on the reliability and accuracy o f data transmissions that split packets between two paths and only the recombined packet at the proper destination is verified as correct and accurate data - if tampered in any path it does not recombine correctly and is discarded. Checksums insure accuracy.
@mike lee: Quote: "I think perhaps it is better to ignore the virtual and real dividing line and base security on the reliability and accuracy o f data transmissions that split packets between two paths and only the recombined packet at the proper destination is verified as correct and accurate data"
You just described the basics of the TCP protocol.
It wouldn't do a thing to enhance security because malicious data would always reconstruct correctly. The only thing authentication and integrity checking of a connection would ensure is that it was not tampered with in transit, but that is not the issue here (and wouldn't be done using the method you described anyway).
It would if combined with an anonymous system like jondos.org.
or at least I have strong reason to believe so though I have yet to prove it mathematically.
The jondos system makes it difficult or impossible to determine the origination of a packet.
What???
So it hides your IP address from a web server. That does not address the issue of virtualization security.
Preventing a web server from seeing your real IP address does absolutely nothing to improve your real security.
Let us assume you use the above proxy server. You visit a hostile website. You request the infected page. You receive the malicious code and execute it on your computer. Result? You are still infected.
Answer This Question