VMware Cloud Community
TheVMinator
Expert
Expert
‎11-10-2010 07:06 AM
Jump to solution

Meaning of EAL4 Certification

I'm trying to translate vsphere EAL4 certification into practical terms. Suppose I have a virtual machine that is running on an ESX host, and that virtual machine is compromised (for example, the Windows OS becomes filled with viruses, rootkits and malware). Am I assured by EAL4 that the compromised virtual machine can never jeproadize in any way the security of the ESX 4 host? Obviously it could start using too much RAM, processor and network bandwidth, and so affect performance negatively. But are there any known cases of a compromised VM doing something like bring down the service console or install code in it, or install code underneath the hypervisor, or shut down the esx host or anything of that nature? (assuming the service console is itself properly secured beforehand).

Any thoughts appreciated - thanks

0 Kudos
1 Solution

Accepted Solutions
Texiwill
Leadership
Leadership
‎11-10-2010 08:37 AM
Jump to solution

Hello,

If a VM is compromised, the ESX host is NOT compromised.... It it was it would be an 'escape the VM' attack. There are no such attacks that currently work against ESX/ESXi.

EAL4+ does not necessarily imply this, but it is a benchmark used by many organizations to determine the level of security existing within the code of an operating system. To get this certification VMware's hypervisor went through a strenuous evaluation, etc.

Search this forum for 'escape the VM' for more ideas on this style of attack.


Best regards,
Edward L. Haletky VMware Communities User Moderator, VMware vExpert 2009, 2010

Now Available: 'VMware vSphere(TM) and Virtual Infrastructure Security'[/url]

Also available 'VMWare ESX Server in the Enterprise'[/url]

Blogging: The Virtualization Practice[/url]|Blue Gears[/url]|TechTarget[/url]|Network World[/url]

Podcast: Virtualization Security Round Table Podcast[/url]|Twitter: Texiwll[/url]

--
Edward L. Haletky
vExpert XIV: 2009-2023,
VMTN Community Moderator
vSphere Upgrade Saga: https://www.astroarch.com/blogs
GitHub Repo: https://github.com/Texiwill

View solution in original post

0 Kudos
2 Replies
Texiwill
Leadership
Leadership
‎11-10-2010 08:37 AM
Jump to solution

Hello,

If a VM is compromised, the ESX host is NOT compromised.... It it was it would be an 'escape the VM' attack. There are no such attacks that currently work against ESX/ESXi.

EAL4+ does not necessarily imply this, but it is a benchmark used by many organizations to determine the level of security existing within the code of an operating system. To get this certification VMware's hypervisor went through a strenuous evaluation, etc.

Search this forum for 'escape the VM' for more ideas on this style of attack.


Best regards,
Edward L. Haletky VMware Communities User Moderator, VMware vExpert 2009, 2010

Now Available: 'VMware vSphere(TM) and Virtual Infrastructure Security'[/url]

Also available 'VMWare ESX Server in the Enterprise'[/url]

Blogging: The Virtualization Practice[/url]|Blue Gears[/url]|TechTarget[/url]|Network World[/url]

Podcast: Virtualization Security Round Table Podcast[/url]|Twitter: Texiwll[/url]

--
Edward L. Haletky
vExpert XIV: 2009-2023,
VMTN Community Moderator
vSphere Upgrade Saga: https://www.astroarch.com/blogs
GitHub Repo: https://github.com/Texiwill
0 Kudos
TomHowarth
Leadership
Leadership
‎11-10-2010 09:20 AM
Jump to solution

EAL 4+ certification for vSphere concerns the host and VMware related services, not guests, yes it gives advice regarding guest protection but not regarding the OS running on that guest, they are subject to different EAL4+

As Texiwill says what you are talking about is currently not possible.

If you found this or any other answer useful please consider the use of the Helpful or correct buttons to award points

Tom Howarth VCP / vExpert

VMware Communities User Moderator

Blog: www.planetvm.net

Contributing author on "[VMware vSphere and Virtual Infrastructure Security: Securing ESX and the Virtual Environment|http://www.amazon.co.uk/VMware-VSphere-Virtual-Infrastructure-Security/dp/0137158009/ref=sr_1_1?ie=UTF8&s=books&qid=1256146240&sr=1-1]”.

Contributing author on "[VCP VMware Certified Professional on VSphere 4 Study Guide: Exam VCP-410|http://www.amazon.co.uk/VMware-Certified-Professional-VSphere-Study/dp/0470569611]”.

Tom Howarth VCP / VCAP / vExpert
VMware Communities User Moderator
Blog: http://www.planetvm.net
Contributing author on VMware vSphere and Virtual Infrastructure Security: Securing ESX and the Virtual Environment
Contributing author on VCP VMware Certified Professional on VSphere 4 Study Guide: Exam VCP-410