Thanks kix1979. That would also explain why I can't give anyone credit for answering the post. So I'm not crazy... er as crazy as I thought I was. Thanks! J.J.
That I did! Thanks, I posted this last week and haven't caught up with myself evidently. I'm used to posting in the installation and configuration section. J.J.
Does anyone have any thoughts on the impact of virtualization on server security? I was chatting with a security expert (who will be apparently speaking on an Interop panel in May) and he wa...
See more...
Does anyone have any thoughts on the impact of virtualization on server security? I was chatting with a security expert (who will be apparently speaking on an Interop panel in May) and he was genuinely concerned with the security impacts of: decoupled software and hardware; VM sprawl; software updates; and complex server stacks. How is VM sprawl any different from physical server sprawl and all of the issues it presents? I don't see virtualization creating any new headaches in this realm, only perhaps the same ones people have in the physical world. He also said that HIPS/NIPS/Firewalls were never designed to protect these kinds of sprawling (hard to manage) environments. Some of their functionality will continue to function, but any features tied to hardware-based signature processing (very common in mature security solutions) would be rendered "virtually irrelevant." How is a virtual environment hard to manage? Treat VMs similar to a physical machine. You still need to patch the OS, maintain the software, update AV definitions etc...
More specifically, what do we do with all of the "moth-balled" servers as software patches/updates are made available? I cannot patch instances; and I'm similarly concerned that the sprawl of vi...
See more...
More specifically, what do we do with all of the "moth-balled" servers as software patches/updates are made available? I cannot patch instances; and I'm similarly concerned that the sprawl of virtual machines will expand beyond my partitions....
Please be specific on your security concerns so that the vendors can analyze and address the specific threat due to lack of such protection. For example, if there is a hardware signature require...
See more...
Please be specific on your security concerns so that the vendors can analyze and address the specific threat due to lack of such protection. For example, if there is a hardware signature requirement, let virtualization vendor know the deficiencies of the product and understand how to implement such security requirements to minimize the threats. I see many security experts express their concerns, but not ready to help the community. I am also looking for security scanning tools so that my security folks can test my environment for any flaws before I go for production.
Does anyone have any thoughts on the impact of virtualization on server security? I was chatting with a security expert (who will be apparently speaking on an Interop panel in May) and he was ge...
See more...
Does anyone have any thoughts on the impact of virtualization on server security? I was chatting with a security expert (who will be apparently speaking on an Interop panel in May) and he was genuinely concerned with the security impacts of: decoupled software and hardware; VM sprawl; software updates; and complex server stacks. He also said that HIPS/NIPS/Firewalls were never designed to protect these kinds of sprawling (hard to manage) environments. Some of their functionality will continue to function, but any features tied to hardware-based signature processing (very common in mature security solutions) would be rendered "virtually irrelevant." Anyone have any thoughts? Suggestions?
Well the alternative is they put the COS on the internet...that should be much more secure :O) "Security" teams really tick me off as 9/10 times they are morons that really can't do any of the...
See more...
Well the alternative is they put the COS on the internet...that should be much more secure :O) "Security" teams really tick me off as 9/10 times they are morons that really can't do any of the work themselves and they make people jump through hoops to prove things to them. As a "Security" team it is their job to certify and prove things are safe or unsave in an environment...not to push freaking paper...
Check out the "Compliance and Security Discussion" forum and search for "NSA", there is some stuff in there. On the other hand, how do you know that the firewalls you/I are using are totally s...
See more...
Check out the "Compliance and Security Discussion" forum and search for "NSA", there is some stuff in there. On the other hand, how do you know that the firewalls you/I are using are totally secure? I suppose they can get certified via common criteria or FIPS or whatever but it's still software and that software will have bugs just the same as ESX. I think ESX and most firewalls are written so that any bugs that are uncovered are less likely to be exploited due to "fail safe" errors, that is, the code will fail safe when exploited. Ben
Hey guys. I'm trying to convince my security team that it's safe for me to put the COS inside the firewall and have the other nics outside for VM usage in an E-Services type compartment on a s...
See more...
Hey guys. I'm trying to convince my security team that it's safe for me to put the COS inside the firewall and have the other nics outside for VM usage in an E-Services type compartment on a seperate vswitch. They've asked me to check and see if ESX is an air gap solution certified by the NSA. The only thing I've found was a PDF document talking about NetTop which seems to be a project ran by the NSA back in 2000. Does anyone have anything more concrete I can throw at these guys. I really don't want to put my COS outside the firewall. Thanks! J.J.
How would I go about implimenting encrypted passwords from within our VCB script. Currentley they pass as plain text, which I'm not very happy about... Anyway I can use the encrypted passwor...
See more...
How would I go about implimenting encrypted passwords from within our VCB script. Currentley they pass as plain text, which I'm not very happy about... Anyway I can use the encrypted passwords taken from the shadow directory like I would with a kickstart scripted installation?
Encrypting the VM volume is not really the answer here. What you need to do is seal up the OS (inbound and outbound) within itself. This will give you the self protecting layer you require. ...
See more...
Encrypting the VM volume is not really the answer here. What you need to do is seal up the OS (inbound and outbound) within itself. This will give you the self protecting layer you require. Encrypting the vm volume will only stop other volumes/ hosts accessing it, not control the effects you are talking about in your thread. Good luck.
started from thread on truecrypt forums: http://forums.truecrypt.org/viewtopic.php?p=22979 my question from there repeated for convenience: if I do the following, will any traces be left on...
See more...
started from thread on truecrypt forums: http://forums.truecrypt.org/viewtopic.php?p=22979 my question from there repeated for convenience: if I do the following, will any traces be left on my machine at all? create a truecrypt volume. mount it, and create a vmware partition for a new operating system on the truecrypt volume. if I boot up the vmware operating system (which only has access to the truecrypt section of the hard drive), would any traces of my activity be left behind? what about with the swap/page file in the native OS? there responses seem to indicate "there's no way that'd work." is that accurate? can I configure vmware to do what I want? if so, how do I go about it?
HI I want to move one of my physical server to esx3.0 using the vmware converter 3 but the problem there are many firewalls between them. Also physical server have firewall on. I want know th...
See more...
HI I want to move one of my physical server to esx3.0 using the vmware converter 3 but the problem there are many firewalls between them. Also physical server have firewall on. I want know that what network ports needs to be opened for transfer from physical to vmware converter 3 and also for from vmware converter to esx 3.0. Anyone have idea about that Thanks
