Product Guides
- Microsoft research projects to improve our lives
- Outlook '09
- IBM employees buzzing about layoff rumors
- AT&T builds $23M IPv6 network for U.S. military
- Is VoIP dead?
 |
|
For years, Inttra, an e-commerce logistics provider to the world’s largest cargo-shipping organizations, has been using virtualization on its back-end IBM mainframe and Citrix Systems servers in a secure environment. Now the Parsippany, N.J., company primarily uses IBM blade servers running virtual Linux machines. VMware’s virtualization technology on an Intel platform powers this New Data Center infrastructure.
Other stories on this topic
Is virtualization bad for security?
Read the story (3/19/07) | Cast a vote
Virtual security virtually missing
04/18/07
Security and virtualization
03/19/07
 E-Mail article |
|
 Print article |
|
 Contact author |
 Reprint |
 AIM article |
 del.icio.us |
 Reddit |
 Digg |
 Stumble |
 Slashdot It! |
John Debenedette, Inttra’s vice president of IT, says he believed he could keep a virtualized data-center environment secure while emulating established best practices. He’s not ready, however, to risk running virtual Web servers outside his DMZ. Nor is he ready to allow virtual machines on the endpoints, which are harder to control.
“You can follow best practices on all of your virtual machines. But at the end of the day, you’re putting a lot of trust in the virtual-machine platform layer itself,” Debenedette says. “This layer — also called the hypervisor, the virtual kernel or virtual-machine monitor — sits between the hardware and all its device drivers, including the operating system, which puts it in a very authoritative position.”
Security watchers have not confirmed any exploits at this layer; but virtual-machine-aware malware, such as RedPill, and virtual-machine rootkits, such as BluePill, are common. Debenedette rightfully frets about this new platform layer: It’s a vector into which virtual-machine malware writers are trying to break, experts say (see graphic "Danger at the hypervisor").
In this virtual environment, effective security best practices are sorely needed. In addition to physical machines, virtual machines must be managed and secured. Network defenses must be tuned to watch for rogue traffic on them. And the virtual-machine layer must be built safely and defended from up-and-coming forms of attackware.
Rss FeedRss Feed
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 The Leader in Network Knowledge© 1994-2009 Network World, Inc. All rights reserved. |
Comments (2)
Hardening VMWare serversBy Phil on August 22, 2007, 4:20 amWe use a programme called STAT from Patchlink - ex-Harris to harden our servers. We couldn't even attach to our VMWare boxes to attempt the hardening process. ...
Reply | Read entire comment
RE: Virtualization security needed ? now!By frivera on August 20, 2007, 7:39 pmFYI
Reply | Read entire comment
View all comments