Virtualisation security risks being ignored » Computer internet security 
information computer networking security
 
|
|
|
News
|
Advertise
|
|
Products
|
Contact
  



Virtualisation security risks being ignored

Monday, December 31, 2007, 18:59
This news item was posted in Operating systems security category and has 0 Comments so far.

Gartner blows a gasket on hyped technology.
Companies rushing to deploy virtualisation technologies for could wind up overlooking many security issues and exposing themselves to risk, Gartner has warned.

Virtualisation software offers the ability to run multiple operating systems, or multiple sessions of a single operating system, on a single physical machine, whether server or desktop. But virtualisation software, such as hypervisors, present a layer that will be attacked and security strategies need to be put in place in advance, Gartner warns.“Many organisations mistakenly assume that their approach for securing virtual machines will be the same as securing any OS and thus plan to apply their existing configuration guidelines, standards and tools,” MacDonald said. While this is a start, a closer look at securing virtual machines is required, especially since needed tools may be “immature or non-existent,” according to Gartner.

Gartner analysts said the process of securing VMs must start before the VMs are deployed, and ideally, before vendors and products are selected, so that security and securability can be factored into the evaluation and selection process. During this process, organizations must consider these security issues in virtualized environments:

  • Virtualization software, such as hypervisors, represent a new layer of privileged software that will be attacked and must be protected.
  • The loss of separation of duties for administrative tasks, which can lead to a breakdown of defense in-depth.
  • Patching, signature updates, and protection from tampering for offline VM and VM “appliance” images.
  • Patching and secure confirmation management of VM appliances where the underlying OS and configuration are not accessible.
  • Limited visibility into the host OS and virtual network to find vulnerabilities and assess correct configuration.
  • Restricted view into inter-VM traffic for inspection by intrusion prevention systems (IPSs).
  • Mobile VMs will require security policy and settings to migrate with them.
  • Immature and incomplete security and management tools.

Related posts





Tagged with: , , ,

You can leave a response, or trackback from your own site.

Leave a Reply

ActiveX gets its own month of bugs
Back door