by Neil MacDonald | February 27, 2009 | Comments Off
As I have discussed from the beginning, the policy enforcement capabilities of information security technologies like firewalls, intrusion prevention systems, network access control and so on need to be virtualized in order to secure the next-generation adaptive data center. Network and trust separation in a virtual environment needs to be enforced based on logical [...]
Comments Off
Category: Virtualization Security Tags: Virtualization Security, VMware, vShield
by Neil MacDonald | February 25, 2009 | 14 Comments
I’m sure you’ve experienced the growth of SharePoint in your organizations firsthand (and those are only the deployments you know about!). SharePoint is a flexible product with a pretty powerful security architecture and it got even more powerful with the latest release. But with this flexibility comes complexity. In discussions with clients on securing [...]
Category: SharePoint Security Tags: Best Practices, SharePoint, SharePoint Security
by Neil MacDonald | February 23, 2009 | 8 Comments
My colleague David Cappuccio recently provided his observations on tiered data center structures. As I read it, I was stuck by the similarities to what he was describing in IT operations to what I am seeing in information security. “Rather than build a tier 4 fully redundant data center that supports all mission critical systems, [...]
Category: Next-generation Data Center Virtualization Security Tags: Virtualization Security
by Neil MacDonald | February 20, 2009 | 2 Comments
In a previous post, I discussed that many people I talk with about virtualization and security are skeptical that the threat against hypervisors and virtual machine monitors is real. They point to the lack of a publicly disclosed breach that was caused by an attack on the virtualization layer as evidence that such attacks are [...]
Category: Virtualization Security Tags: Hypervisor Security, Microsoft
by Neil MacDonald | February 18, 2009 | 9 Comments
VMsafe is essentially set of APIs at the level of the hypervisor/virtual machine monitor that VMware has opened up to developers (primarily of security tools). Since the virtual machine monitor arbitrates all access between the OSs that run on top of it and the shared hardware underneath (memory, CPU, disk and network), security vendors can [...]
Category: Virtualization Security Tags: Virtualization, Virtualization Security, VMsafe, VMware
by Neil MacDonald | February 17, 2009 | 2 Comments
In my research on virtualization security, I am frequently asked “Aren’t attacks on the virtualization layer just theoretical?” and “Do you know of any publicly disclosed hypervisor attack that resulted in damage or the loss of information?”. This is similar to standing on one of the levees around New Orleans prior to 2005 and asking [...]
Category: Virtualization Security Tags: Hyper-V, Hypervisor Security, VMware
by Neil MacDonald | February 13, 2009 | 8 Comments
Hello and welcome to my blog. I will use this blog as a research tool to explore thoughts and observations on the future of information security and I encourage you to provide feedback as a part of that process. I’ll candidly share my thoughts and I hope you’ll share yours. This is my first posting, [...]
Category: Virtualization Security Tags: Adaptive Security Infrastucture, Virtualization
