Neil MacDonald

A member of the Gartner Blog Network

Neil MacDonald
VP & Gartner Fellow
15 years at Gartner
25 years IT industry

Neil MacDonald is a vice president, distinguished analyst and Gartner Fellow in Gartner Research. Mr. MacDonald is a member of Gartner's information security and privacy research team, focusing on operating system and application-level security strategies. Specific research areas include Windows security…Read Full Bio

Coverage Areas:

Free Virtualization Security Stuff

by Neil MacDonald  |  March 28, 2009  |  1 Comment

In this tough economic environment, we are always on the lookout for opportunities to do more with less. In my last post, I pointed you to two free tools to help locate rogue SharePoint sites. Keeping with the theme, here’s some free tools for virtualization security.

There are multiple security issues that need to at least considered before undertaking a widespread virtualization initiative. Of the dozens of best practices for securing virtualization, a foundational best practice is to define your own standard(s) for secure configuration of the layer of virtualization software (the hypervisor and the virtual machine monitor) and regularly ensure that the virtualization layer is configured according to your standards.

At least two vendors are providing some capabilities to do this at no cost for VMware’s ESX: Tripwire’s ConfigCheck (Tripwire is best known for file integrity monitoring, but also has configuration management capabilities) and Configuresoft’s Compliance Checker for VMware ESX.

Free is not a sustainable business model, so there are some limitations to the tools. For example, limiting the number of servers scanned or limiting scans to compare against just the VMware or Center for Internet Security hardening guidelines (the idea is to get you to upgrade to an enterprise version where you can expand and modify the configuration definitions).

Of course, doing nothing is also free, but like any enterprise IT platform, we have a responsibility to make sure the virtualization platform has a configuration and vulnerability management process defined and followed.

If you are checking configurations manually or not at all, free tools are a good way to get started.

1 Comment »

Category: Virtualization Security     Tags: , ,

1 response so far ↓

  • 1 brad   April 1, 2009 at 4:42 pm

    A really interesting green computer technology I found is desktop virtualization. It’s where multiple people can use the same computer at the same time each with their own monitor, mouse and keyboard. This saves a lot of electricity and e-waste. A company called Userful recently set a virtualization world record by delivering over 350,000 virtual desktops to schools in Brazil. They have a free 2-user version for home use too. Check it out: http://www.userful.com