Virtualization, Cloud, Infrastructure and all that stuff in-between

My ramblings on the stuff that holds it all together

Security in "Virtual Clouds"

Leave a comment Posted by on January 22, 2008

 

Interesting article here

What if you could breach the hypervisor? best practice would dictate firewalling off the management traffic to the service console to a management network but what if you could exploit the VM Tools or other enlightenments/paravirtualizations to compromise the hypervisor – if you could you own every VM it’s running.

Does this compare to VLAN jumping on a Cisco switch? As far as I understand it show me a practical exploit to do this and the mitigation steps are quite well documented.

This is (and will) always a big issue with Multi-tennant systems but it’s the same issue that we currently face in most service providers, shared SANs, LAN, WAN, even physical buildings/suites etc. – virtualization is just a marketing tag, the same principals have been applied in the physical world for ages and mitigated against – I don’t think this is any different.

A session with the US Marine Corps at VMWorld 2007 mentioned that the US DoD had audited the code of ESX for this issue and found it to be satisfactory – but I’ve not seen this documented anywhere, if it’s safe for the US .mil isn’t it safe enough for you?

Compare risk vs cost saving, patch, mitigate, move on but keep your eyes open.

Uncategorized

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

%d bloggers like this: