Choosing the Right Security Tools To Protect VMs

← Back to Stories (view on slashdot.org)

Choosing the Right Security Tools To Protect VMs

Posted by Soulskill on Tuesday July 3, 2012 @06:32AM from the find-a-good-dartboard dept.

Nerval's Lobster writes "Tech writer David Strom starts a discussion about how you should go about securing virtual machines for your organization. 'The need to protect physical infrastructure is well known at this point: most enterprises would balk at a network without any firewalls, intrusion prevention devices or anti-virus scanners. Yet these devices aren’t as well deployed in the virtual context. ... Take firewalls, for example. The traditional firewalls from Checkpoint or Juniper aren’t designed to inspect and filter the vast amount of traffic originating from a hypervisor running, say, ten virtualized servers. Because VMs can start, stop, and move from hypervisor to hypervisor at the click of a button, protective features have to be able to handle these movements and activities with ease and not set off all sorts of alarms within an IT department.' He goes through the main functional areas that need protection, and points out that many vendors make it difficult to price out a given security plan."

6 of 44 comments (clear)

Min score:

Reason:

Sort:

Hypervisor Firewalls by Anonymous Coward · 2012-07-03 06:37 · Score: 3, Insightful

They DO exist : Juniper proposes Virtual Gatezay, Trend Micro has Deep Security, etc.
Do a google search sometimes ?
1. Re:Hypervisor Firewalls by akboss · 2012-07-03 06:43 · Score: 4, Funny
  
  They DO exist : Juniper proposes Virtual Gatezay, Trend Micro has Deep Security, etc.
  Do a google search sometimes ?
  But that would mean they would have to do their own research, {gasp}
  
  --
  "Remember, politicians and diapers should be changed often and for the same reason."
2. Re:Hypervisor Firewalls by alittle158 · 2012-07-03 06:50 · Score: 3
  
  VMware even has their own...
  http://www.vmware.com/products/vshield/overview.html
  
  --
  If it's not on fire, it's a software problem
Uh what? by drinkypoo · 2012-07-03 06:50 · Score: 3, Funny

The traditional firewalls from Checkpoint or Juniper arenâ(TM)t designed to inspect and filter the vast amount of traffic originating from a hypervisor running, say, ten virtualized servers
So uh, how do those firewalls normally handle the "vast amount of traffic" originating from that many REAL systems, which can actually send MORE data than a bunch of virtualized ones?

--
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
1. Re:Uh what? by khasim · 2012-07-03 07:51 · Score: 3, Informative
  
  Because it puts you in danger from "VLAN hopping" attacks.
  http://en.wikipedia.org/wiki/VLAN_hopping
  And if one of your external servers is cracked then you SHOULD distrust all the systems on that system. If they're all on the same VM host then you have a big problem.
  If they were segmented then the problem domain is reduced.
  Just because it can be done does not mean it is good practice to do it.
I run my VMs using by the_humeister · 2012-07-03 06:59 · Score: 5, Funny

Itanium emulation! You can't exploit hardware that no one runs!