When you think of backup security, many people think of ensuring tapes are offsite or even encryption on media, but what is really required for backup security? There is quite a bit going on when someone performs a backup within the virtual environment, so where does security begin and end for making a single or multiple backups?
• • 2 Comments
I recently participated in the InformationWeek Dark Security Virtual Event as a panel member with Hoff, Craig Balding, Chris Wolf, Glenn Brunette, and Jon Oberheide. A very far ranging group of individuals from research, security organizations, analysts, and authors. What is interesting is that most of these same people have joined me on the Virtualization Security Podcast, and the others I hope to have as guests next year. There was one question that set me to thinking even more, do we need a new way of thinking about virtualization security?
The last Virtualization Security Podcast covered PCI, Kurt Roemer and Jeff Elliot who were guests represented PCI. PCI as you hopefully know is working on compliance guidance for payment systems running within virtual machines and the cloud. This early discussion is a plea for people to get involved in reviewing the currently developing white-paper. While…
Over the past year or so I have been thinking pretty heavily about the direction networking is taking within virtualization. In some ways, it appears security has been forgotten or relegated to ‘encrypt’ and forget. However, it takes quite a bit of knowledge and time to properly set up the backbone of an ‘encrypt’ and forget approach to network security, so it does not happen. Instead, we have a proliferation of technologies being used to cut down on cable clutter and thereby consolidate the network. These are all very important concepts. Security practitioners like myself realize that this type of consolidation WILL happen. So what tools are required to either ‘encrypt and forget’ or to protect these consolidated networks?
There has been great debate of what comprises the cloud, how to bound the cloud so that its easier to understand, and how to secure the cloud. Christofer Hoff of the Rational Survivabilty blog has been spear-heading quite a bit of discussion on cloud taxonomy in his attempts to wrap some thoughts around how to properly secure the cloud and everything within it. The start of this journey is the act of defining exactly what the cloud is, and is not. NIST’s document adds some more to an existing definition by defining public and private clouds.
Cloud Computing ...
• • 0 Comments
Intrusion Protection Systems (IPS) differ quite a bit from Intrusion Detection Systems (IDS). An IPS is designed to modify some form of security setting when an intrusion is detected, thereby preventing the intrusion from being successful. An IDS on the other hand is just the detection component used by an IPS. Like all security tools used within a virtual environment there are four major ways to implement such devices. We will discuss later some best practices for managing a security tool. We will look at what is currently shipping over products hinted at for the future such as the OpenVSwitch, Xen Instropection API.
I was recently on an island and it got me thinking about whether a set of close islands can support a highly mobile cloud? If not what would be needed to make the Islands Cloud safer from the vagaries of Mother Nature, such as hurricanes, volcanoes, and earthquakes. Can a cloud provider be based on an island? or would it need to be on every island? Only the mainland?
• • 0 Comments
I was upgrading my nodes from VMware VI3 to VMware vSphere and used the VMware Update Manager to perform the update. Given that my existing filesystems were implemented to meet the requirements of the DISA STIG for ESX, as well as availability. I was surprised to find that when the upgrade of the first node of my cluster completed, that the install did NOT take into account my existing file system structure, but instead imposed the default file system used by the standard VMware vSphere ESX 4 installation.
I was recently on an island and it got me thinking of how would I move my company to the island. The company services people around the world, but would also service local to the island. Does virtualization really help me here? Why do I ask this, because an island is often prone to the vagaries of mother nature: Lava, Flooding, Typhoon, Hurricane, Earthquakes, humidity, desert, power fluctuations, etc. The list is pretty endless. So how would you move a business to or from an Island? Is this where the Cloud becomes a mature component? If so how much cloud do you need?