When you think of backup security, many people think of ensuring tapes are offsite or even encryption on media, but what is really required for backup security? There is quite a bit going on when someone performs a backup within the virtual environment, so where does security begin and end for making a single or multiple backups?
I recently participated in the InformationWeek Dark Security Virtual Event as a panel member with Hoff, Craig Balding, Chris Wolf, Glenn Brunette, and Jon Oberheide. A very far ranging group of individuals from research, security organizations, analysts, and authors. What is interesting is that most of these same people have joined me on the Virtualization Security Podcast, and the others I hope to have as guests next year. There was one question that set me to thinking even more, do we need a new way of thinking about virtualization security?
The last Virtualization Security Podcast covered PCI, Kurt Roemer and Jeff Elliot who were guests represented PCI. PCI as you hopefully know is working on compliance guidance for payment systems running within virtual machines and the cloud. This early discussion …
Over the past year or so I have been thinking pretty heavily about the direction networking is taking within virtualization. In some ways, it appears security has been forgotten or relegated to ‘encrypt’ and forget. However, it takes quite a bit of knowledge and time to properly set up the backbone of an ‘encrypt’ and forget approach to network security, so it does not happen. Instead, we have a proliferation of technologies being used to cut down on cable clutter and thereby consolidate the network. These are all very important concepts. Security practitioners like myself realize that this type of consolidation WILL happen. So what tools are required to either ‘encrypt and forget’ or to protect these consolidated networks?
There has been great debate of what comprises the cloud, how to bound the cloud so that its easier to understand, and how to secure the cloud. Christofer Hoff of the Rational Survivabilty blog has been spear-heading quite a bit of discussion on cloud taxonomy in his attempts to wrap some thoughts around how to properly secure the cloud and everything within it. The start of this journey is the act of defining exactly what the cloud is, and is not. NIST’s document adds some more to an existing definition by defining public and private clouds.
Intrusion Protection Systems (IPS) differ quite a bit from Intrusion Detection Systems (IDS). An IPS is designed to modify some form of security setting when an intrusion is detected, thereby preventing the intrusion from being successful. An IDS on the other hand is just the detection component used by an IPS. Like all security tools used within a virtual environment there are four major ways to implement such devices. We will discuss later some best practices for managing a security tool. We will look at what is currently shipping over products hinted at for the future such as the OpenVSwitch, Xen Instropection API.