Tag Archives: VM

If the Virtualization Security Products had no Firewall?

I keep asking myself, can any of the current batch of virtualization security products replace my existing virtual firewall setup, I keep on coming back to my modest requirements:

  • Network Address Translation
  • Port Redirection
  • Logging of bad traffic (and filtering)
  • Web Proxy

These Edge Firewall requirements push many of the security tools away from me, but then I started thinking what happens to the products if I did not use their firewall technology, what are the benefits and could this actually be done?

So let’s look at each of the virtualization security products and ignore the firewall and networking access control components which are part of their firewall products.What I realized was that the firewall is intrinsic and a major component of each of these tools and while you can disable policy settings, most of the unique functionality of each tool does not work with out it. Even so, what does each give me as a useful tool without the firewall in use? To me this implies that any VMsafe network introspection is not in use.

Continue reading If the Virtualization Security Products had no Firewall?

VLANs/FCoE/CNA – Mixed Security Data on One Wire

Over the past year or so I have been thinking pretty heavily about the direction networking is taking within virtualization. In some ways, it appears security has been forgotten or relegated to ‘encrypt’ and forget. However, it takes quite a bit of knowledge and time to properly set up the backbone of an ‘encrypt’ and forget approach to network security, so it does not happen automatically. Instead, we have a proliferation of technologies being used to cut down on cable clutter and thereby consolidate the network. These are all very important concepts. Security practitioners like myself realize that this type of consolidation WILL happen. So what tools are required to either ‘encrypt and forget’ or to protect these consolidated networks? Continue reading VLANs/FCoE/CNA – Mixed Security Data on One Wire