VM /ETC

When I first started VM /ETC by live blogging from VMworld 2007 last September, I posted a few entries about what I call “ton of bricks” moments. This happens to me usually when I am talking to vendors or other engineers about virtualization technologies, strategies or designs and I learn something new that is so simple but so important that it hits me like a ton of bricks. VMware’s Partner Exchange 2008 first such moment happened not because of a single conversation or breakout session, but because of a collective of virtual infrastructure security discussions.

Virtual Infrastructure presents some unique security challenges to administrators. Sure, virtual machines are networked servers just like physical servers and traditional security monitoring and intrusion detection products and processes can be deployed as usual. However, consolidation of servers has changed the attack surface from physical networking to virtualized networks contained within virtualization hosts. If a hacker were to compromise one of your VMs could your current security monitoring alert you of any suspicious activity? What if the activity never reached the core network switch or even the physical NICs of the host server, but instead was kept internal to the host by only attempting to compromise the VMs that shared the virtual switches? What if an intruder brought his own VM and started it up on one of your virtualization hosts, would you know it ever happened?

I have talked with several vendors this week that have solutions to provide visibility and monitoring of the internal virtual network activity and inter-VM communications. These solutions

install a virtual appliance that is capable of analyzing the intra host networking for anomalies, suspicious activity, or issues that would not otherwise be detected by current physical devices and methods. Here is a brief summary of several of the solutions I’ve learned about this week. Be sure to follow the links for more information on all of them.

Altor Networks Virtual Network Security Analyzer (VNSA) is capable of monitoring multiple virtual switches. The solution consists of an Altor Agent VM that has a virtual NIC connected to the vSwitches being monitored, and the Altor Center VM which serves as a central dashboard that communicates with and manages multiple Altor Agents.

Reflex Security’s Reflex VSA is a virtual appliance that is a firewall and an intrusion protection device. It can detect and prevent threats such as DoS attacks, flood attacks, viruses, and access violations. reflex VSA is positioned between the virtual switches and before the physical network to intercept all VM traffic.

Tripwire Enterprise for VMware ESX Server helps you maintain a trusted state across all of your hosts by features that enable change auditing and configuration assessment. Tripwire is able to detect any changes or deviations from the known trusted state and provides an audit trail to maintain industry regulations and standards.

Related Posts

• Likewise Agreement Means Active Directory Integration In Future vSphere Versions (0)
• Updated VMware Hosted Products and ESX/ESXi Patches Fix Critical Security Vulnerability (1)
• Virtual Machine Sniffer on ESX Hosts (9)
• Getting to know the VMware VC Administrator Portal (VCAP) (4)
• Tripwire ConfigCheck Now Assesses VMware ESX 3.0 (2)
• 730 Days Later – Replace The VirtualCenter Default SSL Certificate (7)
• New Patches Available for ESX 3.5 / 3i and ESX 3.01 / 3.02 – June 3, 2008 (0)
• Tripwire ConfigCheck – free utility that rapidly assesses the security of VMware ESX (0)
• VirtualCenter is sluggish while waiting for hung tasks. (1)
• VMware Site Recovery Manager Overview (2)