VM /ETC

Posts Tagged ‘tripwire’

When Tripwire released ConfigCheck for ESX 3.5 back in June, the product was an instant success and downloaded by tens of thousands of VMware administrators. The free security hardening tool, jointly developed by VMware and Tripwire, could not be used on ESX 3.0 versions, however. On July 21 Tripwire announced the availability of Tripwire ConfigCheck for ESX 3.0 thus now allowing the same security assessment capabilities for the still widely deployed previous version of ESX.

I received a courtesy email about the new version from Kim Blogren of Tripwire’s Public Relations. In the email Kim explained the following about the reason for releasing the new version: Read the rest of this entry »

VMware and Tripwire have released a free tool that analyzes the configuration of ESX servers and compares the results against established best practices. ConfigCheck is a free utility that downloads to your desktop where you can easily assess whether your VMware virtual infrastructure is properly configured for security. According to Tripwire’s download page the tool is available for both Windows and Linux. Tripwire Configcheck was developed as a no cost introduction to the fully featured and licensed version of Tripwire Enterprise.

Both VMware and Tripwire have information about the free product on their websites. The following information from both sources provides a good summary about what the tool can do. Read the rest of this entry »

When I first started VM /ETC by live blogging from VMworld 2007 last September, I posted a few entries about what I call “ton of bricks” moments. This happens to me usually when I am talking to vendors or other engineers about virtualization technologies, strategies or designs and I learn something new that is so simple but so important that it hits me like a ton of bricks. VMware’s Partner Exchange 2008 first such moment happened not because of a single conversation or breakout session, but because of a collective of virtual infrastructure security discussions.

Virtual Infrastructure presents some unique security challenges to administrators. Sure, virtual machines are networked servers just like physical servers and traditional security monitoring and intrusion detection products and processes can be deployed as usual. However, consolidation of servers has changed the attack surface from physical networking to virtualized networks contained within virtualization hosts. If a hacker were to compromise one of your VMs could your current security monitoring alert you of any suspicious activity? What if the activity never reached the core network switch or even the physical NICs of the host server, but instead was kept internal to the host by only attempting to compromise the VMs that shared the virtual switches? What if an intruder brought his own VM and started it up on one of your virtualization hosts, would you know it ever happened?

I have talked with several vendors this week that have solutions to provide visibility and monitoring of the internal virtual network activity and inter-VM communications. These solutions Read the rest of this entry »