Wave Systems Corp. (fka WAVXQ)

[Fullmoon]

How do you protect your virtual machines?
By Paul Mah

http://www.fiercecio.com/techwatch/story/how-do-you-protect-your-virtual-machines/2010-09-10

Security vendor BeyondTrust at VMworld last week performed a demonstration of an attack perpetuated by an insider [1] on the exposition floor. The point here was to show how it is possible to penetrate guest virtual machines (VM) and steal the contents of their file systems without leaving a trace.

Of course, BeyondTrust also happens to sell software that reduces the possibility of such meddling, so the demonstration was more than just for purely altruistic reasons. It did get me thinking though, of how the use of VMs throws a spanner into the works of traditional defenses against theft and physical intrusions perpetuated against servers.

Some will point out that exposing one's physical sever to a malicious party is unlikely to work out well at all, physical or virtual. My thinking here is that a physical server will at least have access to full disk encryption (FDE) and TPM or other hardware mechanisms to store the decryption key.
Now, it is true that VMs in the typical enterprise setup are probably deployed on SANs, which by themselves are heavily protected by various technologies against both data loss and unauthorized access. Off-site backups of VMs, however, are left in a far more vulnerable situation; the result of information falling into the wrong hands can effectively lead to a compromise of an active VM as the password file of the system is retrieved and cracked.

Perhaps my technical understanding from my system administrator days is a tad out-of-date, and new technologies have emerged to address these issues. If you are an expert in virtualization, I would love to hear from you; do drop me an email or post a comment on the FierceCIO:TechWatch comments section. - Paul Mah [2] (Twitter @paulmah [3])