<br><br><div class="gmail_quote">On 7 November 2011 13:11, Martin <span dir="ltr"><<a href="mailto:martin@ml1.co.uk">martin@ml1.co.uk</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div class="im">On 2 November 2011 14:37, Martin <<a href="mailto:martin@ml1.co.uk">martin@ml1.co.uk</a>> wrote:<br>
> On 1 November 2011 22:36, Sergiusz Pawlowicz <<a href="mailto:sergiusz@pawlowicz.name">sergiusz@pawlowicz.name</a>> wrote:<br>
>> On Tue, Nov 1, 2011 at 22:31, Martin <<a href="mailto:martin@ml1.co.uk">martin@ml1.co.uk</a>> wrote:<br>
>>> Folks,<br>
>>><br>
>>> Can anyone comment on the state of play/gotchas for the security for<br>
>>> running multiple virtual servers?<br></div></blockquote><div><br></div><div>I'm no security expert, but given the state of most OS's I would expcect the biggest risk would be via access methods to the guest OS. I'm not sure what one could gain from having access to the hypervisor other than mischief / malicious control of systems.</div>
<div><br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"><div class="im">
>>> Any concerns for the security/vulnerability of the hypervisor?...<br></div></blockquote><div><br></div><div>I would suggest that the hypervisor itself would be pretty secure, by the nature of the design of the application, the hypervisor 'allows' other code to run and only provides a limited API for the client machine to access the hypervisor processes.</div>
<div><br></div><div>Interestingly the latest version of VMware ESX comes without a console OS. The reasoning was that the majority of the security patches VMware supplied for ESX 3 were for the console OS. Eliminating this has reduced the patching overhead and the size of the target for 'attack'.</div>
<div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"><div class="im">>> virtualisation has several layers :-) ...<br></div></blockquote><div><br></div><div>
Including in VMware, the ability to run non-VMware virtual switches. Cisco do provide switches for VMware and obviously these are software based. This might be an interesting attack vector (eg hidden port sniffing) if you could insert your own switch, or sub module in the switch.</div>
<div><br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">Interestingly, a large "cloud" services provider now offers a service<br>
whereby for a price premium you can have your own part of the cloud<br>
guaranteed to be used on servers exclusively used only by your<br>
cloud... The excuse for offering/wanting that is that of greater<br>
security.<br></blockquote><div><br></div><div>In my personal experience, the ability to 'acquire' a exclusive access to a part of the cloud service providers infrastructure would allow me to get a better response from my virtual machines based upon the fact that you are in control of any other VMs that are running on the same infrastructure. </div>
<div><br></div><div>I had a specific example where my VM (which had moderate disk I/O) would become completely unresponsive, and in fact disappear from the web, whenever another client who used the same host machine would 'destroy' a VM. The destruction of the VM was followed by an automated scrub operation that ensured that there was no trace of any data left on the disk afterwards. This had the net result of producing an internally-generated denial of service. In the worst case we lost access to the VM for 12 hours.</div>
<div><br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<br>
Marketing hogwash or a real concern?<br></blockquote><div><br></div><div>Depending on the type of data you hold / process, I could say that it would be a real concern. However if the data was *that* sensitive then you would probably be prevented by business security policies from utilising a public access cloud infrastructure. </div>
<div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div class="HOEnZb"><div class="h5"><br>
Cheers,<br>
Martin<br><br></div></div></blockquote></div><br>Cheers<br>Dylan<br clear="all"><div><br></div>-- <br><a href="http://about.me/dylanswift" target="_blank">http://about.me/dylanswift</a><div><a href="http://tungle.me/dylanswift" target="_blank">http://tungle.me/dylanswift</a></div>
<div><a href="http://emailcharter.org/index.html" target="_blank">http://emailcharter.org/index.html</a></div><br>