VMware offers several guides to how to harden virtual servers, but the primary ones say little about how to deal with some of the most critical issues.
NEWSLETTERS
SUBSCRIBE TO CIO
Are you involved in setting the direction for your company's IT budget or strategy?
Apply today for a FREE subscription to CIO Magazine!
» Subscription Services
» Reprints
Reader Feedback
VMware's ESX Hardening Guideline Falls Far Short of 'Secure'
READER FEEDBACK
Blake Frantz Tue, 2008-07-08 17:43
“Falls Far Short” - Ouch! :)
Thanks for your valuable feedback concerning our virtualization benchmarks. We agree that the CIS ESX is not a virtualization security panacea and like all security guides there is room for additional coverage. CIS is a non-profit organization with a single purpose – provide actionable security information to the community. At the core of our guidance process you will find consensus teams comprised of volunteer developers, authors, vendors, geeks, consultants, auditors, security researchers, and spooky three letter government folks. The beating hearts behind these labels believe as CIS does – the ability to make good security decisions increases with perspective. CIS is a couple months into creating an update to the ESX security guide you reviewed and I’ve passed your feedback to the consensus team for incorporation. You are an ESX virtualization ninja and your perspective would enhance our team’s decision making ability and ultimately the guidance provided to our mutual audience - the VMWare community. Feel free to call or email and I’ll introduce you to the team. We would be excited to have you actively participate.
CIS guides are living documents that are updated as feedback is provided. As you and your many readers discover errors or omissions within CIS guides, please get involved by reporting them to cis-feedback@cisecurity.org.
Thanks,
Blake Frantz
Chief Technical Officer
The Center for Internet Security
Voice: 206-384-3023
Fax: 206-260-7528
bfrantz@cisecurity.org
Mark Gaydos Thu, 2008-07-10 12:55
I enjoyed the article but believe most people are trying to get their arms around virtualization security basics. See my blog post.
http://www.tripwire.org/?p=76
Please also note a new version of the Tripwire ConfigCheck will be out in a few weeks to support VMware 3.0.X systems.
Mark Gaydos
Vice-President, Marketing
Tripwire
mgaydos@tripwire.com
Edward L. Haletky Mon, 2008-07-14 13:18
Hello,
I agree many people are still trying to get their head around virtualization security, but they are applying that to just the Virtualization Server and not everything it touches. That is the main caveat. I define the Virtual Environment to include everything that touches the virtualization server directly or indirectly and now we have a slightly bigger problem. We could close the doors on the virtualization server, but end up leaving other windows wide open.
These guides are all a great start, and am glad that ConfigCheck now support v3.0.x.
Best regards,
Edward L. Haletky
Author
Post new comment
RELATED SOLUTIONS
There's a lot of buzz about Windows 7 out there. Each month in our webcast series, listen to analysts and customers discuss how Windows 7 and the Windows Optimized Desktop is impacting large companies around the world. Learn how they evaluated Windows 7, including the cost of deployment, deployment strategies, and tangible benefits.
Sponsored by Microsoft
Listen to on-demand Recordings »
Service Level Management Best Practices Life Cycle Overview - Improve Service Levels
Best practices for Service Level Management (SLM) is a process for consistently meeting customer requirements and delivering on IT's promises. See the steps required to ensure high-quality SLM.
Sponsored by Compuware
Read this White Paper »
Keeping Your Members Safe from Online Scams and Predators
In order to keep fraudsters out, romance sites must deploy effective solutions that look at information independent of what is supplied by users. A device fingerprinting solution such as iovation ReputationManager™ provides unique insight into the computers being used to create multiple accounts and exposes hidden device-account relationships that identity-based fraud solutions often miss.
Sponsored by iovation
Read this White Paper »
Resource Alerts
Get instant email notifications by topic when white papers, webcasts, and case studies are added to our library.
Global Warming Research Exposed After Hack
Silicon Valley Abuzz About Tech Video That Lets You Command a Computer With Gestures
Two Approaches to NFC Battle for French Hearts and Mobiles
Palm Pixi Smartphones Now Just $25
FCC: Internet Program for Deaf Cheated Out of Millions
Judge Sets Schedule for Google Book Search Case
Twitter Geotagging: What You Need to Know
Twitter Turns on Geolocation Functionality
Some Nook E-Readers Won't Make it for the Holidays Either
Google's Chrome OS Hits BitTorrent
WHITE PAPERS
FEATURED SPONSORS
SPONSORED LINKS
| CIO MARKETPLACE | buy a link |
Software License control, Windows XP/2000 Upgrades
Use your Intranet to manage Software Licenses, plan for Windows XP/2000 upgrades, do Security Audits and more. Click to try and ask for our white paper - PC Management for the Internet Age.
UNIX and Linux Performance Tuning SimplifiedSarCheck is a performance analysis and tuning tool for most UNIX & Linux operating systems. It produces recommendations with full explanations, and both supporting graphs and tables. Get the most from your hardware by keeping your systems tuned.
.NET Developer Wanted - Boston - Local CandidatesAIR provides sophisticated analytical tools and software systems to help companies manage that risk. We are seeking a Sr .NET Developer with 8-10 yrs exp in .Net & OO development. ASP.NET, VB.NET skills required. Annual bonus - Apply Now
Get More from Your Oracle DatabaseDBAs are constantly challenged to increase performance and keep costs down. This paper discusses the industry best-practice Wait-Event analysis and how Confio has combined this with their Resource Mapping Methodology to optimize DB performance.
THE IDG NETWORK
© 1994 - 2009 CXO Media Inc.