security VMworld2006

VMworld from a security perspective

Pascal Meunier is covering his VMworld experience, mostly about security topics.


ReAssure (CERIAS), VIX and Lab Manager (VMware)

The VIX API on Tuesday morning was a very interesting session. It will
enable the remaining automation functionality of ReAssure. It allows to
automate the powering on and off of virtual machines, the taking of
snapshots, transfering files (e.g., results) between the host and guest
OS, and even starting programs in the guest OS! It was introduced with
VMWare server 1.0 last summer, but I hadn’t noticed. It is still work
in progress though; there’s support only for C, Perl and COM (no
Python, although I was told that there was a source forge project for
that).


Teaching (security) using virtual labs

There are of course other teaching labs using virtualization that have
been developed at other universities and colleges; the challenge is of
course to be able to design courses and exercises that are portable and
reusable. We can all gain by sharing these, but for that we need a
common infrastructure where all these exercises would be valid.


How virtualization changes the security equation

As a member of the panel argued, virtualization doesn’t make things
better or worse, it still all depends on the practices, processes,
procedures, and policies used in managing the data center and the
various data security and recovery plans. Another pointed out that
people shouldn’t assume that virtual appliances or virtualization
provide security out-of-the-box. Out of all malicious software,
currently 4-5% check if they are running inside a virtual machine; this
may become more common.