VMware Infrastructure Earns Common Criteria EAL4+ Certification | VMware Security Blog

posted

From Eric Betts at the VMware Security Blog — something we’re very proud of. Link: VMware: VMware Security Blog: VMware Infrastructure Earns Common Criteria EAL4+ Certification. On May 20, 2008, VMware VI3 (ESX Server 3.0.2 & VirtualCenter 2.0.2) achieved Common Criteria certification at EAL4+ under the Canadian Common Criteria Evaluation and Certification Scheme (CCS).  EAL4+ Read more...

TripWire ConfigCheck sanity checks your ESX environment

posted

From the TripWire ConfigCheck site: Tripwire® ConfigCheckTM is a free utility that rapidly assesses the security of VMware ESX 3.5 hypervisor configurations compared to the VMware Infrastructure 3 Security Hardening guidelines. Developed by Tripwire in cooperation with VMware, Tripwire ConfigCheck ensures ESX environments are properly configured—offering immediate insight into unintentional vulnerabilities in virtual environments—and provides Read more...

Best practices for securing virtual networks

posted

Hezi Moore, co-founder and CTO of Reflex Security, has a nice 3-part primer on how to start thinking about your virtual networks as a guest post on VMblog. While Hezi does mention virtual appliances, he avoids turning this into an ad for Reflex. Best Practices for Securing Virtual Networks – Part One of Three  However, Read more...

Keeping Your VMotion Traffic Secure

posted

From the VMware Security Blog: Keeping Your VMotion Traffic Secure. Recently a researcher published a proof-of-concept called Xensploit which allows an attacker to view or manipulate a VM undergoing live migration (i.e. VMware’s VMotion) from one server to another. This was shown to work with both VMware’s and Xen’s version of live migration. Although impressive, Read more...