Virtualization.com

News and insights from the vibrant world of virtualization and cloud computing

RSA Conference

Is Virtualization The Biggest Security Vulnerability In IT Today?

by 2 Comments

The question is asked by Senior Reporter from Forbes Andy Greenberg, who attended the security industry’s big annual confab, the RSA Conference, and wrote up an article aptly titled ‘Virtualization Dark’s Side’. He writes:

“In the past few months, security researchers have revealed bugs in practically every piece of virtualization software, including products from virtualization heavyweights VMware and Microsoft.

Exploiting those bugs, attackers can use what researchers call “virtual machine escape,” or “hyperjacking.” By taking control of the hypervisor, the piece of software that controls all the virtual computers within a machine, an attacker can “escape” from any single virtual computer hosted on the machine and quickly multiply his or her access to a company’s data.”

Virtualization security researchers and experts were quick to point out the weaknesses of virtualization and several techniques to breach the security.

Joanna Rutkowska, the founder of security research firm Invisible Things Lab, reportedly described a new type of virtualization-based malware that could be used to take control of a machine running virtualization software. Because virtualization allows companies to store many virtualized software “images” of computers on a single physical machine, an attack like the one Rutkowska envisions would allow a hacker “not only to control a single machine but to siphon data from any virtual machine it contains”.

Rutkowska also described how an intruder could install what she calls a “blue pill,” a second, malicious hypervisor that controls the original hypervisor and all of the virtual machines beneath it.

Fortunately, she also said that the attacks she discussed are likely too new to have ever been used by real-world cybercriminals, and are unlikely to become common.

What do you think?

Montego Networks Debuts HyperVSecurity Alliance

by Leave a Comment

Montego Networks, which officially launched two weeks ago, has made an announcement at the RSA Conference 2008 about its HyperVSecurity Alliance, an initiative allowing third-party vendors to integrate their products with Montego’s HyperVSecurity technology platform.

Montego Networks logo

The Montego HyperVSecurity vendor-agnostic framework facilitates an interoperable virtual security architecture enabling VM-to-VM visibility, inspection and security, and delivers valuable solutions with minimal network configuration, reliability and performance headaches. For virtualization customers, the HyperVSecurity Alliance provides a flexible, integrated toolkit they can confidently deploy to address needs for virtual security, application performance and investment protection. Through its Alliance, Montego Networks is well positioned to build productive partnerships with vendors of best-of-breed IDS/IPS, patch management, behavioral analysis, anti-malware, network monitoring, and other applications.

The HyperVSecurity Alliance lets its partners rapidly leverage advantages of the Montego platform including fast access to virtual market applications, co-branded lead-generation channel presence & sales. Concurrently, it gives virtualization channel partners a ready-made portfolio of certified products, customer-ready solutions and cross-sell revenue opportunities.

The Charter Members of the HyperVSecurity Alliance include these networking and security solutions providers:

  • Cyberoam: Unified Threat Management Plus (UTM+)
  • Lancope: StealthWatch™ for NetFlow and sFlow-based Anomaly Detection and Network Performance Monitoring
  • Plixer International: Scrutinizer™ NetFlow Analyzer
  • StillSecure: Commercial and open source secure network infrastructure solutions including NAC, IDS/IPS, vulnerability management and a unified networking/security platform

The Montego HyperSwitch approaches virtualized network security from a new direction that integrates network policy enforcement and access control with a high-availability virtual security switch. This unique approach allows the Montego HyperSwitch to efficiently deliver advanced capabilities including policy-based virtual network partitioning, L2-L4 Firewall, Identity Firewall, Content Firewall, Virtual Network Discovery, Secure Inter-VM communication, 802.1Q VLANs, 802.1D Spanning Tree, Load-balanced Quality of Service (QoS), Policy-Based Switching, Policy-Based Traffic Mirroring, NetFlow, and more. The HyperSwitch also includes Montego Firewall Control Protocol (MFCP) which enables 3rd party security vendors to leverage API calls that allow for remote configuration of its security policies.