security

Apani Pushes EpiForce VM as Virtual Appliance (Free Trial)

September 4, 2008 by Robin Wauters Leave a Comment

Apani, provider of cross-platform server isolation solutions for large enterprises, today announced that EpiForce VM is now available as a virtual appliance free trial. EpiForce VM is the industry’s first software-based solution that secures corporate networks, containing both physical and virtual machines, from a single platform.

EpiForce VM is part of Apani’s security software product family and provides enterprises the ability to adopt a single security solution that will protect mixed data centers. From legacy systems to contemporary platforms and now virtualized environments, Apani’s EpiForce product line is the silver bullet for enterprise IT departments looking to simplify security enforcement and move away from a silo approach to protecting the inside of the corporate network.

The EpiForce VM virtual appliance free trial is a fully functioning version of EpiForce VM designed to install and run as a VMware VI3 appliance. The trial version includes two virtual machines (VMs) with agents pre-installed and license keys for up to 10 agents that can be installed on any physical or virtual Windows or Red Hat Linux platform. A complete video tutorial and training guide is included to help security administrators to configure and test EpiForce VM in their own environment.

EpiForce VM is based on the EpiForce platform v2.5 and initially supports VMware ESX Server 3.0 and 3.5 and uses on-demand policy distribution to offer enterprises the ability to manage and deploy policy to thousands of virtual or physical servers and endpoints with no impact to the network, application or user. EpiForce VM offers a centralized management console that enables a consolidated view to manage all EpiForce VM-protected machines — whether they are virtual or physical, without regard to their physical location on the network. Persistent security policy management allows administrators to utilize VMotion or Virtual Center to migrate EpiForce VM-protected virtual machines from one physical host to another with no disruption of security policy, minimizing unplanned downtime and maximizing operational flexibility.

0wning Xen … In More Detail

August 25, 2008 by Kris Buytaert Leave a Comment

Over at her own blog, Joanna Rutkowska from Invisible Things has some updates on their findings about Xen security as we earlier reported.

Joanna argues that most of the attacks presented indeed require that the attacker first gains access to the Dom0 before he can launch the attacks but that doesn’t take away the severeness of the issues.

Other rootkits also require for the attacker to first gain root access before he can hide his toolset from the eyes of the administrator.

She continues to argue that other attacks already provide people with potential access from DomU to Dom0 via a virtual machine escape bug

But even there the attacker first has to gain root in the DomU before he can potentially climb up to Dom0

Still there’s a significant difference in gaining (root) access, and hiding the fact that you got it. But indeed neither of both should be possible

0wning Xen?

August 11, 2008 by Kris Buytaert 1 Comment

InvisibleThings.org posted some more details on their Xen Owning Trilogy session at last weeks Black Hat conference in Las Vegas.

Joanna Rutkowska and her crew gave a series of 3 talks discussing different potential security issues with Xen. With the VirtSec awareness growing this obviously is an important topic .

When quickly skimming trough the presentations the big question that arise is , how relevant is this all for a day to day production environment. Given the fact that some exploits assume you already root before you can install a stealth backdoor and others rely on specific hardware features that might or might not be available in your setup things might be that critical yet.

All 3 talks can be found on the Invisiblethingslab.com site

Virtualization.com will have a closer look at the discussed issues and we’ll be back with more detail later.

Secerno Introduces Database Security Solution for Virtual Environments

July 29, 2008 by Robin Wauters Leave a Comment

Database security provider Secerno today announced the availability of its Secerno.SQL database activity monitoring and blocking solution as a virtualized appliance on the VMware platform. This, according to the company, marks the first availability of its appliance-based database protection in a virtualized environment, allowing enterprises the same database protection afforded by hardware yet with the utilisation, management and cost benefits of a virtualized application.

Secerno’s virtualized database protection product is powered by its patent-pending SynoptiQ technology. The company chose VMware’s technology platform based on its penetration into more than 20,000 corporate customers.

“This unique announcement comes at an exciting time for Secerno. We have just secured funding that allows us to respond to market opportunities and customer demand,” said Steve Hurn, CEO of Secerno. “In this case, we are bringing Secerno to a virtualised environment to offer organisations more variety in their deployments and reduce their overall costs in terms of resources and expenses. Virtualisation is emerging as a key strategy for companies, and we are delighted to be the first to offer this option for database activity monitoring and blocking.”

Secerno.SQL for VMware is set to be available this quarter.

Secerno

Azure Uses Intel Virtualization Extensions To Counter Malware

July 22, 2008 by Robin Wauters Leave a Comment

—

Paul Royal, principal researcher at Damballa, has developed a new tool called Azure, which takes advantage of the virtualization extensions in Intel‘s chips to evade the virtual machine and sandbox checks malware authors often include in their ‘work’. Because the extensions exist at the hardware level, below the level of the host OS, the malware doesn’t have the ability to detect Azure, allowing researchers to analyze its behavior unimpeded.

“The whole point is to get out of the guest OS so the malware can’t detect you and attack,” said Royal. “Intel VT doesn’t have the weakness of in-guest approaches because it’s completely external. Others use system emulators, but to get everything exactly right in terms of emulation can be tricky.”

Royal plans to release the source code for Azure at the upcoming Black Hat conference in Las Vegas and will make the tool available for download, as well. Royal said he is still working on features that he plans to add to a future version of Azure, including a precision automated unpacker and a system call tracer.

Intel’s virtualization technology (VT) is a set of extensions added to some of the company’s chipsets that help implement virtualization on the hardware, rather than the software level. VT is designed to help enterprises make better use of their hardware resources and save energy.

[Source: SearchSecurity]

Tripwire ConfigCheck Now VMware ESX 3.0 Compatible

July 21, 2008 by Robin Wauters Leave a Comment

Remember Tripwire ConfigCheck, the nifty free utility that rapidly assesses the security of VMware ESX hypervisor configurations compared to the VMware Infrastructure 3 Security Hardening guidelines? Well, Tripwire today announced the availability of Tripwire ConfigCheck for VMware ESX 3.0.

“The massive popularity of Tripwire ConfigCheck speaks loudly to the market need for solutions that address the knowledge and skills gap in managing virtual infrastructure. With this latest release, we leverage the best practices of VMware’s hardening security guidelines for 3.5 and 3.0.x environments increasing the overall value of the utility,” said Mark Gaydos, Tripwire VP of Marketing.

In addition to offering immediate insight into unintentional vulnerabilities in virtual environments, Tripwire also provides a remediation guide containing the necessary steps to return both VMware ESX 3.0 and 3.5 hosts to a known, secure state.