Virtualization = specialized software that makes it possible to host multiple operating systems working simultaneously on one server.
Our goal for this blog is to get a better understanding of Virtualization. Start off by reading the VirtualWoman comic which gives a pretty good idea of how virtualization works and its benefits. Since “the cloud” is all virtualized servers, you can use this as your search term too.
Your job is to find an article that talks about virtualization and /or clouds AND security. It could be how virtualization is improving security . . . or it could be how virtualization has created a security vulnerability.
Write a summary of your article, at least 4 sentences. Remember you must restate the ideas, please DO NOT cut and paste from the article.
No duplication of articles, due Sunday 1/8 by 11 pm
8 comments:
http://www.securitypronews.com/insiderreports/insider/spn-49-20120106Amazongainsnewcloudsecuritypartner.html
Amazon recently decided to team up with Check Point Software Technologies to increase the security for its cloud services. One feature is called The Application Control Software Blade helps prevent attacks and provide enhanced security while using cloud services. Check Point also has other technologies named The IPsec VPN Software Blade that allows secure connections into cloud resources and The Mobile Access Software Blade software that enables two factor authentication and device pairing using SSL. This set of tools also prevents data breaches with special User Check technology that allows real-time user remediation. Amazons decision can be explained by their realization that many people want to use cloud services but are wary of the vast risks included with doing so. Thus, Amazon has teamed up with Check Point to improve their cloud security in order to attract more cloud customers.
http://technology.inc.com/2009/04/01/the-downside-to-virtualization-security-risks/
It turns out that virtualization opens up a new can of problems when implemented. Virtualization essentially uses two operating systems: the actual virtual software, and the platform used by the business (ex. Microsoft Windows), and it is important to keep in mind that both need to be updated regularly. Malware is also a big problem now, too, because people who write them make their viruses and such aware of their environment. Most malware can now work on virtual machines as well, and can spread throughout the network. Another problem with virtualization is protecting confidential or legal data, which can be difficult to track as it moves through the virtual network.
http://www.cio.com/article/492605/Server_Virtualization_Top_Five_Security_Concerns
Virtualization has been a major boon for the IT world. It is now possible for one physical server to be hosting multiple virtual ones, decreasing cost and increasing efficiency. However, as this article explains, the technology comes with several risks. One of the big problems with VMs is that they belong to no one. The physical servers are the responsibility of the data center, and IT is responsible for the software running on it, but virtual servers cross that boundary. Because of this , no one takes responsibility, and nothing is ever upgraded or patched. Along the same lines is VM sprawl, when someone (usually managers) decide they need another server for some reason, and then forget about. These servers are never updated or patched, and are therefore a security risk. One final risk comes to light when virtual networks are created between VMs. Because virtual firewalls don't exist(yet), there really isn't any security in the network, which gives an attacker a major advantage.
http://www.nasa.gov/mission_pages/mer/news/mer20101102.html
NASA Mars Rovers Spirit and Opportunity are the first Rovers to use Cloud Computing. The Rovers need massive amounts of data to be transfered to and from the Rover and the NASA base. Cloud computing allows them to have more computing capacity without the need to install external servers.
The major virtualization platforms are VMware, Microsoft, and Xen (which is now Citrix). Over the past few years many vulnerabilities have been identified. There are many different areas of these virtualization platforms that have vulnerabilities. Some of these areas are Hypervisor security, Host/Platform security, Securing communications, Security between guests, and Security between host/guests. There are a great number of vulnerabilities with virtualization. But you can stop most of these vulnerabilities by a configuration management program. These programs define policies, configure guidelines, create procedures to implement the policies and maintain them, and they follow the best practices in patch management for virtual hosts and guests. When you properly configure and correctly lock down your systems it will drastically reduce your vulnerabilities.
http://www.prosecurityzone.com/News/Education__training_and_professional_services/Exhibitions_and_trade_shows/Understanding_virtualization_vulnerabilities_12786.asp#axzz1ivLjafBP
http://www.infoworld.com/d/cloud-computing/what-cloud-computing-really-means-031
This site talks about what cloud computing is and its effects. It went on to talk about how its fairly a new Virutalization, and how corporations are teaming to to merge servers to expand the cloud computing servers.
http://computer.howstuffworks.com/cloud-computing/cloud-computing.htm
The cloud can make it much easier to control and update networks. Many of us use the cloud already and we don't even know about it. G-mail allows you to login on the web, you dont run an application yourself. Companies can all gether together and use the cloud as one big cloud.
Post a Comment