Security Basics mailing list archives
RE: Deny access to copy files
From: Craig Wright <Craig.Wright () bdo com au>
Date: Thu, 5 Jun 2008 06:12:26 +1000
No even a single system Risk = hypervisor_risk + Host_risk As the VM host and the System host are configured exactly the same other than the underlying system; Host_risk =VM_ Host_risk = System_ Host_risk What you seem to be suggesting is have several VMs with each assigned to a developer. What you are forgetting is development systems are not production systems. By their nature, developers have access to email and browsers and you are deluding yourself if you think otherwise as the development tools themselves provide this level of functionality. Developers also interact. A pile of insecure VMs on a host only compound the issue. When making a risk model, you need to add the condition that VMs act not as an independent factor, but statistically as a dependent one. This provides both the additive risk and a multiplicative factor. Each developer will have their own system in a MS model. This will link to the server. Having multiple server instances with the workstation adds no additional mitigation. So to address the comment "the alternative may in fact be multiple developers sharing the same operating system", remember that this is an MS environment and not a Unix one firstly. Each set of developer workstations needs to be factored. Next internal systems development should mirror production. In this event, VMs do not equate to multiple real systems and this adds a level of coding risk. Take all the factors and run a simple MCMC simulation and the risk is rarely if ever reduced in the VM case. The issue is not risk reduction, but cost. Craig From: Gregory Boyce [mailto:gregory.boyce () gmail com] Sent: Wednesday, 4 June 2008 10:57 PM To: Craig Wright Subject: Re: Deny access to copy files On Tue, Jun 3, 2008 at 5:50 PM, Craig Wright <Craig.Wright () bdo com au> wrote: Well scientifically, you should be able to advocate why a VM is a security device if this is to be propounded. But to prove the negative (and to paraphrase a little from the Burton group). 1. All the attacks and vulnerabilities are the same. From the host perspective - nothing has changed being on a VM. The same vulnerabilities exist. 2. Risk is additive. The hypervisor has its own risks. These are added to 1. 3. Separation reduces risk. Running several systems on the same hypervisor makes them more (not less vulnerable). All of the systems are just as vulnerable as a locked down host on a system with the added benefit of also having the risk from the hypervisor abstracted onto them. 4. Aggregation of content increase risk. 5. The more layers are added - the more risk. Having a system on a bios has risk, adding bios and (potentially nested) VMs adds risk. What you just proved is that multiple VM instances is less secure than multiple pieces of physical hardware. Without the budget for that many systems, the alternative may in fact be multiple developers sharing the same operating system. The comparison of security levels there turns out a bit different. -- Greg them.\lin?Zi? Craig Wright Manager, Risk Advisory Services Direct : +61 2 9286 5497 Craig.Wright () bdo com au +61 417 683 914 BDO Kendalls (NSW-VIC) Pty. Ltd. Level 19, 2 Market Street Sydney NSW 2000 GPO BOX 2551 Sydney NSW 2001 Fax +61 2 9993 9497 http://www.bdo.com.au/ The information in this email and any attachments is confidential. If you are not the named addressee you must not read, print, copy, distribute, or use in any way this transmission or any information it contains. If you have received this message in error, please notify the sender by return email, destroy all copies and delete it from your system. Any views expressed in this message are those of the individual sender and not necessarily endorsed by BDO Kendalls. You may not rely on this message as advice unless subsequently confirmed by fax or letter signed by a Partner or Director of BDO Kendalls. It is your responsibility to scan this communication and any files attached for computer viruses and other defects. BDO Kendalls does not accept liability for any loss or damage however caused which may result from this communication or any files attached. A full version of the BDO Kendalls disclaimer, and our Privacy statement, can be found on the BDO Kendalls website at http://www.bdo.com.au/ or by emailing mailto:administrator () bdo com au. BDO Kendalls is a national association of separate partnerships and entities. Liability limited by a scheme approved under Professional Standards Legislation.
Current thread:
- Re: Deny access to copy files, (continued)
- Message not available
- Re: Deny access to copy files Shreyas Zare (Jun 23)
- Message not available
- Re: Deny access to copy files Shreyas Zare (Jun 24)
- Re: Deny access to copy files Ansgar -59cobalt- Wiechers (Jun 24)
- Message not available
- Message not available
- Message not available
- Re: Deny access to copy files Shreyas Zare (Jun 24)
- Re: Deny access to copy files Jeremy Winder (Jun 24)
- Re: Re: Deny access to copy files Breno BF (Jun 03)
- Re: Deny access to copy files Al MailingList (Jun 11)
- RE: Deny access to copy files Craig Wright (Jun 12)