Educause Security Discussion mailing list archives
Re: Virtualization and Security ?
From: Mike Lococo <mike.lococo () NYU EDU>
Date: Tue, 11 Nov 2008 14:05:04 -0500
Do you mix systems of different security levels? For example, placing DMZ and internal systems on the same virtual infrastructure?
My group has done quite a lot of pondering on this issue and have developed more or less the following general stance: Before deploying a new virtualization technology centrally (we run lots of different virtualization technologies, and are not just a VMWare shop), it gets assessed by the security group who makes a recommendation about whether it can be trusted to enforce security boundaries. In general, we tend to trust hardware partitioning schemes like Sun Domains and IBM LPARS, we are suspicious of virtualization stacks with major software components like VMWare and Xen, and we don't trust single kernel image partitioning like Sun Zones and BSD Jails. For VMWare specifically, we have a fairly nuanced view because there's lots of interest in it and it potentially provides lots of value. Although we want to deploy it safely, we also want to be careful that security constraints provide benefits that are commensurate with their costs. 1) We don't trust VMWare to enforce the boundary for the top level of our 3-tier security classification system, which is where our "crown-jewel" data resides. We leave our system administrators to determine whether that means they have to deploy a separate VMWare infrastructure or whether it means that they don't use VMWare for top-tier systems. In practice, the latter tends to happen. 2) In the future we don't plan to come down on folks that want to deploy a single VMware infrastructure that spans the bottom 2 tiers of our 3-tier security classification system. We'd always love to see more partitioning, but the idea behind this to allow savings on the >85% of our systems that don't handle restricted data while not introducing unnecessary risk to that <15% of systems that are *really* important. I've got a perpetually half-done document surveying some of this stuff, if enough folks bug me off-list I might tidy it up and make it public. I'm also typically available for a call if folks want to chat through ideas, I ran one a few months ago that was moderately helpful to me in terms of solidifying my thinking on the problem... although there was more clarity on challenges than best-practices at the time. Thanks, Mike Lococo
Current thread:
- Re: Virtualization and Security ?, (continued)
- Re: Virtualization and Security ? Joel Rosenblatt (Nov 11)
- Re: Virtualization and Security ? Youngquist, Jason R. (Nov 11)
- Re: Virtualization and Security ? Bradley, Stephen W. Mr. (Nov 11)
- Re: Virtualization and Security ? HALL, NATHANIEL D. (Nov 11)
- Re: Virtualization and Security ? randy marchany (Nov 11)
- Re: Virtualization and Security ? Eric Case (Nov 11)
- Re: Virtualization and Security ? Joel Rosenblatt (Nov 11)
- Re: Virtualization and Security ? St Clair, Jim (Nov 11)
- Re: Virtualization and Security ? Robert Maxwell (Nov 11)
- Re: Virtualization and Security ? Joel Rosenblatt (Nov 11)
- Re: Virtualization and Security ? Mike Lococo (Nov 11)
- Re: Virtualization and Security ? Jeffrey I. Schiller (Nov 11)
- Re: Virtualization and Security ? Cheng, Wang (Nov 11)
- Re: Virtualization and Security ? Clifford Collins (Nov 25)
- Re: Virtualization and Security ? Alex (Nov 25)