Educause Security Discussion mailing list archives
Re: Virtualization and Security ?
From: Alex <alex.everett () UNC EDU>
Date: Tue, 25 Nov 2008 15:04:14 -0500
Clifford Collins: You may be interested in the following documents: Data Security Standard 1.1 - Applied to VMware ESX 3.0.1* Using VMware and VDI and vmSight for Stronger and Sustainable HIPAA and PCI Compliance Five Immutable Laws of Virtualization Security* An Empirical Study into the Security Exposure of Hosts of Hostile Virtualized Environments VMware Infrastructure 3 Security Hardening* A company named StoneSoft had a good presentation at an ISSA meeting here. Although, I cant seem to find that presentation. * indicates a good document -Alex Everett, CISSP University of North Carolina _____ From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Clifford Collins Sent: Tuesday, November 25, 2008 11:06 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Virtualization and Security ? I applaud everybody's efforts to secure their VMware environments. I too am in the process of arguing for similar "best practices" as we deploy VMware. However, I'm getting pushback because the decision-makers have not heard of any industry "best practices" to justify the extra work and expense. Would any of you please bring to my attention documentation to justify our position? Thanks in advance for the help! Clifford A. Collins Information Security Officer Franklin University 201 South Grant Avenue Columbus, Ohio 43215 "Security is a process, not a product" ----- Original Message ----- From: "Anand Malwade" <malwadan () SHU EDU> To: SECURITY () LISTSERV EDUCAUSE EDU Sent: Monday, November 10, 2008 5:11:59 PM GMT -05:00 US/Canada Eastern Subject: [SECURITY] Virtualization and Security ? Folks, We are looking into Data Center Consolidation and plan to virtualize most of our servers. Now Virtualization can yield sigificant operational advantages, but also introduces among others network, security complexity and management challenges. My question to the forum is a) Is anyone fully virtualized ? If so was a Vendor hired to perform this function and are there any lessons learnt that i should be aware of with the deployment? b) Has anyone run into significant Security and Risk Issues. Thanks, Anand Anand Malwade Information Security Officer, Seton Hall University, Tel: 973 275 2209 malwadan () shu edu
Attachment:
smime.p7s
Description:
Current thread:
- Re: Virtualization and Security ?, (continued)
- Re: Virtualization and Security ? randy marchany (Nov 11)
- Re: Virtualization and Security ? Eric Case (Nov 11)
- Re: Virtualization and Security ? Joel Rosenblatt (Nov 11)
- Re: Virtualization and Security ? St Clair, Jim (Nov 11)
- Re: Virtualization and Security ? Robert Maxwell (Nov 11)
- Re: Virtualization and Security ? Joel Rosenblatt (Nov 11)
- Re: Virtualization and Security ? Mike Lococo (Nov 11)
- Re: Virtualization and Security ? Jeffrey I. Schiller (Nov 11)
- Re: Virtualization and Security ? Cheng, Wang (Nov 11)
- Re: Virtualization and Security ? Clifford Collins (Nov 25)
- Re: Virtualization and Security ? Alex (Nov 25)