Educause Security Discussion mailing list archives

Re: Virtualization and Security ?

From: Alex <alex.everett () UNC EDU>
Date: Tue, 25 Nov 2008 15:04:14 -0500

Clifford Collins:

You may be interested in the following documents:

Data Security Standard 1.1 - Applied to VMware ESX 3.0.1*
Using VMware and VDI and vmSight for Stronger and Sustainable HIPAA and PCI
Compliance
Five Immutable Laws of Virtualization Security*
An Empirical Study into the Security Exposure of Hosts of Hostile
Virtualized Environments
VMware Infrastructure 3 Security Hardening*

A company named StoneSoft had a good presentation at an ISSA meeting here.
Although, I cant seem to find that presentation.

* indicates a good document

-Alex Everett, CISSP
University of North Carolina


  _____

From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Clifford Collins
Sent: Tuesday, November 25, 2008 11:06 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Virtualization and Security ?


I applaud everybody's efforts to secure their VMware environments. I too am
in the process of arguing for similar "best practices" as we deploy VMware.
However, I'm getting pushback because the decision-makers have not heard of
any industry "best practices" to justify the extra work and expense. Would
any of you please bring to my attention documentation to justify our
position? Thanks in advance for the help!

Clifford A. Collins
Information Security Officer
Franklin University
201 South Grant Avenue
Columbus, Ohio 43215
"Security is a process, not a product"

----- Original Message -----
From: "Anand Malwade" <malwadan () SHU EDU>
To: SECURITY () LISTSERV EDUCAUSE EDU
Sent: Monday, November 10, 2008 5:11:59 PM GMT -05:00 US/Canada Eastern
Subject: [SECURITY] Virtualization and Security ?



Folks,

We are looking into Data Center Consolidation and plan to virtualize most of
our servers. Now Virtualization can yield sigificant operational advantages,
but  also introduces among others network, security complexity and
management challenges.

My question to the forum is

a) Is anyone fully virtualized ?  If so was a Vendor hired to perform this
function and are there any lessons learnt  that i should be aware of with
the deployment?

b) Has anyone run into significant Security and Risk Issues.


Thanks,
Anand


Anand Malwade
Information Security Officer,
Seton Hall University,
Tel: 973 275 2209
malwadan () shu edu

Attachment: smime.p7s
Description:

Current thread:

Re: Virtualization and Security ?, (continued)
- Re: Virtualization and Security ? randy marchany (Nov 11)
- Re: Virtualization and Security ? Eric Case (Nov 11)
- Re: Virtualization and Security ? Joel Rosenblatt (Nov 11)
- Re: Virtualization and Security ? St Clair, Jim (Nov 11)
- Re: Virtualization and Security ? Robert Maxwell (Nov 11)
- Re: Virtualization and Security ? Joel Rosenblatt (Nov 11)
- Re: Virtualization and Security ? Mike Lococo (Nov 11)
- Re: Virtualization and Security ? Jeffrey I. Schiller (Nov 11)
- Re: Virtualization and Security ? Cheng, Wang (Nov 11)
- Re: Virtualization and Security ? Clifford Collins (Nov 25)
- Re: Virtualization and Security ? Alex (Nov 25)