Educause Security Discussion mailing list archives
Levels of VMWare linked clones
From: James Moore <jhmiso () RIT EDU>
Date: Mon, 8 Jun 2009 16:39:50 -0400
I have VMWare Workstation 6.5.2. I am extending out my linked clones, as I want to keep things patched, but run different malware discovery apps. What I realized that I hadn't done when I started was to benchmark what is in the core. Originally, I had Windows. And the MS Apps. Then I added Hashtab, and FileAdvisor, because they support file identification and transfer, and they aren't too onerous to patch. I added SnagIt, to help with screen captures and documentation. In level 1, I set the Windows firewall so that the web browsers can get out to Microsoft, Bit9, Techsmith, possibly Adobe I added Adobe Reader in level 1, but took it back out with the latest vulnerabilities and the time for Adobe to patch. Firefox, and addins, I added in level 2 of linked clones. I also am looking at Sandboxie to sandbox IE and Firefox, and possibly a basic bi-directional firewall (Comodo w/o all of the bells and whistles) I am looking at adding various anti-virus, anti-spyware, anti-malware, HIPS, statistical malware analysis in level 3 of linked clones. I will have Gargoyle, and Encase tools running at level 3 as well (but not with the anti-malware tools.) I want to be able to patch efficiently. I don't want interactions between competing anti-malware I am concerned about too many levels, and about placement. I would like to know what other people are using for Incident Response analysis. Jim - - - - Jim Moore, CISSP, IAM Information Security Officer Rochester Institute of Technology 151 Lomb Memorial Drive Rochester, NY 14623-5603 (585) 475-5406 (office) (585) 255-0809 (Cell - Incident Reporting & Emergencies) (585) 475-7920 (fax) If you consciously try to thwart opponents, you are already late. Miyamoto Musashi, Japanese philosopher/samurai, 1645 Risk comes from not knowing what you're doing. -Warren Buffet Confidentiality Notice: Do the right thing. If this has the words "Confidential" or "Private" in the subject line, or similar language in the email body, or as a label on any attachment, then think. Do you know me? Did you expect to receive this? Do you recognize and work with the other addressees? If not, then you probably received this in error. Please, be respectful and courteous, and delete it immediately. Please, don't forward it to anyone. Now, wasn't that simple. Just, if you had made an error in a sensitive email, and I received it, what would you want me to do with it?
Attachment:
Jim Moore (jhmiso@rit.edu).vcf
Description: Jim Moore (jhmiso@rit.edu).vcf
Current thread:
- Levels of VMWare linked clones James Moore (Jun 08)