What are the main virtualization security threats?

pcaulfield

What are the main security threats that should be considered with virtualization?

Answer this Question

Answers

2 total
kreiley
Vote Up (13)

 

Your biggest threats are mostly in virtual machines on top of the hypervisor.  I think the best thing you can do is follow vmware guidelines for hardening the platform itself.  

http://www.vmware.com/files/pdf/vi35_security_hardening_wp.pdf

 

jimlynch
Vote Up (12)

Here's an article that covers some of it:

Six common virtualization security risks and how to combat them
http://www.net-security.org/secworld.php?id=9023

"Through 2012, 60 percent of virtualized servers will be less secure than the physical servers they replace, according to Gartner. Although they expect this figure to fall to 30 percent by the end of 2015, analysts warned that many virtualization deployment projects are being undertaken without involving the information security team in the initial architecture and planning stages.

Gartner research indicates that at the end of 2009, only 18 percent of enterprise data center workloads that could be virtualized had been virtualized; the number is expected to grow to more than 50 percent by the close of 2012. As more workloads are virtualized, as workloads of different trust levels are combined and as virtualized workloads become more mobile, the security issues associated with virtualization become more critical to address."

Ask a question

Join Now or Sign In to ask a question.
The latest release of Oracle's software for managing virtual machines offers the same set of features to Sparc users as to those who manage virtual machines on x86 servers.
VMware is for the first time inviting anyone to beta test the next version of vSphere, the company's virtualization platform.
Oracle has just released its Communications Application Orchestrator designed to address the Network Functions Virtualization (NFV) requirements for communications service providers. Virtualized infrastructures are increasingly popular, both in the enterprise and in service provider infrastructures. Oracle's new solution is also designed to work with Oracle Communications Core Session Manager, a solution that helps CSPs virtualize network infrastructures to support NFV efforts.
Pluribus Networks lets Arrow spearhead server/switch hardware sales while it focuses on network hypervisor software.
PLUMgrid brings cloud networking to OpenStack, lands another $16M in funding and wins over Swisscom.
Some developers have turned to MIDI devices, for fun or relief, to write software
As if tracking down bugs in a complex application isn't difficult enough, programmers now must worry about a newly emerging and potentially dangerous trap, one in which a program compiler simply eliminates chunks of code it doesn't understand, often without alerting the programmer of the missing functionality.
One of the better-known remote-desktop clients for the iPad, Parallels Access, has expanded into the iPhone and Android spaces with Parallels Access 2.0, including special access controls for businesses, too.
Code from the very early days of Simula, the first OO programming language, has surfaced
Docker 1.0 has officially arrived, giving organizations a proper chance to use the emerging cloud technology to create and run applications with even more agility.
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+