Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: VMWare and Security

from [P.B. Wagenaar] Network Security [Permanent Link]
Subject: RE: VMWare and Security
Date: Mon, 25 Apr 2005 12:12:04 +0200 
As far as I know, ESX uses it's own OS and does not run on top of Windows
i.e. (GSX is the version that runs on a host layer).

So the ESX version uses its own virtualization layer. This could be
considerd to be an Operating System right? And there are no security issues
with this? What if someone starts writing an exploit for the ESX
virtualization layer? Like a malformed TCP packet? The virtual machine (ie.
Windows server 2003) might have no problems with the malformed packet, but
it passes through the virtualization layer first. I am not saying that there
is something wrong with this approach or that is less secure or whatever. I
am just asking if all operating systems have had security related bugs, what
are the chances the ESX has to go through this cycle also? And how would a
security issue in the virtualization layer affect the virtual machines
running on it?

Once again, vmware is a great product in my eyes, and I can not see anything
that is wrong with it being not begin secure or something. But if you can
consider ESX to be an OS (like linux and windows), and most OS have had
security issues at one time or another, how should an organization treat a
new OS like ESX?

Philip Wagenaar
________________________________

Van: LT Service [mailto:service@layerthree.org] 
Verzonden: maandag 18 april 2005 22:05
Aan: P.B. Wagenaar; security-basics@securityfocus.com
Onderwerp: RE: VMWare and Security


VMware ESX is secure.  I cannot think of anything security related to worry
about.  Out of the box, the connection to the service console is SSHv2 and
the web interface is https.  The most vulnerable part is host OS.  

________________________________

From: P.B. Wagenaar [mailto:PB.Wagenaar@chello.nl]
Sent: Mon 4/18/2005 10:28 AM
To: security-basics@securityfocus.com
Subject: VMWare and Security



Hello list,

We are looking into a VMWare ESX solution. I have a pretty open question and
that if there any security related concerns that are specific for a VMWare
solution?

With kind regards,

Philip Wagenaar

--
I am using the free version of SPAMfighter for private users.
It has removed 1189 spam emails to date.
Paying users do not have this message in their emails.
Try www.SPAMfighter.com for free now!




-- 
I am using the free version of SPAMfighter for private users.
It has removed 1336 spam emails to date.
Paying users do not have this message in their emails.
Try www.SPAMfighter.com for free now!
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: block MSN Messenger, Bipin Gautam
Next by Date:  Re: how to trace what is accessing the nic ?, Andreas Putzo
Previous by Thread:  VMWare and Security, P.B. Wagenaar
Next by Thread:  Re: VMWare and Security, Rik Bobbaers
Indexes:  [Date] [Thread] [Top] [All Lists]