vSphere 4.0 Hardening Guide Released

 Allgemein, Cloud, Updates, VMware, VMware ESX  Kommentare deaktiviert für vSphere 4.0 Hardening Guide Released
Apr 282010
 

Source: http://blogs.vmware.com/

VMware would like to announce the availability of the final release of the vSphere 4.0 Security Hardening Guide.  This version incorporates the extensive feedback from the VMware community on the previous draft release, which was published in January.  We would like to thank all the people who took the time to go through the draft release and provide their comments.

This guide represents a new approach to providing security guidance from VMware. As compared with the previous VI3 Hardening Guides, the current guide has the following highlights.

  • Structure: this version uses a standardized format, with formally defined sections, templates, and reference codes.  The goal is to increase clarity and reduce ambiguity, make it easier to reference individual guidelines, and most of all, enhance the ability to automate guideline enforcement.
  • Recommendation levels: in following with the formats used by NIST, CIS, and others, this guide categorizes all guidelines into three security levels.  Instead of recommending a single set of guidelines for all environments, this guide encourages more of a risk-based approach, so that individual administrators can decide which guidelines apply to their environment.

Overall, there are more than 100 guidelines, with the following major sections:

The Introduction section describes the scope, structure, recommendation levels, and other aspects of the guide in more detail.  Please read this section first before diving into the rest of the guide, as it provides important context.

Although this version of the guide can be considered as „final“ and appropriate for use in production environments, we recognize that there is always room for improvement.  We will continue to welcome comments and corrections on this guide, and we will publish updated versions of the guide from time to time as feedback is accumulated.  This feedback of course will also be incorporated into the hardening guide for future releases of vSphere.

The vSphere 4.0 Hardening Guide has been posted to the VMware Communities in the „Security and vShield Zones” area, in the Documents tab.  Please provide feedback in the Comments area.

Reblog this post [with Zemanta]

Gartner Says 60 Percent of Virtualized Servers Will Be Less Secure Than the Physical Servers They Replace Through 2012

 Allgemein  Kommentare deaktiviert für Gartner Says 60 Percent of Virtualized Servers Will Be Less Secure Than the Physical Servers They Replace Through 2012
Mrz 172010
 

Source: Gartner Press Release >> http://www.gartner.com/it/page.jsp?id=1322414

Gartner Says 60 Percent of Virtualized Servers Will Be Less Secure Than the Physical Servers They Replace Through 2012

Gartner Outlines Six Most Common Virtualization Security Risks and How to Combat Them

STAMFORD, Conn., March 15, 2010 —  

Through 2012, 60 percent of virtualized servers will be less secure than the physical servers they replace, according to Gartner, Inc. Although Gartner expects this figure to fall to 30 percent by the end of 2015, analysts warned that many virtualization deployment projects are being undertaken without involving the information security team in the initial architecture and planning stages.

„Virtualization is not inherently insecure,“ said Neil MacDonald, vice president and Gartner fellow. „However, most virtualized workloads are being deployed insecurely. The latter is a result of the immaturity of tools and processes and the limited training of staff, resellers and consultants.“

Gartner research indicates that at the end of 2009, only 18 percent of enterprise data center workloads that could be virtualized had been virtualized; the number is expected to grow to more than 50 percent by the close of 2012. As more workloads are virtualized, as workloads of different trust levels are combined and as virtualized workloads become more mobile, the security issues associated with virtualization become more critical to address.

Gartner has identified the six most common virtualization security risks together with advice on how each issue might be addressed:


Risk: Information Security Isn’t Initially Involved in the Virtualization Projects

Survey data from Gartner conferences in late 2009 indicates that about 40 percent of virtualization deployment projects were undertaken without involving the information security team in the initial architecture and planning stages. Typically, the operations teams will argue that nothing has really changed — they already have skills and processes to secure workloads, operating systems (OSs) and the hardware underneath. While true, this argument ignores the new layer of software in the form of a hypervisor and virtual machine monitor (VMM) that is introduced when workloads are virtualized.


>> Read full article on http://www.Gartner.com

Reblog this post [with Zemanta]