Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Security Expert Expands On Reducing Virtualisation Vulnerabilities

ISACA : 03 March, 2011  (Technical Article)
Online presentation details ring security strategy for realising the benefits of virtualisation without falling foul to the associated security vulnerability issues

An IT security expert claims that, despite all the media hype, virtualisation is actually not a new technology, and dates all the way back to the 1960s.  Professor John Walker, member of the Security Advisory Group of ISACA’s London Chapter and CTO of Secure-Bastion, said that, although it’s not a new technology, it has recently come to the forefront again and offers organizations many benefits to the enterprise IT environment.


Professor Walker, gave an online presentation in which he said that whilst virtualisation's benefits include reduced server sprawl and a quicker build time, there are clear security issues.


As with any system, or application configuration, he said, control is vital to security, and its professionals should remember that this security principal applies to the on-line and off-line images alike.


IT professionals, he went on to say, should take care to ensure that new builds are tracked, and that, again, as with conventional systems and applications, virtualised environments need to be patched up and fixed.


"They also suffer from vulnerabilities," he told his audience.


Professor Walker also detailed his ”ring security strategy,“ which defines the virtual environment as the operating system block and three rings:  ring 0, ring 1-2 and user applications.


Despite the potential security headaches associated with virtual networks, Professor Walker said that VLANs have become a great security enabler for the enterprise and that VM environments are ideal platforms for IT testing.


VM systems are also ideal tools for the mobile security tester, he went on to say, adding that this is because they support the running of multiple operating systems, multiple applications and multiple tools.


"And if you break it, you just recopy the image," he explained.


The cloud, however, changes a number of things. Professor Walker said that the advent of cloud computing has seen¾and will continue to see¾the use of virtualisation advance.


The question is, he added, are VM applications getting too expensive?

Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo