The security of virtualized environments is getting a lot of attention because VMware, a leading vendor in the sector, had a nasty encounter with some bugs last week. The issue, described at Network World and elsewhere, centers on flaws in the company’s Dynamic Host Configuration Protocol (DHCP) that could give an intruder control of the machine. The three DHCP flaws and a fourth, uncovered by McAfee, all have been patched.
This Help Net Security story says there are eight steps an enterprise should take to protect its virtualized environments. IT departments should make sure vendors fully support applications running within this structure; update security policies and procedures appropriately; make sure the host machine is secure; use strong access control to make necessary changes to incident response and forensics plans.
Also, the machines should exist on a “virtual DMZ” that enables communications between the disparate virtualized elements; update and upgrade network intrusion detection and prevention protection in a manner appropriate for virtualized environments and make necessary changes for incident response.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment