Mike D’s Blog

In an effort to expand some of the knowledge on the blog and get some more relevant posts up I’ve reached out to some people internal to VMware who will contribute here from time to time. First up is a good friend, Rob Randell. I hope you find the different views these guests share. This first post from Rob is more of an intro but you’ll find some more great info from Rob coming soon. Take it away, Rob!

Hi everyone, my name is Rob Randell. I’m a Security Specialist at VMware and Mike is giving me the opportunity to use his blog to talk a bit about virtualization security and more specifically the relationship between the virtualization team and the security teams within the customers that I talk to. My role at VMware allows me to talk to both virtualization professionals and security professionals about the security issues surrounding virtualization as well as the best practices that can help mitigate the risks and architect a deployment. The one thing that I have found in common in the most successful deployments is that the virtualization team works closely with the security team during all phases of the implementation. These customers included the security team as part of the architecture team and made sure they were a part of the deployment each step of the way.

Continue reading »

I was reading through one of my more favorite blogs (vinternals) today and it was brought to my attention that Symantec does not support VMotion. I found that a little shocking. No real reason was given for this in the Symantec KB other than intermittent communications. I highly doubt that’s because of VMotion since (a) VMotion doesn’t occur very often and (b) network communication isn’t dropped with a VMotion. And if you’re not going to support VMotion on VMware then where is the lack of support for live migration from the other vendors which operates in the same manner? It sounds to me like someone over at Symantec doesn’t understand what’s going on. Time for some alliances work. In the mean time I agree with the vinternal guy – customers need to push back on Symantec and tell them it’s time to belly up to the virtualization bar and start doing some real troubleshooting of their issues.

(Via vinternals.)

UPDATE (11-20-2008):

Symantec has updated their support policy. Apparently the old link above was a premature KB article that accidently got released. Good to see they do know what’s going on. Here’s the new link.

I was reading through a bunch of past articles and came across one about Microsoft patching a SMB security flaw from 7 years ago. Normally this wouldn’t concern me a lot for a couple of reasons:

1) There’s a lot of security holes that are less critical or never get exploited and so companies take a while to patch them. I’m not saying that’s a good thing – just that it happens.

2) I’m a big believer that people in glass houses shouldn’t throw stones. I work for a software company and as long as your software is running there could be a security issue. That’s just the nature of complex pieces of software. I don’t like to point out other’s vulnerabilities because it will just circle back around to hit me again.

With that said, this one sort of shocked me. A long time ago I used to do security audits for a living while working for a VAR. One of the very first things I’d do is crack out a tool that exploited the SMB issue referred to in the article to grab the SAM and thus a bunch of great passwords (including Domain Admin). It usually took all of about 5 minutes and worked every time. There are dozens of hacker tools out there on the web that include this exploit. This brings up the question of why Microsoft waited this long to fix a hole exploited by the #1 tool in my arsenal.

I haven’t done any audits in the past 6 1/2 years so maybe this little trick just stopped being used. Maybe people didn’t like the fact that you had to be on the network behind the firewall in order to use this attack. At schools and universities this just meant jacking in at the library or something. For corporations I would usually just setup some fake meeting during lunch, miss the person I was meeting with, and wait for them in a conference room – again behind the firewall. The point is you can’t always trust that just because something is behind a firewall that it’s protected so it really shocks me that this vulnerability is just getting patched.

Hoff, if you’re out there and reading, or any other security minded people please let me know what was up with this one.

If you’re ever faced with having to explain that virtualization is or can be secure then Gabe has put together an excellent post for you.

So you have that talk with your security officer again…: “”

(Via Gabe’s Virtual World.)

From time to time I get asked about how compliant VMware is with existing security standards such as HIPAA, SOX, and PCI. I usually talk about the many customers I know who have been through these audits successfully. Now there’s a resource center for the people in charge of maintaining compliance with these standards. The new VMware Compliance Center is now live on the public VMware site. You’ll find a lot of great resources there to help make sure you stay compliant and can pass your tests and audits.