Tuesday, April 08, 2008 7:54 PM/EST
San Francisco (4/8/2008)--The "Mitigating Virtual Machine Security Vulnerabilities" panel with newcomer Fortisphere, old-timer Configuresoft and nonprofit security adviser the Center for Internet Security was so popular that RSA officials had to turn away hundreds of attendees. I'll summarize the most important things that system and network managers should consider when securing virtual machines, but first let me say that Fortisphere is one of the most interesting companies at RSA. I had a chance to sit down with Fortisphere's Chris Farrow yesterday in a private briefing. In a nutshell, Fortisphere tags VMware virtual machines with a kernel-level driver so that the machine and any children that are cloned or snapshotted from the VM can be tracked as it moves around the virtual environment. OK, so here's what came up at the panel. Watch guest-to-guest communication. Can your IDS or firewall products secure against guest communication on the same host? Most likely...
Tuesday, April 08, 2008 1:28 PM/EST
Moderator: Burt Kaliski, Scientist, RSA Laboratories and Director, EMC Innovation Network 10:25 RSA Conference, San Francisco, CA 4/8/2008 Panelists: Whitfield Diffie, Vice President and Fellow Chief Security Officer, Sun Microsystems Martin Hellman, Professor Emeritus of Electrical Engineering, Stanford University Ronald Rivest, Viterbi Professor of Electrical Engineering and Computer Science, MIT Adi Shamir, Professor, Computer Science Department, Weizmann Institute of Science WD: [We're seeing a] call to action where there should be a call to question. Instead of a call based on a Cold War approach. The essential problems of building secure crypto systems seem for all practical purposes to be solved. We've worked on it for 80 years. We have a pure barrier objective that stands. On the other hand, Internet security is a mess. Gossler at Sandia Nat'l labs says the adversary sits on the other side and picks at your infrastructure. In information assurance, the development cycles in...
Tuesday, April 01, 2008 5:05 PM/EST
I asked Adam Bosnian from privileged access management maker Cyber-Ark what sessions he thought would be interesting at RSA. He's going to the application security sessions. In years past, he's seen these sessions focus on application coding security tools to look for buffer overflows or other coding errors that could create a security risk. I'll also be interested to see if, because of SOA, app makers will focus on making apps while leveraging security products such as Cyber-Ark's newly announced Enterprise Password Vault 4.5 to take care of access management. This isn't the first time I've heard a security company talk about wanting to see app makers give over access management to a specialized company instead of building access management from scratch. And the features in the latest version of Enterprise Password Vault include a verification process that checks the stored password with the credential used on the target system...
Thursday, March 13, 2008 5:23 PM/EST
IBM announced its acquisition of enterprise single-sign-on vendor Encentuate on March 12. Ian Yip has interesting analysis of the deal here. I've been following Passlogix and Encentuate for years and I have to agree with Ian on the business analysis. Also what this means for IBM customers who bought ESSO from IBM....
Wednesday, March 12, 2008 6:46 PM/EST
VMware and Citrix XenServer cordially traded shots at the annual N-Square dinner hosted by the Internet Research Group on March 11 at Ming's Restaurant in Palo Alto. (The "Happy Family" was delicious, and it was a nice place for a group meeting.) IRG (Internet Research Group) principal Peter Christy started off the main event of the evening by forbidding marketing-speak and introducing Nand Mulchandani, a senior director at VMware and Simon Crosby the CTO of XenSource at Citrix. Both Mulchandani and Crosby agreed that customers who were facing security problems most often did so because they incorrectly implemented virtualization, or improperly configured the virtual infrastructure once it was in place. Crosby made the case that open was better than proprietary because the code base is open to examination by the most paranoid minds including the National Security Agency. Further that the NSA contributes innovative advances in virtualization security along with...
Friday, March 07, 2008 5:23 PM/EST
Ray Sirois, IT manager for water engineering firm Wright-Pierce has a problem with Autodesk's AutoCAD 2008. Sirois took the unusual step of issuing a press release announcing that his company would stop work on any upgrade plans until performance problems are resolved. The backstory is that in 2004, my former colleague Henry Baltazar wrote a review of Riverbed Technology's Steelhead application acceleration/WAN bandwidth optimization products. Baltazar also wrote a case study featuring Sirois and Wright-Pierce, one of the first U.S. customers of Riverbed. Then, Sirois was a very satisfied customer. Today, he's frustrated at what he calls a lack of communication and corrective action from Autodesk. For the record, he remains a very satisfied customer of Riverbed. Today, according to Sirois, when a user saves a file in AutoCAD 2008, the contents of the DWG (the native format for AutoCAD drawings) file are reordered. This reordering makes the file appear...
Tuesday, March 04, 2008 5:38 PM/EST
My colleague Michael Vizard covered Cisco's announcement of the ASR 1000 at CeBIT. I'm anxious to get a look at Cisco's new ASR 1000 Series Aggregation Services Router with Cisco IOS XE. The platform is supposed to be able to offer high availability for IPsec VPN, firewall services, NetFlow event logging, and DDoS detection and mitigation without stopping. Like I said, very interesting and I'm looking forward to getting a look at the device. In the meantime, poking around on Cisco's site yielded this gem for IT managers: a significant change in Cisco's maintenance policy for IOS XE. In the Cisco IOS XE Software End-of-Life Strategy document Cisco will start releasing IOS XE software every four months instead of waiting for a feature queue to fill as is the case for IOS. The good news is that this means network managers will be able to schedule maintenance on a predictable...
Monday, March 03, 2008 6:02 PM/EST
Aside from VKernel, I'm not seeing a lot of choice for IT managers who want to enable chargeback for virtual infrastructure costs. However, I met today with virtual test lab management toolmaker Surgient and got a little more insight into some ways IT managers might think about chargeback. Erik Josowitz, a VP at Surgient, suggested that quantifying RAM and time might be a good way to measure the amount of resources a VM is using, and therefore could be a good way to charge departments for virtual computing resources. Other resources to measure could be VLAN, IP address and MAC address consumed. I suggested network bandwidth, but agreed with Erik that the incremental use cost for bandwidth was so small as to be negligible when compared to the other metrics he suggested. What is clear is that VM infrastructure is paying for itself through hardware consolidation and power reductions. It's...
Tuesday, February 26, 2008 7:05 PM/EST
My news colleague Clint Boulton got a look at IBM's three-dimensional data center modeling software tool. IBM's 3-D data center management system is actually quite retro ... CA developed a 3-D interface for its Unicenter system management platform in 1997. I think 3-D interfaces are as bad an idea today as they were when I first flew around in CA's Unicenter. Here are the reasons why: 1. The video game interface is great for selling management systems on the golf course, but impractical in an operations center. System, network and application managers need to see what isn't working, quickly. In my testing experience, 3-D interfaces are ineffective at showing problems quickly. 2. Lists are better. A simple color-coded list that puts high-priority problems at the top is much more effective than a system that requires clambering around in a 3-D interface. 3. Three-dimensional interfaces are ineffective at sharing valuable management...
Monday, February 25, 2008 6:51 PM/EST
Novell announced today (Feb. 25) that it was acquiring PlateSpin, a data center virtualization management tool maker. As I've been covering how to prevent virtual machine sprawl, I'm interested in getting a look at what PlateSpin brings to the table, in particular the PowerRecon and PowerConvert products that enable virtual machine chargeback and usage accounting and workload portability between networked physical resources. In my tech analysis of how to prevent virtual machine sprawl, I reported that Ziff Davis Enterprise Editorial Research had found that 80 percent of respondents said lowering hardware costs was their top virtualization driver. I suggested in the story that controlling virtual machine management costs would rise in importance after the physical-to-virtual ("p2v") transition was complete. I suspect that products like those made by PlateSpin and strategies such as Novell's drive to monitor and manage multiplatform virtualized environments will quickly become the important factors in determining the...
|
|
