Episode 8
From AstroArch
Virtualization Security Round Table Podcast Episode 8 show notes
- vSphere Security and RSA Conference update
Go to Talkshoe to download or listen to the podcast. Soon to be available also on iTunes.
We started out listing the new security features, of which there are 4:
- VMsafe
- vShield Zones
- Configuration Management in the form of Host profiles and Distributed Virtual Switch
- The Service Console is now within a VM
We debated each of these options, but whether they are good or bad will depend on how they are used more than anything. VMsafe could cost performance, but at the same time provides useful integration between third party security tools and ESX.
These tools are needed but by themselves may not add more security, but add the need for more monitoring and security/hardening to your environment.
- VMsafe requires additional hardening of VMsafe vApps,
- Service console as a true VM may have its own issues with Storage security.
- Hostprofiles do not go deep enough so other configuration and automation tools are required
- VMware vShield Zones is another tool that already exists but ties into the configuration management of the Distributed Virtual Switch.
We also got the update from RSA Conference from Michael and Hoff. The conference is all about Cloud. Last years products rebranded as Cloud Ready. Not sure if that is possible if the cloud has no real definition at this time? Just seems crazy.
Panelist BIOs
- Michael Berman is the CTO of Catbird, with over 20 years experience in system engineering, architecture, design and implementation of secure computing. Michael's experience includes implementation of C2 UNIX; Fortune 100 enterprise security; and expert support in the prosecution of computer crimes. He is a member of the Electronic Crimes Task Force and High-Tech Crime Investigation Association and a Certified Information Security Systems Professional (CISSP). Michael is a frequent speaker on the topic of virtualization and security.
- Chris Hoff is Unisys Corporation’s Systems & Technology division chief security architect. Hoff has over 15 years of experience in high-profile global roles in network and information security architecture, engineering, operations and management. Prior to Unisys, he served as Crossbeam Systems' chief security strategist, was the CISO for a $25 billion financial services company and was founder/CTO of a national security consultancy and led the security engineering team of one of the first global managed network security service providers. Hoff is a prolific blogger and sought after speaker at leading security conferences.
- Iben Rodriguez is an Infrastructure Consulting Professional with over 20 years experience working in complex IT environments. Iben has an extensive knowledge of VMware-specific environments having spent 2 years working for VMware in various roles. Iben has led and delivered very complex projects for Fortune 500 companies, including Switzerland based pharmaceutical companies, one of the world's largest online auction companies and a large city government in southern California. Iben is considered one of the foremost industry experts in VMware-based security and infrastructure design.
- Edward L. Haletky is the author of VMware vSphere(TM) and Virtual Infrastructure Security: Securing ESX and the Virtual Environment, VMWare ESX Server in the Enterprise: Planning and Securing Virtualization Servers. Haletky owns AstroArch Consulting, Inc., providing virtualization, security, network consulting and development. Haletky is also a guru and moderator for the VMware Communities Forums, providing answers to security and configuration questions, prolific blogger, and is working on new books on Virtualization.
Comments
Talk:Episode 8Podcast audio improvements by Tim Pierson of DataSentry, Inc.
