|
 |
 |
VMFW Enforcer other Platforms |
|
|
|
|
|
|
|
 |
|
 |
|
Address Virtualization Specific security issues |
|
Protect your VMWare Servers from known hypervisors vulnerabilities |
|
Virtualization Vulnerability Monitoring |
|
VM Speicifc Intrusion Prevention |
|
Firewalling & VM NIC Isolation
|
|
VMSprawl Control |
|
Monitor VM Escape
|
|
Prevent Hyperjacking
|
|
Incorrect VM Isolation |
|
VM Poaching |
|
Uncontrolled VM Migration |
|
Unintentional VM Tools exposure
|
|
Guest VM OS & network vulnerabilities
|
RedCannon VMFW Enforcer™ for VMWare Server has three enforcement agents which can be deployed within the VMHost to protect the VMWare Server or Workstation as well authorized VMs running within it’s virtual environment. Through central policy control, VM Enforcer can prevent uncontrolled VM sprawl, Unauthorized VM migration, VM Poaching and a host of other virtualization specific vulnerabilities .
Secure Type-1s, Restrict Type-2s:
Virtualization Environments commonly known as Hypervisors are available in two different modes. Type-1 hypervisors work “bare metal” i.e. directly on top of the physical hardware of the computer while Type- hypervisors run as a process within another Host OS. Majority of the freely available hypervisors are of type-2. Therefore in order to control their usage in the enterprise environment, security solutions used to prevent such use, need to seat within the Host OS where the Type-2 hypervisor could be installed or already installed.
Secure VM Environment Requirements:
An Enterprise VM Security Policy needs to ensure that enforcements are made across every machine that is or can potentially act as virtualization host. Policies such as the following & many more need to be addressed in an Enterprise virtualization Environment.
• Which VMs are allowed to run on which Server or WorkStation?
• Should IT allow more than a certain number of VMs on each server to enforce Sprawl control?
• Should IT allow VMs to have access to certain media drives to prevent data leakage & other vulnerabilty exposure?
• Should IT Allow VI Console Access? From which computers?
•
Persistent VM Tagging:
Policies for authorized VMs have to stay with VMs regardless of whether VMs move from one Sever to another or is copied. VMFW VM Enforcer uses a unique patent-pending technique called “VM Tagging” to tag authorized VMs. Like electronic tagging of computers, these VM tags allow VM Enforcer to identify each VM & it’s derived VMs uniquely and thus enforcing central polices for these VMs. The VM Tag moves with the VM whether the VM migrates from one server to another. VM tags also can be used to tag VM templates which subsequently used to create VMs in server environment, retaining the tagged identity of the original VM template.
Secure Hypervisor Enforcement on Mutiple Platforms
Type-2 hypervisors such as VMWare Server or WorkStation are as secure as their Host computer is. If the VMHost can be broken in to then it’s not difficult to break in to their virtualized environments. Subvert attacks on the VMHost through network or OS vulnerabilities can even replace the entire Hypervisor with a Trojan (Hyperjacking). VMFW monitors & enforcers security policies on these vulnerabilities while protecting the VMHost, the VME & VMs from known network & OS attacks .
VMFW VM Enforcer is available on Windows & Linux. It support VMWare Server 1.0 & 2.0 as well as WorkStation 6.5, 6.04 & prior versions. Based on the installed VME, VM Enforcer automatically uses VMWare specific controls to enforcer various security policy parameters.
VM Specific Policy Enforcement:
VM Enforcer can enforce individual policies on each Virtual Machine running within ESX server such as whether to allow CD-ROM,, USB drives or multiple NICs from the VM, enforce logging as well CPU & memory usage limits etc.
VM Enforcer offers a seamless policy control across all ESX & ESXi server deployment within the organization or it’s Data Center. VMFW Manager can be used to control all VMFW modules including VM Enforcer for ESX Servers.
Specifications
• Supports & Secures all versions of VMWare Server & WorkStation
• Enforces security with a quick 3-step installation of virtualization security agents in to VMHost
• Works on Windows XP, 2003, Vista and Linux
• Simple Mangement interface to configure security policies
|
|
|
