Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

NIST lays out the basics of hypervisor security-- system admins take note

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

October 23, 2014

Click here to order the best deal on a HP enterprise dedicated server and at a great price.

American standards body the National Institute of Standards and Technology (NIST) has laid out the basics of hypervisor security in a draft publication released for comment on October 20.

The system admin guide presents no less than twenty-two security recommendations, under the key headings of isolating virtual machines from each other and the host hypervisor.

It also hints admins at controlling access and device emulation and preventing VMs from executing privileged operations.

The publication also talks about various VM management and managing settings for interactions with the hypervisor itself.

The report notes that some threat types are well known, well understood, and common to any server-based virtualisation software.

For example, system admins should already be aware that they need to secure against network-based attacks, and likewise that Web-based management interfaces are a real risk point.

On the other hand, security threats from rogue VMs being used as an attack vector through “channels such as shared hypervisor memory and the virtual network inside the hypervisor host” are specific to the virtualised environment.

Rogue VMs can arise through misconfiguration of the hypervisor and/or its guest container; or malicious/vulnerable device drivers, the document says, which provide vectors for attacks such as rootkit installation or attacks against other VMs on the same host.

On the network itself the report says, a rogue VM could spoof IP or MAC addresses, hop across the VLANs that are meant to isolate traffic of different tenants, or try to intercept network traffic.

Rogues can also be used for denial-of-service attacks, by way of resource starvation. The draft, written by NIST director and George Mason University professor Ramaswamy Chandramouli, is open for comment until November 10.

Source: The National Institute of Standards and Technology.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact
Copyright © Internet    Terms of use    Privacy agreement    Legal disclaimer