More and more is coming out about the attack from a MacDonald’s that left an organization crippled for a bit of time. The final tally was that the recently fired employee was able to delete 15 VMs before either being caught or he gave up. On twitter, it was commented that the administrator must not have been a powershell programmer because in the time it takes to delete 15 VMs by hand, a powershell script could have removed 100s. Or perhaps the ‘Bad Actor’ was trying to not be discovered. In either case, this has prompted discussions across the twitter-sphere, blog-sphere, and within organizations about how to secure from such attacks.
TVP Tag Archives
Security of Performance and Management tools within the Virtual Environment
The problem is that not everything is as black and white as security folks desire. If we implement performance and other management tools, we often need to expose part of our all important virtualization management network to others. But how do we do this safely, securely, with minimal impact to usability? Why do we need to this is also another question. You just have to take one look at the Virtualization ASsessment TOolkit (Vasto) to realize the importance of this security requirement. But the question still exists, how do you implement other necessary tools within your virtual environment without impacting usability?
VMworld from an Open Source Perspective
VMworld is clearly the largest dedicated virtualization conference, and yet from an Open Source perspective it is slightly disappointing because the VMware ecosystem naturally attracts proprietary software vendors, and also some of the more interesting activities in Open Source are through multi-vendor foundations which do not have the same marketing budgets as vendors themselves.
Nevertheless, there are a number of key Open Source players, and some interesting smaller players, represented at VMworld.
Monitoring – The basics of the Cloud
“What do you wish to monitor?”, is often my response when someone states they need to monitor the virtual environment. Monitoring however becomes much more of an issue when you enter the cloud. Some of my friends have businesses that use the cloud, specifically private IaaS clouds, but what should the cloud provider monitor and what should the tenant monitor has been a struggle and a debate when dealing with them.