[Dshield] The race to the bottom - Virtualizing all your servers - security measure or not?

dianalucy00-sans at yahoo.com dianalucy00-sans at yahoo.com
Wed Aug 30 14:59:29 GMT 2006


I was reading an article in Network World, when a term caught my eye, 
VM Rootkits was discussed in eweek 5 months ago (see VM Rootkits, 
"http://www.eweek.com/article2/0,1895,1936666,00.asp").  For those that 
don't know - and please if I am wrong let me know -a VM Rootkit basically 
hoists itself between the hardware and operating system.  The rootkit will 
virtualize the OS so no matter what you do on the OS, you'll never know the 
rootkit is there.  I know it's old news to some, but it was the first I had heard 
of it.  I lamented to my cohort that we are basically screwed. 
 
Rather than throw in the towel, I thought what if I get there first. In other words, 
by virtualizing all my servers on top of a Linux host with a firewall and SELinux 
enabled, that I might beat that threat or at least delay it until I can figure out 
what else to do.  
 
This is defense in depth on steroids - don't you think? 
 
Virtualization as a security measure, is that a good idea or a stupid 
(dee-dee-dee) one? 
 
- Linda :)  
For my non-geek friends: 
Friends don't email friends .exe or .com files. So don't open those types of attachments!! 
For my geek friends: 
Adopt a newbie.... 
 
P.S. I want to change my tagline slightly, 
"Friends don't email friends ...  So don't open those types of attachments." 
All my newbie friends see this tagline, I find it's lo-tech educational.  
Anyone with suggestions for filetypes to mention (offlist please)?  .EXEs and .COM 
files are 'so last century'. 
  
For my non-geek friends: 
Friends don't email friends .exe or .com files.  So don't open those types of attachments!! 
For my geek friends: 
Adopt a newbie.... 
 




More information about the list mailing list