Vulnerability calls for renewed focus on hypervisor security

Last week VMware issued a security advisory, warning that two newly-identified vulnerabilities can lead to a denial-of-service attack and the execution of arbitrary code on a VMware host and recommended that VMware administrators do not import virtual machines from untrusted sources.

Last week VMware issued a security advisory, warning that two newly-identified vulnerabilities can lead to a denial-of-service attack and the execution of arbitrary code on a VMware host and recommended that VMware administrators do not import virtual machines from untrusted sources.


The existence of such a significant vulnerability calls for and demands a renewed focus on hypervisor security. One of the greatest advantages of virtualization is that it enables multi-tenant environments. One company, division or agency should be able to run critical and sensitive virtual machines on the same physical machine and hypervisor as other groups without an increased security risk. A fundamental requirement of this model is that an organization does not need to be concerned with other, “untrusted” virtual machines.


Organizations need to re-think the typical hypervisor security model to ensure proper segregation of duties and least-privilege access for hypervisor administrators. By applying these standard security principles to the hypervisor, individual virtual machines are significantly more protected in the event that a privileged hypervisor identity is compromised.


All organizations that operate virtual machines in a multi-tenant environment should require that privileged identity controls be implemented at the hypervisor-level. While in the past, these controls were primarily used to protect against malicious hypervisor administrators, they are now a critical security tool that is needed to protect against other virtual machines.

Written by

Russell Miller

Russell Miller has spent over five years in network security in various roles from ethical…

Published in

Security

View this topic
  • James Holland

    This is great. Hooray for Disney’s imagineers!

  • http://www.sheistocktips.com/ SHRISTOCKTIPS

    SHRISTOCKTIPS has
    become a new brand in the share market research with its accurate research. Proven
    itself always right whether market is bull or bear. Last week all paid clients
    booked handsome profit in NIFTY, BANKINIFTY & STOCKS. Now for the coming
    week we expect more correction can come in NIFTY as the IRAQ issue is getting
    more tense, If it happens more then you will see a sharp fall in all world marketNSE BSE, STOCK TIPSbecause as we know all world run on
    crude & most of the crude comes from IRAQ. So be ready for a sharp fall so
    sell will be the best strategy for next week also. Traders can make a sell
    position in NIFTY around 7600-7650 with stoploss 7750 for the target of
    7300-7200.One can also make a sell call NIFTY 50 stocks as per NIFTY levels. You
    can also take our two days free trial to check our accuracy. For further updates
    you can visit our website. http://goo.gl/sMgZ7n

    Regards

    SHRISTOCKTIPS TEAM

  • king lear

    testing comment functionality, please do not publish this

  • http://www.rachelmacik.com Rachel Macik

    Love the personal pic :)

  • Plutora Inc

    This is a good case study. 2.3 sec’s off a login transaction is big.