Monitoring Virtual Machines
In the past month or so, I have had more than one discussion with different friends on the monitoring of virtual machines(VMs). Some of the conversations I have had centered on: What tool(s) should I use? Should I monitor all communications between VMs? What about an IDS? How about Firewalls? etc. It seems there are a lot of questions about keeping things secure in a virtual world environment.
Virtualization has allowed us to do some wonderful things and it has also created a nightmare from a security perspective if not done thoughtfully. Why a nightmare? Let's say it's an organization with many different departments securely separated: Financial, Human Resources, Research and Development, Operations, Legal, Security etc. To consolidate, save money and take advantage server space, the company decides to use virtual machines. To efficiently maximize the use of available resources, some departments ended up together on the same server, while others stayed on separate servers. However, just because they are in the same department, does not mean they are allowed to communicate. Some R&D projects are not allowed to have access to the other for example. The real question becomes how do you to protect and monitor.
Do you invest in tools to monitor on the server between the VMs? Do you just monitor outside the servers to ensure what actually leaves? As an example, one IDS and firewall could be used to monitor and control communications between multiple servers. However, when you collapse them into VMs, the monitoring ability from that one IDS and firewall has been significantly degraded. With that said, I also encountered the the other argument that virtual machines can be isolated by the software, so there is no need to worry. The worry is that you have lost the visibility to monitor that you once had, unless something is done. In this scenario, you are relying on the virtualization to keep it secure, but what about monitoring to ensure it is providing the security you are expecting?
I believe it is a combination of both VM level monitoring and network level monitoring. It really depends on the sensitivity of the information on or processed by the VMs as to how you handle it. There may still be a compelling argument for segregation. However, if you're in a environment that collapsed servers to save money, you may be find yourself in the position to have to demonstrate the need to spend more money on security and explain why you cannot rely on the existing security architecture. Virtualization has changed the traditional approach to monitoring and introduced variables that may not have even been considered yet by an organization moving to a virtual world. The emphasis needs to be on having the same view into your systems as you did before. The existing security architecture and monitoring efforts were put in place for a reason and need to be carefully preserved.
What approach and techniques have you used to ensure you can monitor and secure the virtual environment?
Comments
Anonymous
Dec 3rd 2022
9 months ago
Anonymous
Dec 3rd 2022
9 months ago
<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.
<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission
Anonymous
Dec 26th 2022
8 months ago
Anonymous
Dec 26th 2022
8 months ago
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
Anonymous
Dec 26th 2022
8 months ago
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
Anonymous
Dec 26th 2022
8 months ago
Anonymous
Dec 26th 2022
8 months ago
https://defineprogramming.com/
Dec 26th 2022
8 months ago
distribute malware. Even if the URL listed on the ad shows a legitimate website, subsequent ad traffic can easily lead to a fake page. Different types of malware are distributed in this manner. I've seen IcedID (Bokbot), Gozi/ISFB, and various information stealers distributed through fake software websites that were provided through Google ad traffic. I submitted malicious files from this example to VirusTotal and found a low rate of detection, with some files not showing as malware at all. Additionally, domains associated with this infection frequently change. That might make it hard to detect.
https://clickercounter.org/
https://defineprogramming.com/
Dec 26th 2022
8 months ago
rthrth
Jan 2nd 2023
8 months ago