Tuesday, April 3, 2012

CPE: McAfee AudioParasitic: Episode 20 Virtualization part 2/2

length:  00:23:00
Special guests: Rafal Wojtczuk and Rahul Kashyap.

When you go virtual, you will have same security problem
When deploying virtual environment need to prepare security wisely

It’s naïve to think that that virtual = secure

Virtualization has a lot to offer:
-          Offer separation
-          Offer much level of control
It’s difficult to detect rootkit, hypervisor offer a new level, allow freeze the system and analyze it – including analyzing the system accurately
This procedure cannot be tempered by the code running at guess level
-          Create opportunity to AV companies having this level of control & access – get better view of the state of the OS

Trusted computing could be very important solution
If there is rootkit – hard to detect – having secure channel helps!

In BSD & linux: KVM Kernel Virtual Memory

Can VM be detected via network?
As easch VM guest get a slice of processing time, in round robin, it is possible to do packet analysis – looking at the rate of how packet is created – it’s possible to guess if it’s a VM..

Labels: ,


Post a Comment

Subscribe to Post Comments [Atom]

<< Home