mailing list archives
RE: Deny access to copy files
From: Craig Wright <Craig.Wright () bdo com au>
Date: Thu, 5 Jun 2008 06:12:26 +1000
No even a single system
Risk = hypervisor_risk + Host_risk
As the VM host and the System host are configured exactly the same other than the underlying system;
Host_risk =VM_ Host_risk = System_ Host_risk
What you seem to be suggesting is have several VMs with each assigned to a developer. What you are forgetting is
development systems are not production systems. By their nature, developers have access to email and browsers and you
are deluding yourself if you think otherwise as the development tools themselves provide this level of functionality.
Developers also interact. A pile of insecure VMs on a host only compound the issue.
When making a risk model, you need to add the condition that VMs act not as an independent factor, but statistically as
a dependent one. This provides both the additive risk and a multiplicative factor.
Each developer will have their own system in a MS model. This will link to the server. Having multiple server instances
with the workstation adds no additional mitigation.
So to address the comment "the alternative may in fact be multiple developers sharing the same operating system",
remember that this is an MS environment and not a Unix one firstly. Each set of developer workstations needs to be
Next internal systems development should mirror production. In this event, VMs do not equate to multiple real systems
and this adds a level of coding risk. Take all the factors and run a simple MCMC simulation and the risk is rarely if
ever reduced in the VM case. The issue is not risk reduction, but cost.
From: Gregory Boyce [mailto:gregory.boyce () gmail com]
Sent: Wednesday, 4 June 2008 10:57 PM
To: Craig Wright
Subject: Re: Deny access to copy files
On Tue, Jun 3, 2008 at 5:50 PM, Craig Wright <Craig.Wright () bdo com au> wrote:
Well scientifically, you should be able to advocate why a VM is a security device if this is to be propounded.
But to prove the negative (and to paraphrase a little from the Burton group).
1. All the attacks and vulnerabilities are the same. From the host perspective - nothing has changed being on a VM. The
same vulnerabilities exist.
2. Risk is additive. The hypervisor has its own risks. These are added to 1.
3. Separation reduces risk. Running several systems on the same hypervisor makes them more (not less vulnerable). All
of the systems are just as vulnerable as a locked down host on a system with the added benefit of also having the risk
from the hypervisor abstracted onto them.
4. Aggregation of content increase risk.
5. The more layers are added - the more risk. Having a system on a bios has risk, adding bios and (potentially nested)
VMs adds risk.
What you just proved is that multiple VM instances is less secure than multiple pieces of physical hardware. Without
the budget for that many systems, the alternative may in fact be multiple developers sharing the same operating system.
The comparison of security levels there turns out a bit different.
Manager, Risk Advisory Services
Direct : +61 2 9286 5497
Craig.Wright () bdo com au
+61 417 683 914
BDO Kendalls (NSW-VIC) Pty. Ltd.
Level 19, 2 Market Street Sydney NSW 2000
GPO BOX 2551 Sydney NSW 2001
Fax +61 2 9993 9497
The information in this email and any attachments is confidential. If you are not the named addressee you must not
read, print, copy, distribute, or use in any way this transmission or any information it contains. If you have received
this message in error, please notify the sender by return email, destroy all copies and delete it from your system.
Any views expressed in this message are those of the individual sender and not necessarily endorsed by BDO Kendalls.
You may not rely on this message as advice unless subsequently confirmed by fax or letter signed by a Partner or
Director of BDO Kendalls. It is your responsibility to scan this communication and any files attached for computer
viruses and other defects. BDO Kendalls does not accept liability for any loss or damage however caused which may
result from this communication or any files attached. A full version of the BDO Kendalls disclaimer, and our Privacy
statement, can be found on the BDO Kendalls website at http://www.bdo.com.au/ or by emailing mailto:administrator ()
bdo com au
BDO Kendalls is a national association of separate partnerships and entities. Liability limited by a scheme approved
under Professional Standards Legislation.
Re: Re: Deny access to copy files cgmicro (Jun 02)
Deny access to copy files Craig Wright (Jun 03)
RE: Deny access to copy files Craig Wright (Jun 04)
Re: Deny access to copy files glunadelaguila (Jun 19)