Home page logo

educause logo Educause Security Discussion mailing list archives

Re: Virtualization and Security ?
From: Robert Maxwell <rmaxwell () UMD EDU>
Date: Tue, 11 Nov 2008 18:00:17 +0000

I also think there may be some administrative issue there. In working with ESX and the admin console, I can snapshot 
and suspend or kill VMs even without the admin's help. That may be bad in certain environments, but you eventually have 
to trust someone to do something, no?

Robert Maxwell, CISSP, GCFA
Lead Incident Handler                      OIT Security, University of Maryland
rmaxwell at umd dot edu
GnuPG Public Key:   http://security.umd.edu/contact/Robert_Maxwell.asc

-----Original Message-----
From: "St Clair, Jim" <Jim.StClair () GT COM>

Date:         Tue, 11 Nov 2008 12:57:17 
Subject: Re: [SECURITY] Virtualization and Security ?

Joel Rosenblatt wrote:
This is what happens when you have too many specialists :-)

That's true, but I would also think there is an segregation of duties
(SoD) issue - depending on your use of virtual servers, do you want the
OS admin to also manage the virtual environment?

James A. St.Clair, CISM, PMP
Senior Manager
Global Public Sector
Grant Thornton LLP
T  703-637-3078
F  703-637-4455
C  703-727-6332
E  jim.stclair () gt com

The people in the independent firms of Grant Thornton International Ltd provide personalized attention and the highest 
quality service to public and private clients in more than 100 countries. Grant Thornton LLP is the U.S. member firm of 
Grant Thornton International Ltd, one of the six global audit, tax and advisory organizations. Grant Thornton 
International Ltd and its member firms are not a worldwide partnership, as each member firm is a separate and distinct 
legal entity.
In the U.S., visit Grant Thornton LLP at http://www.grantthornton.com/.
-----Original Message-----

From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Joel Rosenblatt
Sent: Tuesday, November 11, 2008 12:48 PM
Subject: Re: Virtualization and Security ?

Because they didn't have access to the EMX console - they were admins
for the underlying OS only, not the virtualization.

This is what happens when you have too many specialists :-)


--On Tuesday, November 11, 2008 10:34 AM -0700 Eric Case
<ecase () email arizona edu> wrote:

At 09:40 AM 11/11/2008 -0500, Joel Rosenblatt wrote:
One thing that we ran into was that the administrator of the hosting
system should be able to shut down each virtual machine separately -
we had one virtual machine compromised over a weekend and the only
person available was the admin of the host - so, the whole system
was shut down until we could dig up the admin of the bad virtual

      Why didn't you suspend the compromised machine?

Eric Case, CISSP  <ecase () Arizona edu>
Information Technology Services Coordinator
Information Security Officer
College of Engineering   <http://www.Engr.Arizona.edu>
1127 E James E. Rogers Way Room 200
Tucson, AZ 85721-0020
Mobile Phone 520-275-6436

Joel Rosenblatt, Manager Network & Computer Security
Columbia Information Security Office (CISO)
Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033

In accordance with applicable professional regulations, please understand that, unless expressly stated otherwise, any 
written advice contained in, forwarded with, or attached to this e-mail is not intended or written by Grant Thornton 
LLP to be used, and cannot be used, by any person for the purpose of avoiding any penalties that may be imposed under 
the Internal Revenue Code.
This e-mail is intended solely for the person or entity to which it is addressed and may contain confidential and/or 
privileged information. Any review, dissemination, copying, printing or other use of this e-mail by persons or entities 
other than the addressee is prohibited. If you have received this e-mail in error, please contact the sender 
immediately and delete the material from any computer.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]