Virtualization security resources

VMWARE:


DISA guide: VMWare "ESX Server Security Technical
Implementation Guide"


http://iase.disa.mil/stigs/checklist/esx_server_checklist_v1r1_30_apr_2008.pdf


VMware Infrastructure 3 Security Hardening
guide


http://www.vmware.com/resources/techresources/726


Tripwire ConfigCheck (a free utility that assesses the
security of VMware ESX deployments)


http://www.tripwire.com/configcheck/



VMDetect
http://feedfury.com/content/1401602-vmdetect_by_danny_quist_source_exe.html


XEN: 'XEN architecture
overview'


http://wiki.xensource.com/xenwiki/XenArchitecture?action=AttachFile&do=get&target=Xen+Architecture_Q1+2008.pdf


"Owning Xen in Vegas!" (Blog entry from Joanna
Rutkowska)
:

http://theinvisiblethings.blogspot.com/2008/07/0wning-xen-in-vegas.html


XENON:


John McDermott presentation on Xenon at Xen Summit
2007
:

'http://www.xen.org/files/xensummit_4/XenSummitSpring07_McDermott.pdf'


Video and presentation slides of John McDermott's talk
on Xenon at Xen Summit
2008:
http://www.xen.org/xensummit/xensummit_summer_2008.html


'Re-engineering Xen internals for higher-assurance
security' (Paper on Xenon)
:

http://www.gcn.com/newspics/XenInternals.pdf


VIRTUALIZATION SECURITY RESEARCH:


"Bridging the Gap between Software and Hardware
Techniques for I/O Virtualization" (USENIX refereed
paper):
http://www.usenix.org/events/usenix08/tech/santos.html


"Protection Strategies for Direct Access to Virtualized
I/O Devices" (USENIX refereed
paper)
http://www.usenix.org/events/usenix08/tech/willmann.html


DMZ ISSUES


CIO magazine: "Virtual Servers in the DMZ Pose Security
Risks"
http://www.cio.com/article/382113/Virtual_Servers_in_the_DMZ_Pose_Security_Risks


'DMZ Virtualization with VMware
Infrastructure' (VMWare white paper)
http://www.vmware.com/resources/techresources/1052


'


'



About the Author

Joab Jackson is the senior technology editor for Government Computer News.

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above