Virtualization security resources
- By Joab Jackson
- Jul 28, 2008
VMWARE:
DISA guide: VMWare "ESX Server Security Technical
Implementation Guide"
http://iase.disa.mil/stigs/checklist/esx_server_checklist_v1r1_30_apr_2008.pdf
VMware Infrastructure 3 Security Hardening
guide
http://www.vmware.com/resources/techresources/726
Tripwire ConfigCheck (a free utility that assesses the
security of VMware ESX deployments)
http://www.tripwire.com/configcheck/
VMDetect
http://feedfury.com/content/1401602-vmdetect_by_danny_quist_source_exe.html
XEN: 'XEN architecture
overview'
http://wiki.xensource.com/xenwiki/XenArchitecture?action=AttachFile&do=get&target=Xen+Architecture_Q1+2008.pdf
"Owning Xen in Vegas!" (Blog entry from Joanna
Rutkowska):
http://theinvisiblethings.blogspot.com/2008/07/0wning-xen-in-vegas.html
XENON:
John McDermott presentation on Xenon at Xen Summit
2007:
'http://www.xen.org/files/xensummit_4/XenSummitSpring07_McDermott.pdf'
Video and presentation slides of John McDermott's talk
on Xenon at Xen Summit
2008:
http://www.xen.org/xensummit/xensummit_summer_2008.html
'Re-engineering Xen internals for higher-assurance
security' (Paper on Xenon):
http://www.gcn.com/newspics/XenInternals.pdf
VIRTUALIZATION SECURITY RESEARCH:
"Bridging the Gap between Software and Hardware
Techniques for I/O Virtualization" (USENIX refereed
paper):
http://www.usenix.org/events/usenix08/tech/santos.html
"Protection Strategies for Direct Access to Virtualized
I/O Devices" (USENIX refereed
paper)
http://www.usenix.org/events/usenix08/tech/willmann.html
DMZ ISSUES
CIO magazine: "Virtual Servers in the DMZ Pose Security
Risks"
http://www.cio.com/article/382113/Virtual_Servers_in_the_DMZ_Pose_Security_Risks
'DMZ Virtualization with VMware
Infrastructure' (VMWare white paper)
http://www.vmware.com/resources/techresources/1052
'
'
About the Author
Joab Jackson is the senior technology editor for Government Computer News.