Justin Morehouse and Tony Flick's presentation, "Stealing Guests...theVMware Way," detailed the attack and included an easy-to-use tool that would allow an unauthenticated attacker to download any guest virtual machine from an affected system. Even without the tool, the attack was simple enough to carry out with a Web browser -- throw in a quick search with Shodan, and well, you know what they say about "idle hands."
Still feeling insecure about choosing to virtualize your servers? You're not alone. According to the CDW's "Server Virtualization Life Cycle Report: Medium and Large Businesses," 17 percent of IT executives said their most significant barrier to server virtualization was concern about security. Concerns such as these may be one reason why only 37 percent of data and application have been virtualized.
But virtualization efforts are ramping up quickly, according to a Gartner study that predicts approximately 50 percent of x86 architecture server workloads will be virtualized by the end of 2012. The added complexity of virtualization could decrease visibility into network traffic and the data flowing in and out of sensitive servers; it could also create questions as to whether one virtual system compromise will affect other virtual guest systems. Ultimately, the question is: How do you know your data is secure in your virtual environment?
The link for this article located at Dark Reading is no longer available.
