March 2011 Archives

I'm just posting a release emailed to me as I haven't found an online version of the release yet. I'm not sure that there are many articles that claim virtualisation was invented recently, particularly as IBM has been selling VM/370 for donkey's years (the clue's in the name), and I assume that the work John Walker is referring to here is the research that spawned VM.

For added merit, check out the "ring-based security" mechanism which sounds suspiciously like the old Multics security system (which features if only vestigially in every 32bit x86 processor):

ISACA expert claims virtualisation dates back to 1960s
London, UK 2nd March 2011 - A leading IT security expert claims that, despite all the media hype, virtualisation is actually not a new technology, and dates all the way back to the 1960s. Professor John Walker, member of the Security Advisory Group of ISACA’s London Chapter and CTO of Secure-Bastion, said that, although it’s not a new technology, it has recently come to the forefront again and offers organizations many benefits to the enterprise IT environment.
Professor Walker, gave an online presentation in which he said that whilst virtualisation's benefits include reduced server sprawl and a quicker build time, there are clear security issues. As with any system, or application configuration, he said, control is vital to security, and its professionals should remember that this security principal applies to the on-line and off-line images alike. IT professionals, he went on to say, should take care to ensure that new builds are tracked, and that, again, as with conventional systems and applications, virtualised environments need to be patched up and fixed. "They also suffer from vulnerabilities," he told his audience.
Professor Walker also detailed his "ring security strategy", which defines the virtual environment as the operating system block and three rings: ring 0, ring 1-2 and user applications.
Despite the potential security headaches associated with virtual networks, Professor Walker said that VLANs have become a great security enabler for the enterprise and that VM environments are ideal platforms for IT testing.
VM systems are also ideal tools for the mobile security tester, he went on to say, adding that this is because they support the running of multiple operating systems, multiple applications and multiple tools. "And if you break it, you just recopy the image," he explained. The cloud, however, changes a number of things. Professor Walker said that the advent of cloud computing has seen¾and will continue to see¾the use of virtualisation advance. The question is, he added, are VM applications getting too expensive?

I have one question: why? Why is this news? Who thought sending this out was even approaching a good idea?