Virtualization & SecurityConfrariaSecurity&IT, April 2009<br />Bruno Morisson, CISSP<br />Information Security Professiona...
60%<br />
~# wget http://dilbert.com/<br />
~# whatis Virtualization<br />a broad term that refers to the abstraction of computer resources<br />
~# echo security+virtualization | bc<br />SecurityVirtualization<br />VirtualizationSecurity<br />SecurityThroughVirtualiz...
~# cat paradigm<br />Operating System<br />App A<br />App X<br />User H<br />User W<br />Virtualization Layer (HyperVisor/...
~# shift paradigm<br />Operating System A<br />Operating System B<br />Operating System Z<br />App A<br />App K<br />App D...
~# headrisks<br />No physicalseparation;<br />SeparationofDutiescompromised;<br />ConfientialityandIntegrity ?<br />Compli...
~# head benefits<br />Availability;<br />Isolation of Users and Applications;<br />Incident Recovery;<br />Malware/Virus a...
Securing a virtual system is not the same as securing a physical one. New threats, new vulnerabilities, new risks.<br />~#...
~# finger morisson@genhex.org<br />Q&A<br />Bruno Morisson<br />morisson@genhex.org<br />http://genhex.org/~mori/<br />htt...
Upcoming SlideShare
Loading in …5
×

Virtualization & Security

604 views

Published on

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
604
On SlideShare
0
From Embeds
0
Number of Embeds
15
Actions
Shares
0
Downloads
0
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Virtualization & Security

  1. 1. Virtualization & SecurityConfrariaSecurity&IT, April 2009<br />Bruno Morisson, CISSP<br />Information Security Professional<br />morisson@genhex.org<br />http://genhex.org/~mori/<br />
  2. 2. 60%<br />
  3. 3. ~# wget http://dilbert.com/<br />
  4. 4. ~# whatis Virtualization<br />a broad term that refers to the abstraction of computer resources<br />
  5. 5. ~# echo security+virtualization | bc<br />SecurityVirtualization<br />VirtualizationSecurity<br />SecurityThroughVirtualization<br />
  6. 6. ~# cat paradigm<br />Operating System<br />App A<br />App X<br />User H<br />User W<br />Virtualization Layer (HyperVisor/VMM)<br />Hardware<br />
  7. 7. ~# shift paradigm<br />Operating System A<br />Operating System B<br />Operating System Z<br />App A<br />App K<br />App D<br />User W<br />User V<br />User Y<br />Virtualization Layer<br />Hardware<br />
  8. 8. ~# headrisks<br />No physicalseparation;<br />SeparationofDutiescompromised;<br />ConfientialityandIntegrity ?<br />Compliance?<br />
  9. 9. ~# head benefits<br />Availability;<br />Isolation of Users and Applications;<br />Incident Recovery;<br />Malware/Virus analysis;<br />Forensics;<br />
  10. 10. Securing a virtual system is not the same as securing a physical one. New threats, new vulnerabilities, new risks.<br />~# tail virtualization<br />Virtualization is not panacea;<br />We can benefit from virtualization, if we implement it after being well thought. <br />
  11. 11. ~# finger morisson@genhex.org<br />Q&A<br />Bruno Morisson<br />morisson@genhex.org<br />http://genhex.org/~mori/<br />http://www.linkedin.com/in/morisson<br />

×