Wednesday, 17 December 2008

Virtualisation and security

Virtualisation is not only hard to spell but seems to be the cure for all things that is wrong with any IT-infrastructure. The arguments for virtualisation ranges from everything from saving money to save the planet. As always, security is an issue that is rarely discussed to the surprise of no one.
Now I have to admit the underlying security problem is not really a virtualisation issue, it just becomes clearer when all servers become virtualised. There is a difference of having a hundred different servers in a network or one server that runs a 100 virtualised servers. The first thing that needs to be done is to put an application layer firewall between all users and the applications and then (which is as important as the firewall..) only give granular access to the users. An ordinary firewall will not work as they lack the granularity that is needed. Users should never have access to more information then what they need. With this approach the server is protected from attacks and “browsing” on the server is prohibited..and all access is logged. I also think that it is vital that all communication between the users and the server is encrypted…as I do not trust any network…inside or outside and that the device is checked BEFORE any access is given.

No comments: