Comments on: Virtualizations

By: sal-e

sal-e — Sun, 06 Jul 2008 14:45:29 +0000

The VMs are welcome technology. I have several non persistent VMs. I use them to test new software before I install it on my PCs. Especially software downloaded from the Internet. I have also VM for my personal tasks in order to protect my corporate network. But as PDP says I am a geek. Most of the end-users have tough time understanding the VM technology. Some of them have really tough time understanding the Terminal Connections (as RDP and VNC). One promising development is that you can run VM on the background. The application appears as normal windows on your desktop, but in fact is running in the ’sand box’. But it is up to me as admin to set it up for the user. And again the user remains the weakest link. If he/she is not trained and understand the security nothing will work. We can try to fix the technology, but we can’t fix the users. We only can show them how, and hope that they are willing to learn. And my personal experience is not very promising. There are whole generation of early computer adopters that have the arrogance to think that they know everything about the computers and they just keep arguing with me. Those type of users are the biggest problem right now.

By: F0rg3

F0rg3 — Fri, 27 Jun 2008 08:22:59 +0000

There is no silver bullet for Security.It all boils down to profit. it takes money to do research and if the research cannot be used to make money or save lives, then it is wasted. Virtualisation is a welcomed technology. It can allow me run one Os and emulate another. say for example, running openbsd and emulating windows so, so its good only depends on how you make use of it. big up to those making it happen and are leading the way and I follow the path of enlightment.

By: TheChaosInside

TheChaosInside — Thu, 26 Jun 2008 11:22:15 +0000

There are methods to stop usb drives mem sticks and discs being used within any operating system. eg disable mounting of external drives, group policy config in windows.

In my opinion (feel free to criticise this) the best thing they could do would be to:

Restrict the one for browsing the Internet down to literally just browsing the internet, any files can be transferred through webmail based clients through the organisations (antivirus) email, (yes you have added one extra step but if you set your mail server up correctly this should not be too much of an issue.)

This could then be picked up (after already having been scanned for viruses) via your organisations email client on the system where the files are stored.

In most environments that are managed, the end user would not typically be allowed to download any executable files anyway,

You may set up a network share point that disallows execute commands and can only be written to by logging in as an upload/download user which does not correspond to anything else on employees computers (ie no autologin to network shares with credentials stored on employees computer.

Obviously permissions would have to be setup as normal on the servers but functionality in virtualised environments does not have to be annihilated only learned.

If everyone expects windows users to convert to linux and the argument is you’ll get used to it, then why is the attitude not the same when something as important as confidentiality is concerned.

(If only the Office of National Statistics (uk) operated in such a secure way….)

If something is weird for long enough it becomes normal.

By: macubergeek

macubergeek — Fri, 20 Jun 2008 19:48:24 +0000

I don’t believe that security is a prime driver in any decision by organizations. Generally other considerations, including business needs are the decision driver.

By: Greg

Greg — Fri, 20 Jun 2008 11:58:38 +0000

The best idea I have heard for VM is to give corporate Users a VM on their work machine for personal use. Steps could be taken to limit threats while plugged into a managed network.

By: Bob McArdle

Bob McArdle — Fri, 20 Jun 2008 09:48:37 +0000

Unfortunately its normally a case that

Usability∝1/Security

It easy to make a perfectly secure system. As long as there is no way to ever interact with the system in any way, and it was in a secure state at the start - it should remain secure. Problem is its completely useless.

Thats where the challange in all of this security industry lies. People want to know that their machines are secure, but ideally they would not want to ever be bothered by their security solution. As security researchers we can lose track of that.

By: c wilson

c wilson — Thu, 19 Jun 2008 14:54:19 +0000

A refreshing perspective. Sometimes security researchers get so lost in the bits & bytes that they forget about practicality, usability and use profiles. In the rush to further research as well as corporate profits, research sometimes slides into the impractical realm and is overhyped for the sake of hype, getting attention and making money. This is not to say that the research is not interesting or that they should stop, but I think it’s wise to consider the bigger picture sometimes.