I hope my friends in the US had a nice long weekend. Hard to believe July 4th has come and gone...
While boogeyboarding the other evening I got to thinking about my time at Catalyst and the presentations I went to and what it meant. The sound byte I kept coming back to was - What isn't being virtualized?
Servers, desktops, and firewalls are all on a path of being virtualized at most companies. Some faster than others. What I keep wondering about is the security in all of this virtualizing and had a few thoughts/questions:
1. Is a VM akin to a VLAN - get into one and you get the keys to the kingdom?
2. Why would a company want to virtualize Windows? The same problems exists with malware, viruses, etc. and the inherent security issues.
3. Are virtual firewalls an answer or just the next new (virtualized) thing?
If I think about it, here is what I come up with:
Virtualization can create a more porous environment that breaches can exploit far easier and most likely faster.
It is the equivalent of checking into a brand new hotel and because the processes that have been in place at other properties have not been followed to excruciating discipline in a rush to open, capture excitement, etc. new holes exist, and we get a master key vs. a room key as a metaphoric example.
Why not virtualize a desktop on Linux. With close to 1,000,000 exploits out there for Windows, and only a handful for Linux - why not push Ubuntu out to a desktop and have the control you want and take 999,999,990 threats off the table at the OS?
Add a firewall (I played around with Vyatta and was impressed), and that will help, take a virtual firewall and put it in between VMs, apps, etc. and you may be on your way to taking the best practices we know and love to the virtualized world.