May be easier than you think …

to steal a virtual machine and its data.

Remember the email server or payroll system that you virtualized? Someone with administrator access to your virtual environment could easily swipe it and all the data without anybody knowing. Stealing a physical server out of a data center is very difficult and is sure to be noticed, stealing a virtual machine (VM), however, can be done from anywhere on your network, and someone could easily walk out with it on a flash drive in their pocket.

Virtualization offers many benefits over physical servers, but there are some pitfalls you should be aware of and protect against to avoid losing sensitive data. Because a virtual machine is encapsulated into a single virtual disk file that resides on a virtual host server it is not all that difficult for someone with the appropriate access to make a copy of that disk file and access any of the data on it. This is a fairly simple thing to do, and we will show you how to do it here so you can protect your environment against it.

There are basically two ways one could access the virtual disk (.vmdk) file of a virtual machine. The first would be using the ESX Service Console. If someone knew the root password or had a user account on the host, they could gain access to the VMFS volumes that contain the virtual machine files and use copy tools like Secure Copy, or SCP, to copy files from it. The second is using the vSphere/VMware Infrastructure Client which contains a built-in datastore browser; this is the method we will cover here.

The security key: Understand the unique challenges presented by a virtual environment.

The bottom line is there are multiple layers you need to protect to ensure your data is safe. Protect the data, the application, the operating system and the physical server, and make sure you also protect the virtualization layer. Don’t focus your security efforts in all those other areas and forget one that can compromise them all. Not understanding and addressing the security challenges that are unique to virtual environments can be a costly mistake that you don’t want to make. (Source:

Go to the source and read the rest of this interesting article.

Reblog this post [with Zemanta]

About brvanlanen

Just a thirty-something guy currently hanging it up in the greater Green Bay area. My post-high school educational background is mainly in the Information Technology field. Specifically I have an A.A.S. in Computer Network Systems and a B.S. in Information Systems Security, both from ITT Technical Institute, in addition to A and MCDST certifications. In my free time I enjoy spending time with my family, cooking and sports. My Christian faith is also important to me as a Missouri-Synod Lutheran and all my children attend a Lutheran grade school. When it comes to political leanings I am a conservative first and foremost which you will discover rather quickly. As for sports I am a huge fan of the Green Bay Packers.

Posted on January 22, 2010, in computer network, Cybersecurity, Network Administration, Security, Virtualization and tagged , , , , , , , , . Bookmark the permalink. Comments Off on May be easier than you think ….

Comments are closed.

%d bloggers like this: