GNESS

Network/Virtualization Security: Weird Scenes Inside the Gold Mine

Timmy: I have a 5 year old so let me give it a shot. With virtualization applications and operating systems are no longer coupled with hardware... they can move around from server to server, etc With mere mouse clicks). That enables a tremendous amount of flexibility, which enables substantial cost savings... because enterprises won't have to purchase more hardware (and space, electricity) than they need and they can make changes more easily.

As enterprises move to these virtual data centers, their network hardware will have to adapt to this new, fluid world of change. Many of these network security solutions require custom hardware, so it may be difficult with them to keep up or be positioned in the right place to deliver equivalent protection.

Securing a "fabric" of servers that can all communicate with each other (where the biggest savings of virtualization will be) is very different from inspecting traffic running between a dedicated pool of servers and the network or another pool.

Netsec hardware vendors will not only have to tackle the problem of larger traffic spikes across a wider and more fluid environment, but will also have to keep up with heightened change. Those that require manual tuning/management will keep security pros even busier merely managing change.

Then there is the question of where these devices will be inserted in the data center in order to be effective. Can VMs communicate with each other (be compromised) without a security appliance even knowing? Could copies of compromised servers then be made and moved for malicious purposes, behind or around security measures?

VMW has introduced some dramatic new capabilities for managing data centers. If the security solutions can adapt and the security pros understand the security differences between the physical data center world and virtual, data center security will be improved by virtualization. Network security pros will enjoy many of the same benefits as the server ops teams (enhanced flexibility and performance). This depends on security solutions ability to be re-architected for these new demands and the success of some hot private companies in the virtsec space.

I think I exceeded the vocab and comprehension of a typical 4 year old... but then I sensed that you were actually much older. SO I hope this explanation helps. You can get more info at archimedius.net.

Thanks,
Greg