Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase

Virtual Security Expand / Collapse
Author
Message
Posted Sunday, August 21, 2011 9:05 PM


SSC-Dedicated

SSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-Dedicated

Group: Administrators
Last Login: Yesterday @ 3:49 PM
Points: 31,161, Visits: 15,607
Comments posted to this topic are about the item Virtual Security






Follow me on Twitter: @way0utwest

Forum Etiquette: How to post data/code on a forum to get the best help
Post #1163086
Posted Monday, August 22, 2011 7:28 AM


Old Hand

Old HandOld HandOld HandOld HandOld HandOld HandOld HandOld Hand

Group: General Forum Members
Last Login: Tuesday, September 2, 2014 12:18 PM
Points: 350, Visits: 259
First:
I really enjoy your editorials and I read as much and as often as I can.
I’m a developer, but I unofficially serve as my group’s DBA – like many people we have DBAs who handle backups, and not much else.


Second:
About your writing in the first paragraph this morning.
Great topic, great idea. Overall you write better than I do, don’t let little mistakes give a bad impression. Sometimes it sounds ESL – which I’m sure is due to transcription errors.

First paragraph from your email at 12:49 AM Eastern:
"I have a few friends that are working *1 virtualize almost their entire computer infrastructures. They work in large and small companies, but there is a constant push to avoid the bare metal installation of any operating system onto physical hardware, making every Windows or Unix machine a virtual machine on top of a hypervisor. I was surprised to hear that companies were being to *2 aggressive, but the cost benefits can be huge, and when virtualization is done in a smart way, performance doesn't suffer."

I assume that:
*1 = "to"
and
*2 should have been "so" instead of "to" (or perhaps "too")

Thanks again for the great content and keep up the great work!
Post #1163279
Posted Monday, August 22, 2011 8:16 AM
Mr or Mrs. 500

Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500

Group: General Forum Members
Last Login: 2 days ago @ 2:21 PM
Points: 510, Visits: 546
I'm not a virtualization or security expert, but I'm a little confused over why this was/is an issue. If someone has access to the vCenter app, sure they can open the console of a VM running in the environment, but without the Windows login credentials they wouldn't be able to get very far into the system.

And even if they had Windows credentials, they could still be locked out of SQL Server itself.

I'm not saying someone with that level of access couldn't do harm. They could shut down the VM or do irreparable damage to the file system. But, I don't see how could get to the data, especially if the backups are encrypted too.



Post #1163314
Posted Monday, August 22, 2011 9:20 AM


SSC-Dedicated

SSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-Dedicated

Group: Administrators
Last Login: Yesterday @ 3:49 PM
Points: 31,161, Visits: 15,607
There are actually some exploits that can access the virtual machine's memory or disk if they have access to the physical hardware. vMotion, or similar technologies that allow a virtual machine to move to a different physical one means that you have to be careful.

The publication of the exploits, and scripts, mean that you don't necessarily have to be a genius to take advantage of these items.







Follow me on Twitter: @way0utwest

Forum Etiquette: How to post data/code on a forum to get the best help
Post #1163369
Posted Monday, August 22, 2011 9:21 AM


SSC-Dedicated

SSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-Dedicated

Group: Administrators
Last Login: Yesterday @ 3:49 PM
Points: 31,161, Visits: 15,607
chris.compton-977504 (8/22/2011)
First:
I really enjoy your editorials and I read as much and as often as I can.
I’m a developer, but I unofficially serve as my group’s DBA – like many people we have DBAs who handle backups, and not much else.


Second:
About your writing in the first paragraph this morning.
Great topic, great idea. Overall you write better than I do, don’t let little mistakes give a bad impression. Sometimes it sounds ESL – which I’m sure is due to transcription errors.


Thanks for the note. The review/proof of the work sometimes gets shortchanged at times. Corrections have been made.







Follow me on Twitter: @way0utwest

Forum Etiquette: How to post data/code on a forum to get the best help
Post #1163371
« Prev Topic | Next Topic »

Add to briefcase

Permissions Expand / Collapse