By: Mark Gaydos
I was reading “VMware’s ESX Hardening Guideline Falls Far Short of ‘Secure'” by Edward L. Haletky in which he describes how the VMware Hardening Guideline falls short of creating a completely secure virtual environment. The thing that struck me is that many administrators are just trying to “walk” before they “run” when it comes to security around virtualization.
Having a hardening guideline from VMware is a big step in the right direction. Having an automated tool like Tripwire’s ConfigCheck makes implementing that guideline enormously easier. And if a company has already taken these basic steps to follow the guideline then I’m sure Edward’s comments make a great deal of sense…. one can always be improving one’s security.
However, I really think most VM administrators are “learning to fly” when it comes to virtualization security and may not be quite ready to “soar with the eagles” like Edward. I could be wrong but based on the fact that over 27,000 people have come to the Tripwire ConfigCheck site, I think a lot of people are just getting their shoes on to start “walking” before they even try to start “running” when it comes to virtualization security.
By the way, many people have asked when Tripwire ConfigCheck will support VMware 3.0.X and the answer is soon. We expect to have it out in the next few weeks. Stay tuned……