Virtual Machines – Rapid Security Tool Deployment

Virtual Machines – Many of you have probably heard of them,
and/or even used them . But for those of you who have not,
here is a brief description.Virtual Machines, or OS Virtualization, allows heterogeneous
operating systems to run simultaneously on the same physical
hardware. In a very basic form, imagine running Windows XP,
Windows 2003 Enterprise Server, and Linux on the same
computer at the same time. Each virtualized operating
system, or environment, has access to disk drives, memory,
video, input devices, and communications devices, all at the
same time, on the same system.Before we conclude this article on how virtualization is
used to rapidly and securely deploy security toolsets, we
will provide you with links to Virtual Machine software you
can work with on a trial bases (or purchase) and at least
one that is free of cost.How We Use Virtual Machines For Various Testing————Although the majority of the work we do is security
assessment, we routinely deploy security measures such as
perimeter defense, or enterprise firewall solutions. Many
times, we are replacing an existing defense system and need
to make sure that when we cut-over to the new system,
everything will function properly. For instance, when
deploying a firewall, or firewall clusters, we can simulate
the cluster design by installed the software into virtual
machines, on one physical system, and test the internal
firewall to firewall communications. Also, prior to
deploying the firewalls, we can create a virtual machine to
represent each network protected by the firewalls and test
connectivity / communication on each network e.g. Internet,
private network, DMZ’s, and other protected nets, all with
just one system (usually a beefy laptop with a good bit of
memory). This method of testing prior to cutting over has
proven invaluable and mitigates the risk of serious problems
that might present themselves.How We Use Virtual Machines In Security Assessments————Each time we perform a security assessment for a customer,
we utilize specialized and proprietary software / tools.
However, once the assessment is completed, and we move on to
the next test or new customer, we need to start with a clean
platform. We never use the same OS install or instance of
tools for different testing phases or different customers.Using Virtualization, we have pre-created many operating
environments such as Windows, Linux, BSD, and Solaris to
name a few, with clean installs and hardened operating
systems. These pre-created, secure environments also contain
all the necessary tools for the type of customer environment
and security assessment we will be working on. By using
Virtual Machines, we can deploy our testing platforms within
minutes, not hours, and feel confident they are secure and
ready to function. In fact, we can carry many of these
ready-to-go operating environments with us when we travel
using high capacity external disk systems. Typically the
size of a regular paperback book.How Else Can Virtual Machines Be Used————The application, use, and benefit of Virtualization is quite
broad. For people at home, or technical people who wish to
learn new operating environments, Virtual Machines can be a
great tool for learning. Instead of purchasing multiple
physical machines to install the operating system and
applications you wish to become educated on, you can
purchase one performance based system, even a laptop, and
use virtualization to run them all at once. They can even be
configured quite easily to communicate with each other.Another “big” benefit in using Virtual Machines, is they can
be configured to more effectively and efficiently utilize
your hardware investment. For instance, instead of
purchasing two mid-range systems to run two different
applications, you could purchase one an use virtualization
to run them side-by-side. In many cases, when using
dedicated systems for just one or two applications, the
hardware is underutilized. Would it be a wise investment if
the server you purchased is only being used at say, “25”
percent of its capacity / capability? Virtualization can
help you maximize the investment you make in performance
based systems, and has the added benefit of server
consolidation.Conclusion————Even if you are just curious about Virtual Machine
technology, it can b a great way to learn many aspects of
computing and network essentials. There are several major
players within the Virtualization industry, such as VMware.
VMware provides commercial Virtualization products, even for
workstation or desktop environments. You can also visit
Xensource, a great open-source (at no cost) Virtual Machine
solution. They have a demo you can download, burn to CD, and
boot from, or you can download the entire product and
install it on a dedicated system.Regardless of the reason you have for looking into
Virtualization, I can tell you that this technology as going
to be a big player in the near future. In fact, processor
manufacturers are even taking steps to create processors
that are Virtual Machine aware.You may reprint or publish this article free of charge as long as
the bylines are included.Original URL (The Web version of the article)————[http://www.defendingthenet.com/NewsLetters/Virtual-Machines]
-Rapid-Deployment-Of-Security-Tools.htm” target=_blank>
Virtual Machines

Download VPN Software

Virtualization, Virtual Machines, Multiple Operating Systems, Secure VM, Assessment VM, VMware, Xens