Center for Internet Security and Configuresoft to Unveil First CIS Virtual Machine Security Guidelines at VMworld 2007.Will Broaden Consensus for VMware ESX See VMware. Server-Specific Security Guidelines with VMworld Attendee Input COLORADO SPRINGS Colorado Springs, city (1990 pop. 281,140), seat of El Paso co., central Colo., on Monument and Fountain creeks, at the foot of Pikes Peak; inc. 1886. It is a year-round resort and a booming military, technological, and commercial city. , Colo. -- The Center for Internet Security ''This article or section is being rewritten at Internet security is the process of protecting data and privacy of devices connected to internet from information robbery, hacking, malware infection and unwanted software. (CIS Cis (sĭs), same as Kish (1.) (1) (CompuServe Information Service) See CompuServe. (2) (Card Information S ) and systems management technology innovator Configuresoft, Inc., today announced availability of the first Virtual Machine Security Guidelines. In addition, CIS and Configuresoft will unveil a draft of the upcoming VMware ESX Server VMware ESX Server is an enterprise-level virtualization product offered by VMware, Inc., a division of EMC Corporation. ESX Server is a component of VMware's larger offering, Virtual Infrastructure, which adds management and reliability services to the core server product. Benchmark at the 2007 VMworld conference in order to solicit input from attendees. VMworld 2007 will be held at the Moscone Center The Moscone Center is San Francisco, California's largest convention and exhibition complex. The complex consists of two main underground halls underneath Yerba Buena Gardens, Moscone North and Moscone South, as well the three-level Moscone West exhibition hall across 4th Street. in San Francisco, Calif. from September 11 - 13, 2007. In February, 2007, CIS and Configuresoft developed a benchmark working group and, with input from more than 200 virtualization An umbrella term for enhancing a computer's ability to do work. Following are the ways virtualization is used. Hardware Virtualization Partitioning the computer's memory into separate and isolated "virtual machines" simulates multiple machines within one physical computer. and security experts from the commercial market and federal organizations, created the industry's first virtual machine security benchmark. CIS benchmarks and guidelines are unique in the industry in that they are created via broad consensus. This benchmark extends and enhances the hardening guidelines offered by the manufacturers by consolidating the expert opinion of the world's leading security experts. Now, CIS is offering interested parties the opportunity to join the consensus process for its forthcoming benchmark which will provide further guidance for organizations as they secure their virtual systems deployed on VMware's ESX servers. VMworld attendees can sign up to participate at Configuresoft's booth #1120 and immediately share ideas and feedback. As adoption of virtualization increases, analysts foresee security issues on the horizon. According to recent Gartner research 1 "Many organizations mistakenly assume that their approach for securing VMs (Virtual Machines) will be the same as securing any operating system (OS) and thus plan to apply their existing configuration guidelines and standards." The report also states, "Through 2009, 60% of production VMs will be less secure than their physical counterparts." "While there are many benefits for data center virtualization, careful attention must be paid to the potential of new security threats born out of the additional complexity produced by virtualization," said Bert Miuccio, Vice President, The Center for Internet Security. "With input from so many leaders and experts - as well as the broad consensus we will build as a result of VMworld - we are confident that the final versions of both important benchmarks will provide a solid roadmap for organizations as they secure their virtual environments." In addition to the general benchmark and the VMware ESX-specific benchmark, CIS plans to create benchmarks for additional virtualization platforms including Microsoft's Virtual Server and Xen Virtual Machine. Each guide will provide detailed instructions and recommendations that include the precise settings for each system and particular advice on tuning systems to meet the guidelines developed by the consortium. CIS guidance is also available at www.cisecurity.org. "It's only a matter of time before organizations that do not correctly configure the increased number of settings in their virtual environments become the victims of security breaches or other security incidents," said Chris Farrow farrow see farrowing. , director, Center for Policy & Compliance for Configuresoft and co-chair of the benchmark. "It was evident to us through customer feedback and industry commentary, that a benchmark specific to virtualization security was needed. Through collaboration with CIS and the broad team of contributors, organizations will now have a rapid path for securely adopting virtualization." About the Center for Internet Security (CIS) CIS is a non-profit enterprise whose mission is to help organizations reduce the risk of business and e-commerce disruptions resulting from inadequate technical security controls. CIS members develop and encourage the widespread use of security configuration benchmarks through a global consensus process involving participants from the public and private sectors. For additional information, please visit www.cisecurity.org About Configuresoft Configuresoft is an innovator in systems management technology, delivering the enterprise Configuration Intelligence[TM] to effectively and efficiently manage today's heterogeneous computing infrastructures. Spanning both security and operations, the Company's configuration management, compliance and remediation products are used by 13 of the world's 25 largest companies to keep their critical systems properly configured, while ensuring compliance with regulatory requirements such as Sarbanes-Oxley, FISMA FISMA Federal Information Security Management Act of 2002 FISMA Federal Information System Management Act , GLBA GLBA Gramm-Leach-Bliley Act of 1999 (Financial Modernization Act of 1999) GLBA Gay and Lesbian Business Association GLBA Great Lakes Booksellers Association GLBA Glacier Bay National Park and Preserve , Basel II, HIPAA (Health Insurance Portability & Accountability Act of 1996, Public Law 104-191) Also known as the "Kennedy-Kassebaum Act," this U.S. law protects employees' health insurance coverage when they change or lose their jobs (Title I) and provides standards for patient health, and DISA 1. (body) DISA - Defense Information Systems Agency. 2. (standard) DISA - Data Interchange Standards Association. , and industry standards such as ISO (1) See ISO speed. (2) (International Organization for Standardization, Geneva, Switzerland, www.iso.ch) An organization that sets international standards, founded in 1946. The U.S. member body is ANSI. 27001, PCI DSS and Microsoft Security Hardening Guides. To contact Configuresoft, please call (888) U-CONFIG or visit www.configuresoft.com. 1. Gartner, Inc., "Security Considerations and Best Practices for Securing Virtual Machines" by Neil MacDonald, March 6, 2007. |
|
|||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion