Sunday, October 5, 2014

How to steal a virtual machine and its data

Remember the email server or payroll system that you virtualized?

Someone with administrator access to your virtual environment could easily swipe it and all the data without anybody knowing.

Stealing a physical server out of a data center is very difficult and is sure to be noticed, stealing a virtual machine (VM), however, can be done from anywhere on your network, and someone could easily walk out with it on a flash drive in their pocket.

Because a virtual machine is encapsulated into a single virtual disk file that resides on a host server it is not all that difficult for someone with access to make a copy of that disk file and access any of the data on it.

This is a simple thing to do:
There are two ways one could access the virtual disk (.vmdk) file of a virtual machine. The first would be using the ESX Service Console. If someone knew the root password or had a user account on the host, they could gain access to the VMFS volumes that contain the virtual machine files and use copy tools like Secure Copy, or SCP, to copy files from it. The second is using the vSphere/VMware Infrastructure Client, which contains a built-in datastore browser.
How to protect against it?
Limit the physical, network and users access to the ESX and the VC.
Protect the passwords.
Monitor AAA (authentication, authorization and accounting)
VMWARE security Best practices and recommendations:

No comments:

Post a Comment