What is your e-mail address?
My e-mail address is:

Do you have a password?
Forgot your password? Click here
close

Close

DOD: Can virtualization make security more manageable?

Officials interested in the security benefits offered by virtual network components

Defense Department officials want to know if virtualization technology can make DOD’s networks more secure and easier to manage, according to an information request posted on the Federal Business Opportunities Web site.

Virtualization could make it easier to provision network components and make it possible to isolate risky activities such as browsing Web sites or opening e-mail messages from unknown senders, according to the request posted July 10. Virtualization technology makes it possible to run multiple network components on a single server.

Modern operating systems and many applications in traditional data rooms may be too large to secure effectively, according to DOD.

“It may be that the era of monolithic general-purpose operating systems is nearing its end and could be replaced by a cluster of modules or virtual appliances acting in concert to perform services traditionally supplied by operating systems,” the request states.

DOD officials are also interested in using virtualization to create trusted enclaves of servers to handle sensitive information and operations. The enclaves would be independent of other systems and could be refreshed if security is compromised.

Virtualization may also make it possible to imitate a private-sector program that gives employees a subsidy to buy laptop computers. Employees use the laptops to connect to corporate networks, but virtualization protects networks from any security risks possibly residing on the portable computers, according to DOD.

Responses are due July 20.

About the Author

Doug Beizer is a staff writer for Federal Computer Week.

Reader comments

Thu, Jul 16, 2009 InfoSec Specialist Washington, DC

Virtualization is another case of a company developing a new product without taking security into consideration and touting it as the greatest thing since holes in swiss cheese. Sure regular operations can be made easier, but security operations are not automatically made easier, and in some cases for some federal agencies it can make security worse.

Thu, Jul 16, 2009

Virtualization can make configuration management of systems easier (which can be a security benefit), but the systems themselves are not more secure. But there is a major risk introduced with virtualization - all virtualized systems are functionally zombies that come to life when instantiated. Many schemes and systems are being introduced to help mitigate new risks associated with the zombie nature of virtual images, but the issue remains that old images cannot be scanned or otherwise tested until instantiated greatly complicating security maintenance. Virtualization has the benefit of making deployment of a new server or desktop using a previously configured image a matter of a couple of keystrokes. The risk is that existing images could be missing critical patch and configuration changes. The whole point of using virtualized servers is that old images are trusted. A new system being brought up using conventional configuration practices is reviewed before being put on line.

Thu, Jul 16, 2009 Dr.Bob Hacker CenTex

Virtualization is renaming: hypervisor instead of operating system. It is like the old design for early airplanes that had up to 3 or more wings. Complexity causes problems instead of solving them. Complexity certainly adds to security risks! It is a 'salesman's logic'!

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Your Name:(optional)
Your Email:(optional)
Your Location:(optional)
Comment:
Please type the letters/numbers you see above

eSeminar

  • Where Cyberwarfare and Cybersecurity Meet

    We invite you to attend the third event in this three-part series on Cybersecurity. 1105 Government Information Group will present a panel of government and cybersecurity experts including Gregory T. Garcia, the nation's first presidentially-appointed Assistant Secretary for CyberSecurity and Communications with the U.S. Department of Homeland Security, 2006-2008; and Jeffrey Carr, cyber strategies consultant and author of Inside Cyber Warfare, in this editorial webcast on Tuesday, April 13 at 11 a.m., where they will discuss the cyberwarfare threat to both industry and government, as well as strategies to consolidate the wider cybersecurity mission. Read more

Federal Computer Week eNewsletters

  • Subscribe to Newsletters Subscribe

    Federal Computer Week's eNewsletters deliver the latest policy and management news to your inbox.

Highlights from the current issue