Friday, July 13, 2007

Members Only: VM Security

If you're not going to Black Hat this year, but you'd still like to hear what Matasano has to say about VM security, attacks, security architecture, and the continuing saga of the $400K rootkit, then look no further. Tom Ptacek and Dave Goldsmith, in conjunction with the Institute for Applied Network Security, gave a webinar on Tuesday that is now online. Members only, I'm afraid, but it's still gotta be cheaper than airfare, hotel, and registration.

I vattended (not a typo, I'm trying to coin a new word for remote spectatorship of things like webinars) their talk on Tuesday and it was quite good. We invited our infrastructure teams even though I was worried they wouldn't get much out of it. But they did. Unlike what I presume Tom and Nate's Black Hat talk will be like, Tom and Dave talked about high-to-medium- level stuff like network blind spots, the risks of access to the host/hypervisor CPU.

Along those same lines, Jeff Mayrand gave a nice preso on VI3 security to Grand Rapids ISSA back in February. Those of you interested in the specifics of network blind spots and VM networking best practices should read Jeff's slide deck. Members only again, but joining the GR-ISSA mailing list is free.

No comments: