Sister CISA CISSP

Jan 11 2010   12:06AM GMT

Stealing VMWare Data Made “Easy”



Posted by: Arian Eigen Heald
Tags:
Admins and Auditors
data security
information security
virtual

I came across an article on a sister TechTarget site for VMWARE. Its’ title immediately got my attention:
How to steal a virtual machine and its data in 3 easy steps by By Eric Siebert, who has a vmware site of his own and has authored at least one book on VMware.

I have to sing his praises because this article lays it all out in a very coherent package, and is something every admin and auditor ought to think about when it comes to virtual servers. He makes the excellent point that it’s much easier to steal virtual data – and making a copy of virtual image is not logged by console. So a savvy engineer could walk home with data in his pocket. It’s a very educational read. Not to mention a little scary to think about.

My only (VERY) minor issue is that he seems to think that the image w/data will fit on a USB drive – Gee Eric, how big is that USB drive you’ve got? Mine only go up to 16 megabytes!

I’ve been wondering for awhile now about virtual machines. Most bad people try to get in through the hypervisor, which is the remote attack. Why do that when you can just copy the data from the inside?

2  Comments on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Eric Siebert
    Glad you enjoyed the article, mines only 16GB also but 32GB's are getting cheap. Those small little USB 250GB+ USB hard drives are also pretty cheap these days, you can easily fit one of those in your back pocket ;-)
    1,215 pointsBadges:
    report
  • PassingBy
    The copy of vmware data files would indeed leave a trail in host vmware logs (although obviously not in the VM's OS logs).
    You probably meant you have a 16-GB thumb drive.  There are 256-GB thumb drives available, a size large enough to capture most drives attached to the enterprise servers I have ever supported.  Obviously, you're not going to take home the 12-TB network share, but you could easily take the VM's OS disk and probably any application disk images that are associated with it.
    10 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: