I came across an article on a sister TechTarget site for VMWARE. Its’ title immediately got my attention:
How to steal a virtual machine and its data in 3 easy steps by By Eric Siebert, who has a vmware site of his own and has authored at least one book on VMware.
I have to sing his praises because this article lays it all out in a very coherent package, and is something every admin and auditor ought to think about when it comes to virtual servers. He makes the excellent point that it’s much easier to steal virtual data – and making a copy of virtual image is not logged by console. So a savvy engineer could walk home with data in his pocket. It’s a very educational read. Not to mention a little scary to think about.
My only (VERY) minor issue is that he seems to think that the image w/data will fit on a USB drive – Gee Eric, how big is that USB drive you’ve got? Mine only go up to 16 megabytes!
I’ve been wondering for awhile now about virtual machines. Most bad people try to get in through the hypervisor, which is the remote attack. Why do that when you can just copy the data from the inside?