Jan 11 2010   12:06AM GMT

Stealing VMWare Data Made “Easy”

Arian Eigen Heald Arian Eigen Heald Profile: Arian Eigen Heald

I came across an article on a sister TechTarget site for VMWARE. Its’ title immediately got my attention:
How to steal a virtual machine and its data in 3 easy steps by By Eric Siebert, who has a vmware site of his own and has authored at least one book on VMware.

I have to sing his praises because this article lays it all out in a very coherent package, and is something every admin and auditor ought to think about when it comes to virtual servers. He makes the excellent point that it’s much easier to steal virtual data – and making a copy of virtual image is not logged by console. So a savvy engineer could walk home with data in his pocket. It’s a very educational read. Not to mention a little scary to think about.

My only (VERY) minor issue is that he seems to think that the image w/data will fit on a USB drive – Gee Eric, how big is that USB drive you’ve got? Mine only go up to 16 megabytes!

I’ve been wondering for awhile now about virtual machines. Most bad people try to get in through the hypervisor, which is the remote attack. Why do that when you can just copy the data from the inside?

2  Comments on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.
  • Eric Siebert
    Glad you enjoyed the article, mines only 16GB also but 32GB's are getting cheap. Those small little USB 250GB+ USB hard drives are also pretty cheap these days, you can easily fit one of those in your back pocket ;-)
    1,835 pointsBadges:
  • PassingBy
    The copy of vmware data files would indeed leave a trail in host vmware logs (although obviously not in the VM's OS logs).
    You probably meant you have a 16-GB thumb drive.  There are 256-GB thumb drives available, a size large enough to capture most drives attached to the enterprise servers I have ever supported.  Obviously, you're not going to take home the 12-TB network share, but you could easily take the VM's OS disk and probably any application disk images that are associated with it.
    10 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: