eRacks Open Source Systems Blog

Making the world safe for Open Source

eRacks Open Source Systems new website design

eRacks new website is officially live and fully functional! We completely redesigned the old website. We’ve added a ton of new products, including a custom line of high end gaming laptops.

 

Fremont, CA (PRWEB) January 14, 2013

Have  a look at our Product Lines:
Product Showroom

About eRacks

eRacks strives to return the control of the IT department back to the business owner, by providing quality open source enterprise-level applications on easily-upgradable industry-standard hardware. eRacks believes businesses should not be required to rely on third-party closed-source software vendors

For More Information contact eRacks at info@eracks.com or visit http://www.eracks.com

Dennis
eRacks

January 14th, 2013

Posted In: Laptop cookbooks, News, Open Source

Tags: , , ,

Leave a Comment

A secure environment is absolutely crucial for a virtualization server connected to the Internet. If the host is compromised, all its virtual machines are at risk and their services will be affected.


eRacks virtualization experts have put together a useful list of security considerations for virtualization migration planners. TIP #1. Use an open source virtualizer if possible. Open source software vulnerabilities are documented clearly, are well-known, and fixed quickly.
Proprietary-software bugs usually take longer to get fixed, and are even sold on black markets for illicit hacking. In fact, there are documented cases of closed source software companies purchasing security hole information of their own applications. Open source software vulnerabilities have less value on the black market, because of their shorter shelf-life.
TIP #2. Use open source guests wherever possible. New drivers for open source applications improve security as well as performance. Open source guests are more cooperative with the host, leaving less room for attack. Windows is inherently less secure, since a – it is closed source and updated less frequently. b – widely used and thus a big target. c – statistically has more severe vulnerabilities than open source OSes which take longer to fix.
TIP #3. Minimize the host footprint, making less surface area available for hackers. A small target is harder to hit than a large one. eRacks typically recommends KVM because of its small footprint, simple design, and ease of use.
The virtualization host provides services in the form of ports and packages, which should only include those required by the VMs. An effective security plan should minimize the number of open ports, narrowing the possibilities of illicit entry.
TIP #5. Use an external physical firewall. It is also possible to use a virtualized firewall, running as a guest, but it can only protect the downstream systems, and not the host. A virtualized IP-less bridging firewall is also possible but it is more difficult to implement, and still doesn’t protect the host. The safest solution is an external firewall, such as the eRacks/TWINGUARD, a redundant 1U system, with failover, running a very secure OpenBSD.
TIP #6. Assess your security level, including regular port scans (Nmap), and OS fingerprinting, keeping track of any changes. A hardened system will not give out versions of running services, otherwise it would be too easy to know exactly where the vulnerabilities lie. eRacks can give you a head start by building, installing, and configuring your system for you. Your physical host server can be configured with your choice of a virtualization host, including the freely available version of VMWare or Linux-native KVM (Kernel-based Virtual Machine), as well as a large number of possible virtual operating systems and applications, including web, DNS, email, proxy and other infrastructure services.
virtualizer description complexity level of open source
KVM built into the kernel, uses the standard Linux scheduler, memory management and other services simple, non-intrusive, very stable, easy to administrate –
KVM hypervisor about 10-12K lines of code (2007)
released under the GNU GPL
free
Xen external hypervisor, supports both paravirtualization and full virtualization, has its own scheduler, memory manager, timer handling, and machine initialization. specially modified kernel – has 10x more lines of code as KVM => raises the vulnerability level released under the GNU GPL
free
VMware fully virtualizes using software techniques only, very good performance, stability. very large and complex; more than 10x lines of code of Xen proprietary,
player open (teaser-ware),
fees

July 9th, 2008

Posted In: News, security, virtualization

Tags: , , , , ,

Leave a Comment