Nov 18 2021

How Virtualization Helps Secure Connected Cars

Connected cars create opportunities to deliver enhanced customer experiences. At the same time, they also have the potential to provide high cost and revenue benefits. This is true for connected car companies, OEMs, suppliers and insurers (and much, much more).

However, car companies haven’t really explored the opportunities to monetize customer data adequately. We can probably attribute this to cybersecurity threats and a mad rush to market. But as the industry evolves and accelerates adoption, we must address these concerns now.

According to Allied Market Research, experts forecast the worldwide connected car market to be worth $225.16 billion by 2027. As we strive to achieve continuous connectivity, what’s the best approach to secure it? How do we keep drivers and their data safe from threat actors?

Before we dive into the solution, let’s look at some of the connected car challenges.

What Are the Threats to Connected Car Security?

#CarSecurity #Car Hacking

Tags: #CarSecurity #Car Hacking, Secure Connected Cars

Sep 22 2021

VMware patch bulletin warns: “This needs your immediate attention.”

Category: VirtualizationDISC @ 11:02 am

VMware’s latest security update includes patches for 19 different CVE-numbered vulnerabilities affecting the company’s vCenter Server and Cloud Foundation products.

All of the bugs can be considered serious – they wouldn’t be enumerated in an official security advisory if they weren’t – but VMware has identified one of them, dubbed CVE-2021-22005, as more critical than the rest.

Indeed, VMware’s official FAQ for Security Advisory VMSA-2021-0020 urges that:

The ramifications of this vulnerability are serious and it is a matter of time – likely minutes after the disclosure – before working exploits are publicly available.

In particular, the company explains:

The most urgent [patch] addresses CVE-2021-22005, a file upload vulnerability that can be used to execute commands and software on the vCenter Server Appliance. This vulnerability can be used by anyone who can reach vCenter Server over the network to gain access, regardless of the configuration settings of vCenter Server.

VMware unabashedly says that “this needs your immediate attention,”, and we think it’s a good thing to see a software vendor talking about cybersecurity response in plain English instead of mincing its words.

VMware vSphere and Virtual Infrastructure Security

Tags: VMware

Sep 28 2020

Thin clients from a security perspective

Category: Security playbook,VirtualizationDISC @ 1:58 pm

The mass transition to working from home clearly shows the best technologies for a secure and convenient remote environment.

Users receive the maximum security benefits by connecting to virtual desktops from thin clients.

A thin client is a terminal-mode device. It often doesn’t even have any internal storage, being just a box that connects to a server and lets users connect a monitor and peripheral devices (configuration may vary depending on the specific model). The thin client does not process or store any work data.

Of course, a thin client requires a good communications channel. In recent years, however, that’s not much of a hurdle.

Communication between a thin client and a server is usually conducted over an encrypted protocol, solving the problem of the unreliable network environment.

Source: Thin clients from a security perspective

2020 Security Playbook

1) Data discovery
2) Compartmented Data Access
3) Move to thin client
4) Increase focus on AAA

DISC InfoSec 🔒 securing the business 🔒 via latest InfoSec titles

Subscribe to DISC InfoSec blog by Email

👉 Download a Virtual CISO (#vCISO) and Security Advisory Fact Sheet & Cybersecurity Cheat Sheet

Download a Security Risk Assessment Steps paper!

Tags: Security playbook, Thin Client, Thin Client PC

Jun 04 2009

Virtualization and compliance

Category: Cloud computing,VirtualizationDISC @ 1:04 am

Virtualization madness
Image by lodev via Flickr

The core technology utilized in the cloud computing is virtualization. Some organization may not want to jump into cloud computing because of inherent risks can take a shot at virtualization in their data centers. Virtualization can be utilized to reduce hardware cost and utility cost. Organization that might have 100 servers can consolidate into 10, where each physical machine will support 10 virtual systems will not only reduce the size of data center, but also hardware cost, and huge utility bill savings.

Virtualization was being utilized to increase efficiency and cost saving, which is now turning into centralized management initiative for many organizations. In centralized management patches, viruses and spam filter and new policies can be pushed to end points from central management console. Policies can be utilized to impose lock out period, USB filtering and initiate backup routines, where policies can take effect immediately or next time when user check in with the server.

The way virtualization works is OS sits on an open source hypervisor which provides 100% hardware abstractions where drivers become irrelevant. With OS image backed up at management console, which allows virtualization technology a seamless failover and high availability for desktop and servers.

As I mentioned earlier, virtualization allows enforcing of policies on end points (desktops). As we know compliance drive security agenda. If these policies are granular enough which can be map to existing regulations and standards (SOX, PCI and HIPAA) then virtualization solution can be utilized to implement compliance controls to endpoints. It is quite alright if the mapping is not 100% that is where the compensating controls come into play. The compliance to these various regulations and standards is not a onetime process. As a matter of fact standard and regulation change over time due to different threats and requirements. True security requires nonstop assessment, remediation’s and policy changes as needed.

Reblog this post [with Zemanta]

Tags: Cloud computing, Data center, Health Insurance Portability and Accountability Act, hipaa, Hypervisor, Open source, PCI, Security, sox, Virtualization