Feeds

Cloudy admin? Here's how to ward off Call of Duty-playing teens

Cheeky little rascals

Remote control for virtualized desktops

Palo Alto Network has gone virtual with the latest version of its next-generation firewall, the VM-Series. The tech, launched last week, is designed to protect virtual and cloud environments and comes as part of a wider industry push to market virtual security appliances.

Analysts Infonetics Research says the booming market for virtual security appliances is being driven by the adoption of cloud infrastructure buildouts and server virtualisation, among other factors. It adds that the virtual appliance vendor landscape is a crowded with a mix of established security players, virtualisation platform vendors and specialist vendors - all competing for market share.

"Many of the traditional vendors in the firewall space, including many of Palo Alto's competitors, have virtual appliance solutions already, including Cisco, Check Point, Juniper, and many others," Jeff Wilson, principal analyst for security at Infonetics Research told El Reg. "You can find virtual appliance versions of just about every gateway security product you can imagine (including SSL VPN, web security, mail security, IDS/IPS)."

Chris King, director of product marketing at Palo Alto, said traditional firewalls only look at port and IP address while Palo Alto's looked at the identity of an application before making an access decision.

Traditional firewalls screen for port and protocol but Palo Alto's technology also provides security controls based on application, user and content. Both of the new VM-Series firewalls from Palo Alto offer this capability.

Network traffic between virtual machines may not leave physical machines but workloads are constantly getting transferred between physical machines. That's why different forms of firewall technology are needed to protect virtual and cloud environments.

Virtual security appliances from traditional vendors, according to King, fall short because application like SSH always normally need to be allowed for remote administration. Port 22 would therefore be allowed. But this can be abused.

"Traditional firewall assume traffic on port 22 is SSH and not something tunnelled over SSH," King explained. "So if an administrator sets up a SSH tunnel from his home machine to do back-ups and perform admin tasks you're setting up a node on a data centre network that his son also uses to play Call of Duty."

"If this machine becomes compromised, then it [becomes] a backdoor into virtual server farms," he concluded, adding that Palo Alto's VM-Series technology is capable of blocking this type of attack scenario.

Palo Alto's virtual firewall technology, which integrates with VMware vSphere, screens intra-host data centre applications regardless of port or protocol.

The VM-Series launch is part of Palo Alto's strategy of allowing customers to roll out virtualisation projects without running into security or compliance concerns. The technology allows enterprise to safely enable applications in a virtualised data centre combined with the ability to secure intra-host traffic. The technology is designed for use in both virtualised data centres and private cloud infrastructures.

King said the future of data centres is both physical and virtual firewalls, potentially tied together under the same policy and management framework.

In addition to the VM-Series virtual firewalls, Palo Alto also launched a new, midrange next-generation firewall hardware platform (PA-3000 Series) and a management appliance for centralised control over a network of enterprise firewalls (the M-100 management platform).

The products, already available, are supplemented by the release of a new operating system, PAN-OS 5.0. The new firewall OS offers 60 new features for security in cloud environments, as well as improved management capabilities. PAN-OS 5.0 boasts an improved ability to scale and simplify network security management in large enterprise environments, enhanced IPv6 capabilities and increased control over SSL traffic, among other improvements. ®

Choosing a cloud hosting partner with confidence

More from The Register

next story
Webcam hacker pervs in MASS HOME INVASION
You thought you were all alone? Nope – change your password, says ICO
You really need to do some tech support for Aunty Agnes
Free anti-virus software, expires, stops updating and p0wns the world
Meet OneRNG: a fully-open entropy generator for a paranoid age
Kiwis to seek random investors for crowd-funded randomiser
USB coding anarchy: Consider all sticks licked
Thumb drive design ruled by almighty buck
Attack reveals 81 percent of Tor users but admins call for calm
Cisco Netflow a handy tool for cheapskate attackers
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
prev story

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Website security in corporate America
Find out how you rank among other IT managers testing your website's vulnerabilities.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.