NIST Full Virtualization Technologies: Guidelines For Secure Implementation And Management
こんにちは、丸山満彦です。NISTがFull Virtualization Technologies: Guidelines For Secure Implementation And Managementを公表していますね。。。
仮想化にまつわるリスクの話、日本でももっと議論すべきですよね。。。
■NIST
●ITL Security Bulletins
・2011.04.28 Full Virtualization Technologies: Guidelines For Secure Implementation And Management
NIST Recommendations for Security for Full Virtualization Technologies
• Secure all elements of a full virtualization solution and maintain their security.
• Restrict and protect administrator access to the virtualization solution.
• Ensure that the hypervisor is properly secured.
• Carefully plan the security for a full virtualization solution before installing, configuring, and deploying it.
ついでにSP800-125も。。。
・2011.01 Guide to Security for Full Virtualization Technologies
=====
Executive Summary.
1. Introduction
1.1 Authority
1.2 Purpose and Scope
1.3 Audience
1.4 Document Structure.
2. Introduction to Full Virtualization
2.1 Motivations for Full Virtualization
2.2 Types of Full Virtualization
2.3 Virtualizing Hardware
2.3.1 Virtualized Networking
2.3.2 Virtualized Storage
2.3.3 Guest OS Images
2.4 Full Virtualization Use Cases
2.4.1 Server Virtualization
2.4.2 Desktop Virtualization.
3. Virtualization Security Overview
3.1 Guest OS Isolation
3.2 Guest OS Monitoring
3.3 Image and Snapshot Management
4. Security Recommendations for Virtualization Components
4.1 Hypervisor Security
4.2 Guest OS Security
4.3 Virtualized Infrastructure Security
4.4 Desktop Virtualization Security
5. Secure Virtualization Planning and Deployment
5.1 Initiation
5.2 Planning and Design
5.3 Implementation
5.4 Operations and Maintenance
5.5 Disposition
=====
■このブログ
●クラウド
■Cyberlaw (夏井先生)
■クラウドコンピューティング
Comments