Virtualization Security

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Virtualization Security"

Transcription

1 Virtualization Security Edward Ray, CISSP NetSec Design & Consulting, Inc. 826 North Red Robin Street Orange, CA Eugene Schultz, Ph.D., CISSP Emagined Security 2816 San Simeon Way San Carlos, CA ABSTRACT Many organization fail to take into account the security of virtual servers, which can result in potential loss of data from internal and external threats. Virtualization has now become commonplace throughout the world; however few if any organizations know the risks associated with running multiple machines on the same physical hardware. The purpose of this paper is to provide an overview of both the benefits and risks associated with virtualization, and steps that should be taken to minimize risks associated with deployment. 1. INTRODUCTION Few issues in the IT arena are regarded with more interest and passion than virtualization. Virtualization refers to technologies designed to provide a layer of abstraction between computer hardware systems and the software running on them. By providing a logical rather than a physical view of computing resources, virtualization solutions make several very useful functions possible. Most fundamentally, they in essence make an operating system recognize a group of servers is a single pool of computing resources. They can allow running multiple operating systems simultaneously on a single machine. Virtualization has its roots in partitioning, which divides a single physical server into multiple logical servers. Once the physical server is divided, each logical server can run an operating system and applications independently. In the 1990s, virtualization was used primarily to re-create end-user environments on a single piece of mainframe hardware. IT administrators who wanted to roll out new software but wanted see how it would work on a Windows NT or a Linux machine used virtualization technologies to create the various user environments. But with the advent of the x86 architecture and inexpensive PCs, virtualization faded and seemed to be little more than a fad of the mainframe era. The recent rebirth of virtualization on x86 platforms is to the credit of the current market leader, VMware. VMware developed the first hypervisor (a special type of virtual machine monitor) for the x86 architecture in the 1990s, planting Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Conference 04, Month 1 2, 2004, City, State, Country. Copyright 2004 ACM /00/0004 $5.00. the seeds for the current virtualization boom. 2. TYPES OF VIRTUALIZATION There are three basic categories of virtualization: 1. Storage virtualization, which melds physical storage from multiple network storage devices so that they appear to be a single storage device. 2. Network virtualization, which combines computing resources in a network by splitting the available bandwidth into independent channels that can be assigned to a particular server or device in real-time. 3. Server virtualization, which hides the physical nature of server resources, including the number and identity of individual servers, processors and operating systems, from the software running on them. This last category is far and away the most common application of the technology today, and it is widely considered the primary driver of the market. When most people use the term "virtualization," they are most likely referring to server virtualization. 3. BENEFITS OF VIRTUALIZATION The industry buzz around virtualization is just short of deafening. This must-have capability has fast become gonna-get-it technology, as new vendors enter the market, and enterprise software providers weave it into the latest versions of their product lines. The reason is that the more virtualization is used; it continues to demonstrate additional tangible benefits, thereby broadening its value. Server consolidation is definitely the sweet spot in this market. Virtualization has become the cornerstone of just about every organization's favorite money-saving initiative. Estimates show that between 60 and 80 percent of IT departments are pursuing server consolidation projects. The reasons why are obvious by reducing the numbers and types of servers that support their business applications, organizations are looking at significant cost savings.

2 Another major benefit of virtualization is dynamic load balancing capacity across multiple file systems and machines. Applications slow down or even come to a halt when processing bottlenecks occur on conventional machines. Dynamic load balancing helps ensure that such bottlenecks do not occur, thereby enabling applications to run continuously and without disruption. This is especially important for business-critical applications. Still another benefit of virtualization is lowered power consumption, both from the servers themselves and the facilities' cooling systems. Fuller use of existing, underutilized computing resources translate into a longer life for the data center and a fatter bottom line. Additionally, a smaller server footprint is simpler to manage. Virtualization s benefits go far beyond efficiency, functionality and continuity, however, in that virtualization also offers much for information security. VMs can be used to isolate processes from attackers and malware, making systems and applications more difficult to successfully attack or infect. User access to applications can be tightly controlled in that virtualization allows special applications to be isolated from end-user applications, making unauthorized access to the former very difficult. Even if a system or application that runs in a virtualized environment is successfully attacked, any impact resulting from the attack is almost always attenuated. The ability of attackers and malicious code to spread attacks (particularly malware-based attacks) is thereby reduced. A good example of the usefulness of virtualization in the information security arena is the way Java applets run in a sandbox environment in the Java VM. The sandbox restricts capabilities such as reading or writing to files on each local computer, starting or calling programs on each local computer, and obtaining network connectivity to the same computer from which applets have been loaded. Other significant benefits of virtualization include failover functionality, ability to maintain systems without taking them down, the ability to pool computing resources, the ability to have custom virtual machines (VMs), each of which serves as a container for application delivery, and many others. Interactive virtualization-related risks, e.g., when there is a virtualized server and a virtualized network, are also a critical security issue. In this case, the total risk exceeds the sum of the individual risks. Orthogonal to interactive virtualization-related risks are risks in the host environment--the originally installed OS that serves as the host to everything else on a hardware platform. Any vulnerability in any virtualized OS or application can be the weak link that causes multiple compromises in virtualized components. Another security-related risk is hyperjacking, in which an attacker crafts and then runs a very thin hypervisor that takes complete control of the underlying operating system. A good example of how this risk might present itself is the Blue Pill rootkit developed by security researcher Joanna Rutkowska. A rootkit is a Trojan program designed to hide all evidence of its existence from system administrators and others who look for anomalies and security breaches in systems. The Blue Pill rootkit bypasses the Vista integrity-checking process for loading unsigned code into the Vista operating system s kernel. This code uses AMD s secure VM, designed to boost security, to masquerade itself from detection, and becomes a hypervisor, taking control of the operating system without system administrators and others detecting its presence. Additionally, even in virtualized environments it is possible to capture data from layer 2 of the network by configuring a network interface card in a certain manner. Furthermore, virtualized environments are typically characterized by great diversity, something that can interfere with IT standardization and compliance efforts. Consider, for example, virtualization in the Java applet environment. Although Java applets are typically run as part of a Web page, they can be downloaded and then run locally as a file independently of the sandbox s restrictions. The sandbox does not always function as intended, either. Applets can, for example, send information from computers on which they execute to other network-connected systems, thereby substantially raising the risk of unauthorized disclosure or theft of stored data and programs. There has been a startling growth in types of attacks directed at virtual servers. For example: 4. VIRTUALIZATION RELATED SECURITY RISKS Secure isolation, confining a program to a virtualized environment should guarantee that any action performed inside the VM cannot interfere with the system that hosts it, is basic to virtualization. Consequently, VMs have seen rapid adoption in situations in which separation from a hostile or hazardous program is critical. If the physical host server's security becomes compromised, however, all of the VMs and applications residing on that particular host server are impacted. And a compromised virtual machine might also wreak havoc on the physical server, which may then have an adverse effect on all of the other VMs running on that same machine. At the February, 2008 Black Hat Security conference in Washington D.C., a researcher demonstrated that an attacker could take control of the VMware and Xen virtualization software when moving a virtual machine from one physical computer to another. A tool was released that allows an attacker to take control of VM's hypervisor, a virtualization engine that permits multiple operating systems and applications to run on a host computer at the same time. The attacker could then download sensitive data from the live virtual machines (VMs). Data moves in clear-text format during a VM migration, permitting an attacker to perform a man-inthe-middle attack on a virtual machine's hypervisor that would allow stealing data in transit, Malware authors can now detect VM software and

3 adjust their code to not reveal what it would do on a real machine. Malicious code that runs in virtualized environments is getting smarter. The previously discussed Blue Pill rootkit is one of the best examples. In September 2007 Microsoft fixed vulnerability (MS07-049) in its Virtual PC software that allowed an attacker to escape the virtual Operating System (OS) to access the physical OS in Microsoft s Virtual PC software. In October 2007, VMware released updates that fix a number of vulnerabilities. This vendor announced the details on a mailing list, but glossed over the problem on its own website. See: tml These updates fix quite a few vulnerabilities, the more serious ones being: 1. CVE A privileged user in a guest OS can execute arbitrary code on the host OS. expedient to analyze the true risks that may present themselves in virtualized environments and also to avoid having a false sense of security with respect to virtualization. Organizations that buy more redundant hardware and run multiple VMs together on a shared hardware platform also need to be especially cautious concerning the particular types of servers that reside on a single physical machine. For example, it would be a bad idea to put the firewall, an intrusion detection system, a public Web server, and database server all on one shared physical machine. In the VM world, if one VM is compromised, all VMs on the same physical machine can be more readily compromised. In fact, it would be easier to compromise multiple VMs in this hypothetical case, because the hardware that each VM uses is on the same platform. Even if all the VMs are equally secure against attacks, risk is nevertheless escalated due to the fact the VMs can talk among themselves without passing information through the network layer. The bottom line is that it is prudent to be careful about the architecture used and the VMs that are mixed together on the same physical platform. Finally, if an organization that has air-gapped networks that carry differently classified information (e.g., proprietary and nonproprietary information), migrating the machines that store this information to a virtualized environment all for the sake of making it easier for users to access both types of information would be very unwise from a risk management perspective. It would be far better to instead use a KVM (Keyboard, Video and Mouse) switch. 2. CVE A user on the guest OS can cause denial of service on both the host and the guest OS. Travis Ormandy of Google wrote a paper that analyzed security flaws in the implementation of several vendors virtualization products. Exploitation of flaws resulted in buffer overflows, ability to access and change power utilization code, and more. Although the names of the two products are withheld to avoid shedding negative light on certain vendors products, it is not terribly difficult to guess which vendor platforms were analyzed in Ormandy s study. 5. SECURING VIRTUALIZED ENVIRONMENTS Securing virtualized environments and, in particular, VMs must start before VMs are deployed, and ideally, before vendors and products are selected. The reason is that security and securability must be factored into the evaluation and selection process; otherwise, security in virtualized environments must be retrofitted, something that is likely to not only lead to unidentified risks, but also to practical difficulties and escalating cost over time. Questions to be answered before deployment include: With all of the previously mentioned developments, determining the best and safest -way to leverage security virtualization may seem daunting. So how does an organization that uses virtualization mitigate virtualization-related risk? As with everything else in information security, risks have to be weighed against benefits. Using Parallels on a Macintosh to run Windows applications in a VM environment is normally very justifiable from a security risk perspective because the benefits far outweigh the risk. Running a VM that has known vulnerabilities to show how easy it is for real attackers to attack a system and how little skill is required to execute a program that gives an attacker complete control of the target system is perfectly acceptable in the context of teaching, but not in the context of mainstream IT operations. In malicious code research, analyzing the risk to benefit ratio is not nearly as easy as it might seem. Malicious code can break out of the VM and compromise the physical machine s OS. Attackers could then start to build malicious code capable of breaking out of the segregated environment. It is thus extremely Where and how do you use virtualized environments in your organization? Do you have a patch management policy in place for the virtual machine operating systems? Do you have a patch management system in place for the virtual machine software? What policies do you have regarding the use of virtualized environments? Is your organization aware of the risks associated with deploying virtual environments?

4 Is your organization interested in reducing these risks so that the benefits of a virtualized environment can be safely realized? During this process of evaluating and selecting security controls, organizations must consider the following security issues: Virtualization software, such as hypervisors, represents a new layer of privileged software that will be attacked and must thus be protected. The loss of separation of duties for administrative tasks, which can lead to a breakdown of both the least privilege and defense in-depth principles. Patching, signature updates, and protection from tampering for offline VM and VM "appliance" images. Patching and secure confirmation management of VM appliances where the underlying OS and configuration are not accessible. The fact that in the process of finding vulnerabilities and assessing correct configuration there will be limited visibility into the host OS and virtual network. The fact that there will be a restricted view into inter- VM traffic for inspection by intrusion prevention systems (IPSs). Mobile VMs will require security policy and settings to migrate with them. Security and system and network management tools tend to be immature and incomplete in the first place; using them in virtualized environments only compounds these problems. Security of the VM is dependent on the operating system and should follow the same processes already developed by the information security practice for these operating systems as if each VM were a physical host. From a security perspective a VM and a physical server do not differ. Besides using the service console s access to the VM File System (VMFS), the only other way to access another VM is through its network connections. Therefore securing the network is of primary importance. Due to the fact that the Console Operating System (COS) hypervisor can access the VM disk files, securing the service console is even more important. In most organizations the approach taken for securing virtual environments is to use current configuration standards and tools that were used in the past for securing any OS, network device, or application. Although this approach has some merits; it fails to address the security ramifications of having multiple platforms on the same physical machine. Simply applying the same controls used in securing physical servers will not, for example, provide sufficient protections for VMs. Securing VMs must start before the VMs are deployed, and ideally, before vendors and products are selected, so that security and securability can be factored into the evaluation and selection process. The first focus should thus be physical security. All the logical protections that a virtualized environment can have will be in vain if anyone can walk into a datacenter and steal disk drives from any machine. This scenario can easily happen if a service console is not afforded strong levels of physical protection. Organizations will in all likelihood have to update their information security standards (and possibly also their information security policy) to help ensure that individual VMs and the COS are properly protected. Once the necessary changes to standards (and possibly also the information security policy) are made, approved and implemented, technical control measures should be selected and implemented. Achieving suitable levels of security in virtualized environments requires securing all of the following: 1. The VM OS: The VM OS must be secured using the same best practices that the information security organization dictates for the OS in question. Failing to secure the VM OS can make compromising it trivial, but can also substantially elevate the probability of a network compromise. The reason is that once compromised, the VM OS can readily serve as a springboard for attacks against the network. 2. VM Networks: All externally initiated VM network connections should be shielded by a properly configured well maintained firewall. Additionally, as just mentioned the OS in the VM must be properly secured. 3. Securing the VMKernel: The VMkernel is by its nature extremely secure. With no public Application Programming Interfaces (APIs), possible ways of hacking or cracking this crucial software dwindle to almost none. This does not mean that it is impossible to compromise this software, however. Best practices for this component include regularly patching the VMKernel with vendor updates in accordance with an organization s information security policy. 4. Securing VM Server to VM Server traffic and VMkernel traffic: Communication between servers (i.e. VMware VMotion) passes memory data between VM servers to help manage each VM host and to facilitate performance balancing. The VMkernel network is also used to perform NFS mounts and Internet Small Computer System Interface (iscsi) access. The data are passed unencrypted; access to the network that passes these data should thus be adequately controlled at all times. 5. Console Operating System: The COS has access to everything that the VMkernel will expose, namely

5 hardware as well as the data stores for the VM disk files. The COS is thus another crucial security consideration. At a minimum, non-administrator VMs should have no access to the COS network this will limit possible attack origin points. 6. VM Deployment: There are many different tools for deploying VMs that use the COS network connection. Typically these tools send unencrypted information to the target VM Server. Securing the deployment network by ensuring that such traffic is encrypted with strong encryption (e.g., Advanced Encryption Standard encryption) is thus a necessary part of any defense-in-depth solution. 7. VM Backup: Typically VMs are backed up in one of two ways. The first is to backup from within the VM, which uses the network connections of the VM. The second method is externally via the COS (i.e., VMware Consolidated Backup). In either case, backup data traversing the network should be encrypted with strong encryption and the backup server should be adequately secure in terms of access authentication and file protection. 8. Data. Data in virtualized environments need to be protected in the same manner a datacenter should be protected. Although each VM is separate and distinct, the service COS is part of the VM Server and it has access to critical data. Properly configured access control lists (ACLs) and applying the least privilege principle will both minimize the likelihood of data security breaches. Additionally, placing the service console properly within an organization s network is a must. At a minimum, keep the service console out of a Demilitarized Zone (DMZ) where it can more easily fall prey to externally initiated attacks. Placing it at a point within a network where a firewall shields it from such attacks is far better from a security perspective. Finally, it is important to ensure that sufficient auditing (coupled with procedures that require regular and systematic inspection of audit log output) is enabled and continuously running on the VM server service console. Network monitoring is also necessary. The ultimate goal should thus be to provide as much preventative protection as needed while at the same time to allow for auditing and monitoring the OS with minimal impact on the operation of the system applications. Additionally, understanding that eventually a wider variety of attacks, some of which may be successful, will surface in virtualized environments is imperative; necessary adjustments must be made and necessary additional security controls must continually be considered and, if justified in terms of costs versus benefits, implemented to minimize the likelihood of successful attacks in these environments. Candidate controls include (but are not limited to) network firewalls, application firewalls, strong authentication, anti-virus/antispyware tools, denial of service (DoS) protection through fault tolerance or other mechanisms, forensic tools, remote logging, periodic vulnerability scans, and patch management. 6. CONCLUSION Information security professionals and others need to thoroughly understand virtualization and its advantages and disadvantages from security, information technology, and business viewpoints. They also need to keep up with changes in virtualization that not only have occurred in the past, but also that will continue to occur in the future. With the ever-increasing popularity of virtualization, one thing is certain virtualization and computing will continue to converge well into the future. Unfortunately, virtualization is also likely to provide a disproportionately increasing number of targets for attackers and malicious code. It thus behooves information security professionals to be as proactive as possible in their approach to managing virtualization-related risks 7. REFERENCES [1] Haletky, Edward L. VMware ESX Server in the Enterprise: Planning and Securing Virtualization Servers, Prentice Hall, 2008 [2] Ormandy, Travis. An Empirical Study into the Security Exposure to Hosts of Hostile Virtualized Environments. September 2, 2008, [3] Waters, John K. ABC: An Introduction to Virtualization, CIO, March 15, 2008, _Virtualization

Virtualization System Security

Virtualization System Security Virtualization System Security Bryan Williams, IBM X-Force Advanced Research Tom Cross, Manager, IBM X-Force Security Strategy 2009 IBM Corporation Overview Vulnerability disclosure analysis Vulnerability

More information

Learn the Essentials of Virtualization Security

Learn the Essentials of Virtualization Security Learn the Essentials of Virtualization Security by Dave Shackleford by Dave Shackleford This paper is the first in a series about the essential security issues arising from virtualization and the adoption

More information

Virtualization Security and Best Practices. Rob Randell, CISSP Senior Security Specialist SE

Virtualization Security and Best Practices. Rob Randell, CISSP Senior Security Specialist SE Virtualization Security and Best Practices Rob Randell, CISSP Senior Security Specialist SE Agenda General Virtualization Concepts Hardware Virtualization and Application Virtualization Types of Hardware

More information

Mitigating Information Security Risks of Virtualization Technologies

Mitigating Information Security Risks of Virtualization Technologies Mitigating Information Security Risks of Virtualization Technologies Toon-Chwee, Wee VMWare (Hong Kong) 2009 VMware Inc. All rights reserved Agenda Virtualization Overview Key Components of Secure Virtualization

More information

Learn the essentials of virtualization security

Learn the essentials of virtualization security Learn the essentials of virtualization security White Paper Table of Contents 3 Introduction 4 Hypervisor connectivity and risks 4 Multi-tenancy risks 5 Management and operational network risks 5 Storage

More information

VMWARE Introduction ESX Server Architecture and the design of Virtual Machines

VMWARE Introduction ESX Server Architecture and the design of Virtual Machines Introduction........................................................................................ 2 ESX Server Architecture and the design of Virtual Machines........................................

More information

Overcoming Security Challenges to Virtualize Internet-facing Applications

Overcoming Security Challenges to Virtualize Internet-facing Applications Intel IT IT Best Practices Cloud Security and Secure ization November 2011 Overcoming Security Challenges to ize Internet-facing Applications Executive Overview To enable virtualization of Internet-facing

More information

Securing your Virtual Datacenter. Part 1: Preventing, Mitigating Privilege Escalation

Securing your Virtual Datacenter. Part 1: Preventing, Mitigating Privilege Escalation Securing your Virtual Datacenter Part 1: Preventing, Mitigating Privilege Escalation Before We Start... Today's discussion is by no means an exhaustive discussion of the security implications of virtualization

More information

Solution Recipe: Improve PC Security and Reliability with Intel Virtualization Technology

Solution Recipe: Improve PC Security and Reliability with Intel Virtualization Technology Solution Recipe: Improve PC Security and Reliability with Intel Virtualization Technology 30406_VT_Brochure.indd 1 6/20/06 4:01:14 PM Preface Intel has developed a series of unique Solution Recipes designed

More information

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013 CS 356 Lecture 25 and 26 Operating System Security Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control

More information

DMZ Virtualization Using VMware vsphere 4 and the Cisco Nexus 1000V Virtual Switch

DMZ Virtualization Using VMware vsphere 4 and the Cisco Nexus 1000V Virtual Switch DMZ Virtualization Using VMware vsphere 4 and the Cisco Nexus 1000V Virtual Switch What You Will Learn A demilitarized zone (DMZ) is a separate network located in the neutral zone between a private (inside)

More information

An overwhelming majority of IaaS clouds leverage virtualization for their foundation.

An overwhelming majority of IaaS clouds leverage virtualization for their foundation. 1 2 3 An overwhelming majority of IaaS clouds leverage virtualization for their foundation. 4 With the use of virtualization comes the use of a hypervisor. Normally, the hypervisor simply provisions resources

More information

Securely Architecting the Internal Cloud. Rob Randell, CISSP Senior Security and Compliance Specialist VMware, Inc.

Securely Architecting the Internal Cloud. Rob Randell, CISSP Senior Security and Compliance Specialist VMware, Inc. Securely Architecting the Internal Cloud Rob Randell, CISSP Senior Security and Compliance Specialist VMware, Inc. Securely Building the Internal Cloud Virtualization is the Key How Virtualization Affects

More information

Virtualization Technologies and Blackboard: The Future of Blackboard Software on Multi-Core Technologies

Virtualization Technologies and Blackboard: The Future of Blackboard Software on Multi-Core Technologies Virtualization Technologies and Blackboard: The Future of Blackboard Software on Multi-Core Technologies Kurt Klemperer, Principal System Performance Engineer kklemperer@blackboard.com Agenda Session Length:

More information

VMware Security Briefing. Rob Randell, CISSP Senior Security Specialist SE

VMware Security Briefing. Rob Randell, CISSP Senior Security Specialist SE VMware Security Briefing Rob Randell, CISSP Senior Security Specialist SE Agenda Security Advantages of Virtualization Security Concepts in Virtualization Architecture Operational Security Issues with

More information

managing the risks of virtualization

managing the risks of virtualization managing the risks of virtualization Chris Wraight CA Technologies 28 February 2011 Session Number 8951 abstract Virtualization opens the door to a world of opportunities and well managed virtualization

More information

IOS110. Virtualization 5/27/2014 1

IOS110. Virtualization 5/27/2014 1 IOS110 Virtualization 5/27/2014 1 Agenda What is Virtualization? Types of Virtualization. Advantages and Disadvantages. Virtualization software Hyper V What is Virtualization? Virtualization Refers to

More information

Misconceptions surrounding security in a virtualized environment

Misconceptions surrounding security in a virtualized environment Misconceptions surrounding security in a virtualized environment Clavister White Paper ization is a boom technology, and it is imperative that this environment is secure as any other part of the network.

More information

Top virtualization security risks and how to prevent them

Top virtualization security risks and how to prevent them E-Guide Top virtualization security risks and how to prevent them There are multiple attack avenues in virtual environments, but this tip highlights the most common threats that are likely to be experienced

More information

A Look at the New Converged Data Center

A Look at the New Converged Data Center Organizations around the world are choosing to move from traditional physical data centers to virtual infrastructure, affecting every layer in the data center stack. This change will not only yield a scalable

More information

Beyond the Hype: Advanced Persistent Threats

Beyond the Hype: Advanced Persistent Threats Advanced Persistent Threats and Real-Time Threat Management The Essentials Series Beyond the Hype: Advanced Persistent Threats sponsored by Dan Sullivan Introduction to Realtime Publishers by Don Jones,

More information

Virtualization Technology

Virtualization Technology Virtualization Technology A Manifold Arms Race Michael H. Warfield Senior Researcher and Analyst mhw@linux.vnet.ibm.com 2008 IBM Corporation Food for Thought Is Virtual Reality an oxymoron or is it the

More information

End-user Security Analytics Strengthens Protection with ArcSight

End-user Security Analytics Strengthens Protection with ArcSight Case Study for XY Bank End-user Security Analytics Strengthens Protection with ArcSight INTRODUCTION Detect and respond to advanced persistent threats (APT) in real-time with Nexthink End-user Security

More information

VMware ESXi 3.5 update 2

VMware ESXi 3.5 update 2 VMware ESXi 3.5 update 2 VMware ESXi 3.5 Exec Summary What is it? What does it do? What is unique? Who can use it? How do you use it? Next generation, thin hypervisor for FREE Partitions servers to create

More information

Parallels Virtuozzo Containers

Parallels Virtuozzo Containers Parallels Virtuozzo Containers White Paper Virtual Desktop Infrastructure www.parallels.com Version 1.0 Table of Contents Table of Contents... 2 Enterprise Desktop Computing Challenges... 3 What is Virtual

More information

Driving Company Security is Challenging. Centralized Management Makes it Simple.

Driving Company Security is Challenging. Centralized Management Makes it Simple. Driving Company Security is Challenging. Centralized Management Makes it Simple. Overview - P3 Security Threats, Downtime and High Costs - P3 Threats to Company Security and Profitability - P4 A Revolutionary

More information

Virtualization with VMware ESX and VirtualCenter SMB to Enterprise

Virtualization with VMware ESX and VirtualCenter SMB to Enterprise Virtualization with VMware ESX and VirtualCenter SMB to Enterprise Course VM-03 5 Days Instructor-led, Hands-on Course Description This is a 5-day intense introduction to virtualization using VMware s

More information

Meeting the Challenges of Virtualization Security

Meeting the Challenges of Virtualization Security Meeting the Challenges of Virtualization Security Coordinate Security. Server Defense for Virtual Machines A Trend Micro White Paper August 2009 I. INTRODUCTION Virtualization enables your organization

More information

A Survey on Virtual Machine Security

A Survey on Virtual Machine Security A Survey on Virtual Machine Security Jenni Susan Reuben Helsinki University of Technology jreubens@cc.hut.fi Abstract Virtualization plays a major role in helping the organizations to reduce the operational

More information

RED HAT ENTERPRISE VIRTUALIZATION FOR SERVERS: COMPETITIVE FEATURES

RED HAT ENTERPRISE VIRTUALIZATION FOR SERVERS: COMPETITIVE FEATURES RED HAT ENTERPRISE VIRTUALIZATION FOR SERVERS: COMPETITIVE FEATURES RED HAT ENTERPRISE VIRTUALIZATION FOR SERVERS Server virtualization offers tremendous benefits for enterprise IT organizations server

More information

BEST PRACTICES. DMZ Virtualization with VMware Infrastructure

BEST PRACTICES. DMZ Virtualization with VMware Infrastructure BEST PRACTICES DMZ Virtualization with ware Infrastructure ware BEST PRACTICES Table of Contents Virtualized DMZ Networks... 3 Three Typical Virtualized DMZ Configurations... 4 Partially Collapsed DMZ

More information

Secure your Virtual World with Cyberoam

Secure your Virtual World with Cyberoam White paper Secure your Virtual World with Cyberoam www.cyberoam.com Virtualization The Why and the What... Rising Data Center costs... Ever-increasing demand for data storage... Under-utilized processors...

More information

Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006

Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,

More information

Making Data Security The Foundation Of Your Virtualization Infrastructure

Making Data Security The Foundation Of Your Virtualization Infrastructure Making Data Security The Foundation Of Your Virtualization Infrastructure by Dave Shackleford hytrust.com Cloud Under Control P: P: 650.681.8100 Securing data has never been an easy task. Its challenges

More information

Securing Privileges in the Cloud. A Clear View of Challenges, Solutions and Business Benefits

Securing Privileges in the Cloud. A Clear View of Challenges, Solutions and Business Benefits A Clear View of Challenges, Solutions and Business Benefits Introduction Cloud environments are widely adopted because of the powerful, flexible infrastructure and efficient use of resources they provide

More information

Parallels Virtuozzo Containers

Parallels Virtuozzo Containers Parallels Virtuozzo Containers White Paper Top Ten Considerations For Choosing A Server Virtualization Technology www.parallels.com Version 1.0 Table of Contents Introduction... 3 Technology Overview...

More information

VDI Security for Better Protection and Performance

VDI Security for Better Protection and Performance VDI Security for Better Protection and Performance Addressing security and infrastructure challenges in your VDI deployments Trend Micro, Incorporated» See why you need security designed for VDI environments

More information

SECURITY IN OPERATING SYSTEM VIRTUALISATION

SECURITY IN OPERATING SYSTEM VIRTUALISATION SECURITY IN OPERATING SYSTEM VIRTUALISATION February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in

More information

Unmasking Virtualization Security. Eric A. Hibbard, CISSP, CISA Hitachi Data Systems

Unmasking Virtualization Security. Eric A. Hibbard, CISSP, CISA Hitachi Data Systems Eric A. Hibbard, CISSP, CISA Hitachi Data Systems SNIA Legal Notice The material contained in this tutorial is copyrighted by the SNIA unless otherwise noted. Member companies and individual members may

More information

Balancing CPU, Storage

Balancing CPU, Storage TechTarget Data Center Media E-Guide Server Virtualization: Balancing CPU, Storage and Networking Demands Virtualization initiatives often become a balancing act for data center administrators, who are

More information

Server Virtualization with VMWare

Server Virtualization with VMWare Server Virtualization with VMware Information Technology Server Virtualization with VMWare A look at server virtualization, what it is and why it should be considered. By Alex Dewar, Head of IT & IM Solutions,

More information

TECHNOLOGYBRIEF. The Impact of Virtualization on Network Security. Discover. Determine. Defend.

TECHNOLOGYBRIEF. The Impact of Virtualization on Network Security. Discover. Determine. Defend. The Impact of Virtualization on Network Security Discover. Determine. Defend. EXECUTIVE SUMMARY Virtualization is a concept that has become highly visible in the last few years because of its perceived

More information

Solution Guide Parallels Virtualization for Linux

Solution Guide Parallels Virtualization for Linux Solution Guide Parallels Virtualization for Linux Overview Created in 1991, Linux was designed to be UNIX-compatible software that was composed entirely of open source or free software components. Linux

More information

The Business Case for Security Information Management

The Business Case for Security Information Management The Essentials Series: Security Information Management The Business Case for Security Information Management sponsored by by Dan Sullivan Th e Business Case for Security Information Management... 1 Un

More information

The Review of Virtualization in an Isolated Computer Environment

The Review of Virtualization in an Isolated Computer Environment The Review of Virtualization in an Isolated Computer Environment Sunanda Assistant professor, Department of Computer Science & Engineering, Ludhiana College of Engineering & Technology, Ludhiana, Punjab,

More information

Network Segmentation in Virtualized Environments B E S T P R A C T I C E S

Network Segmentation in Virtualized Environments B E S T P R A C T I C E S Network Segmentation in Virtualized Environments B E S T P R A C T I C E S ware BEST PRAC TICES Table of Contents Introduction... 3 Three Typical Virtualized Trust Zone Configurations... 4 Partially Collapsed

More information

Windows Remote Access

Windows Remote Access Windows Remote Access A newsletter for IT Professionals Education Sector Updates Issue 1 I. Background of Remote Desktop for Windows Remote Desktop Protocol (RDP) is a proprietary protocol developed by

More information

Solution Brief Availability and Recovery Options: Microsoft Exchange Solutions on VMware

Solution Brief Availability and Recovery Options: Microsoft Exchange Solutions on VMware Introduction By leveraging the inherent benefits of a virtualization based platform, a Microsoft Exchange Server 2007 deployment on VMware Infrastructure 3 offers a variety of availability and recovery

More information

Desktop Application Virtualization and Application Streaming: Function and Security Benefits

Desktop Application Virtualization and Application Streaming: Function and Security Benefits Desktop Application Virtualization and Application Streaming: Function and Security Benefits Tom Olzak August 2007 Current security issues caused by an increasing number of threats, application vulnerabilities,

More information

Trend Micro Cloud Protection

Trend Micro Cloud Protection A Trend Micro White Paper August 2015 Trend Micro Cloud Protection Security for Your Unique Cloud Infrastructure Contents Introduction...3 Private Cloud...4 VM-Level Security...4 Agentless Security to

More information

Enterprise-class desktop virtualization with NComputing. Clear the hurdles that block you from getting ahead. Whitepaper

Enterprise-class desktop virtualization with NComputing. Clear the hurdles that block you from getting ahead. Whitepaper Enterprise-class desktop virtualization with NComputing Clear the hurdles that block you from getting ahead Whitepaper Introduction Enterprise IT departments are realizing virtualization is not just for

More information

Understanding & Improving Hypervisor Security

Understanding & Improving Hypervisor Security The Essentials Series: Security Concerns & Solutions Understanding & Improving Hypervisor Security sponsored by by Greg Shields Understanding & Improving Hypervisor Security...1 What Is the Hypervisor?...1

More information

Secure Virtualization in the Federal Government

Secure Virtualization in the Federal Government White Paper Secure Virtualization in the Federal Government Achieve efficiency while managing risk Table of Contents Ready, Fire, Aim? 3 McAfee Solutions for Virtualization 4 Securing virtual servers in

More information

Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks

Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks Dale Peterson Director, Network Security Practice Digital Bond, Inc. 1580 Sawgrass Corporate Parkway, Suite 130 Sunrise, FL 33323

More information

Virtualization. Jukka K. Nurminen 23.9.2015

Virtualization. Jukka K. Nurminen 23.9.2015 Virtualization Jukka K. Nurminen 23.9.2015 Virtualization Virtualization refers to the act of creating a virtual (rather than actual) version of something, including virtual computer hardware platforms,

More information

Enterprise Desktop Virtualization

Enterprise Desktop Virtualization Enterprise Desktop Virtualization Introduction For nearly a decade, IT industry thought leaders and vendor proponents have hailed the anticipated widespread adoption of virtual display desktop as the new

More information

Recommended IP Telephony Architecture

Recommended IP Telephony Architecture Report Number: I332-009R-2006 Recommended IP Telephony Architecture Systems and Network Attack Center (SNAC) Updated: 1 May 2006 Version 1.0 SNAC.Guides@nsa.gov This Page Intentionally Left Blank ii Warnings

More information

Technology Blueprint. Secure Your Virtual Desktop Infrastructure. Optimize your virtual desktop infrastructure for performance and protection

Technology Blueprint. Secure Your Virtual Desktop Infrastructure. Optimize your virtual desktop infrastructure for performance and protection Technology Blueprint Secure Your Virtual Desktop Infrastructure Optimize your virtual desktop infrastructure for performance and protection LEVEL 1 2 3 4 5 SECURITY CONNECTED REFERENCE ARCHITECTURE LEVEL

More information

Virtualization. Dr. Yingwu Zhu

Virtualization. Dr. Yingwu Zhu Virtualization Dr. Yingwu Zhu What is virtualization? Virtualization allows one computer to do the job of multiple computers. Virtual environments let one computer host multiple operating systems at the

More information

VMware ESX Server 3 Configuration Guide

VMware ESX Server 3 Configuration Guide Date: 03/03/08 VMware ESX Server 3 Configuration Guide Enterprise Applications Division of the Systems and Network Analysis Center (SNAC) Information Assurance Directorate National Security Agency 9800

More information

Outline. Introduction Major cloud security risks Hacking the cloud Conclusion

Outline. Introduction Major cloud security risks Hacking the cloud Conclusion Hacking the Cloud Eugene Schultz, Ph.D., CISSP, CISM, GSLC Chief Technology Officer Emagined Security EugeneSchultz@emagined.com ISSA-LA Security Summit West Los Angeles, California June 15, 2011 Emagined

More information

Securing Data in the Virtual Data Center and Cloud: Requirements for Effective Encryption

Securing Data in the Virtual Data Center and Cloud: Requirements for Effective Encryption THE DATA PROTECTIO TIO N COMPANY Securing Data in the Virtual Data Center and Cloud: Requirements for Effective Encryption whitepaper Executive Summary Long an important security measure, encryption has

More information

Best Practices for Managing Virtualized Environments

Best Practices for Managing Virtualized Environments WHITE PAPER Introduction... 2 Reduce Tool and Process Sprawl... 2 Control Virtual Server Sprawl... 3 Effectively Manage Network Stress... 4 Reliably Deliver Application Services... 5 Comprehensively Manage

More information

Building A Secure Microsoft Exchange Continuity Appliance

Building A Secure Microsoft Exchange Continuity Appliance Building A Secure Microsoft Exchange Continuity Appliance Teneros, Inc. 215 Castro Street, 3rd Floor Mountain View, California 94041-1203 USA p 650.641.7400 f 650.641.7401 ON AVAILABLE ACCESSIBLE Building

More information

Virtualization: What does it mean for SAS? Karl Fisher and Clarke Thacher, SAS Institute Inc., Cary, NC

Virtualization: What does it mean for SAS? Karl Fisher and Clarke Thacher, SAS Institute Inc., Cary, NC Paper 347-2009 Virtualization: What does it mean for SAS? Karl Fisher and Clarke Thacher, SAS Institute Inc., Cary, NC ABSTRACT SAS groups virtualization into four categories: Hardware Virtualization,

More information

Security. Environments. Dave Shackleford. John Wiley &. Sons, Inc. s j}! '**»* t i j. l:i. in: i««;

Security. Environments. Dave Shackleford. John Wiley &. Sons, Inc. s j}! '**»* t i j. l:i. in: i««; Security N Environments '' J J H -. i ^ s j}! Dave Shackleford '**»* t i j i««; l:i in: John Wiley &. Sons, Inc. Contents Introduction.. : xix Chapter l Fundamentals of Virtualization Security Virtualization

More information

365 Evans Suite 300 Toronto, Ontario M8Z 1K2 Phone: Fax:

365 Evans Suite 300 Toronto, Ontario M8Z 1K2 Phone: Fax: Course: Virtualization with VMware ESX and VirtualCenter Description: Price: $2,895.00 Category: VMware Duration: 5 days Schedule: Request Dates Outline: This class is a 5-day (optional 4-day) intense

More information

VMware vsphere 5.1 Advanced Administration

VMware vsphere 5.1 Advanced Administration Course ID VMW200 VMware vsphere 5.1 Advanced Administration Course Description This powerful 5-day 10hr/day class is an intensive introduction to VMware vsphere 5.0 including VMware ESX 5.0 and vcenter.

More information

SCO Virtualization Presentation to Customers

SCO Virtualization Presentation to Customers SCO Virtualization Presentation to Customers 1 Content Virtualization An Overview Short introduction including key benefits Additional virtualization information from SCO Additional information about Virtualization

More information

Release Version 4.1 The 2X Software Server Based Computing Guide

Release Version 4.1 The 2X Software Server Based Computing Guide Release Version 4.1 The 2X Software Server Based Computing Guide Information in this document is subject to change without notice. Companies, names, and data used in examples herein are fictitious unless

More information

FOR SERVERS 2.2: FEATURE matrix

FOR SERVERS 2.2: FEATURE matrix RED hat ENTERPRISE VIRTUALIZATION FOR SERVERS 2.2: FEATURE matrix Red hat enterprise virtualization for servers Server virtualization offers tremendous benefits for enterprise IT organizations server consolidation,

More information

Implementing Security on virtualized network storage environment

Implementing Security on virtualized network storage environment International Journal of Education and Research Vol. 2 No. 4 April 2014 Implementing Security on virtualized network storage environment Benard O. Osero, David G. Mwathi Chuka University bosero@chuka.ac.ke

More information

What s New with VMware Virtual Infrastructure

What s New with VMware Virtual Infrastructure What s New with VMware Virtual Infrastructure Virtualization: Industry-Standard Way of Computing Early Adoption Mainstreaming Standardization Test & Development Server Consolidation Infrastructure Management

More information

BridgeWays Management Pack for VMware ESX

BridgeWays Management Pack for VMware ESX Bridgeways White Paper: Management Pack for VMware ESX BridgeWays Management Pack for VMware ESX Ensuring smooth virtual operations while maximizing your ROI. Published: July 2009 For the latest information,

More information

IQware's Approach to Software and IT security Issues

IQware's Approach to Software and IT security Issues IQware's Approach to Software and IT security Issues The Need for Security Security is essential in business intelligence (BI) systems since they have access to critical and proprietary enterprise information.

More information

Hyper-converged Solutions for ROBO, VDI and Transactional Databases Using Microsoft Hyper-V and DataCore Hyper-converged Virtual SAN

Hyper-converged Solutions for ROBO, VDI and Transactional Databases Using Microsoft Hyper-V and DataCore Hyper-converged Virtual SAN Hyper-converged Solutions for ROBO, VDI and Transactional Databases Using Microsoft Hyper-V and DataCore Hyper-converged Virtual SAN EXECUTIVE SUMMARY By Dan Kusnetzky Microsoft Hyper-V together with DataCore

More information

Secure networks are crucial for IT systems and their

Secure networks are crucial for IT systems and their ISSA The Global Voice of Information Security Network Security Architecture By Mariusz Stawowski ISSA member, Poland Chapter Secure networks are crucial for IT systems and their proper operation. Essential

More information

International Journal of Scientific & Engineering Research, Volume 5, Issue 1, January-2014 ISSN 2229-5518 1299

International Journal of Scientific & Engineering Research, Volume 5, Issue 1, January-2014 ISSN 2229-5518 1299 1299 TITLE Virtualization security in Data Centres & cloud Prof Sarita Dhawale. Ashoka Center for Business & Computer Studies,Nashik Head of Department of Computer Science University of Pune, Maharashtra.

More information

Lifecycle Solutions & Services. Managed Industrial Cyber Security Services

Lifecycle Solutions & Services. Managed Industrial Cyber Security Services Lifecycle Solutions & Services Managed Industrial Cyber Security Services Around the world, industrial firms and critical infrastructure operators partner with Honeywell to address the unique requirements

More information

System Security Policy Management: Advanced Audit Tasks

System Security Policy Management: Advanced Audit Tasks System Security Policy Management: Advanced Audit Tasks White Paper October 6, 2005 2005 Altiris Inc. All rights reserved. ABOUT ALTIRIS Altiris, Inc. is a pioneer of IT lifecycle management software that

More information

Keyword: Cloud computing, service model, deployment model, network layer security.

Keyword: Cloud computing, service model, deployment model, network layer security. Volume 4, Issue 2, February 2014 ISSN: 2277 128X International Journal of Advanced Research in Computer Science and Software Engineering Research Paper Available online at: www.ijarcsse.com An Emerging

More information

Security Auditing in a Virtual Environment

Security Auditing in a Virtual Environment Security Auditing in a Virtual Environment Security auditing considerations within a Virtual Environment Increasing and widespread use of the virtual platform can be seen as a direct response by enterprises

More information

How Does Virtualization Change Your Approach to Enterprise Security and Compliance?

How Does Virtualization Change Your Approach to Enterprise Security and Compliance? HowDoesVirtualizationChangeYour ApproachtoEnterpriseSecurityand Compliance? SevenStepstoaVirtual awaresecuritystrategy. MichaelBaum Co founder ChiefCorporate&Business DevelopmentOfficer ScottShepard CISSP,CISM

More information

Managed Hosting is a managed service provided by MN.IT. It is structured to help customers meet:

Managed Hosting is a managed service provided by MN.IT. It is structured to help customers meet: Managed Hosting Service Description Version 1.10 Effective Date: 3/3/2015 Purpose This Service Description is applicable to Managed Hosting services (MH) offered by MN.IT Services (MN.IT) and described

More information

Virtualization of the MS Exchange Server Environment

Virtualization of the MS Exchange Server Environment MS Exchange Server Acceleration Maximizing Users in a Virtualized Environment with Flash-Powered Consolidation Allon Cohen, PhD OCZ Technology Group Introduction Microsoft (MS) Exchange Server is one of

More information

NETWORK FUNCTIONS VIRTUALIZATION. The Top Five Virtualization Mistakes

NETWORK FUNCTIONS VIRTUALIZATION. The Top Five Virtualization Mistakes WHITE PAPER www.brocade.com NETWORK FUNCTIONS VIRTUALIZATION The Top Five Virtualization Mistakes Virtualization is taking the IT world by storm. After years of IT build-out, virtualization suddenly fixes

More information

Building Docker Cloud Services with Virtuozzo

Building Docker Cloud Services with Virtuozzo Building Docker Cloud Services with Virtuozzo Improving security and performance of application containers services in the cloud EXECUTIVE SUMMARY Application containers, and Docker in particular, are

More information

Computer System Security Updates

Computer System Security Updates Why patch? If you have already deployed a network architecture, such as the one recommended by Rockwell Automation and Cisco in the Converged Plantwide Ethernet Design and Implementation Guide (http://www.ab.com/networks/architectures.html),

More information

Paravirtualization Figure 1.

Paravirtualization Figure 1. HRG Insight: Virtualization Virtualization? Everyone has heard about it but even the term conjures up a hazy, intangible image. It is one of those technology topics many CIOs and IT decision-makers would

More information

Secure Clouds - Secure Services Trend Micro best-in-class solutions enable data center to deliver trusted and secure infrastructures and services

Secure Clouds - Secure Services Trend Micro best-in-class solutions enable data center to deliver trusted and secure infrastructures and services Secure Clouds - Secure Services Trend Micro best-in-class solutions enable data center to deliver trusted and secure infrastructures and services Udo Schneider Trend Micro Udo_Schneider@trendmicro.de 26.03.2013

More information

VMWARE VSPHERE 5.0 WITH ESXI AND VCENTER

VMWARE VSPHERE 5.0 WITH ESXI AND VCENTER VMWARE VSPHERE 5.0 WITH ESXI AND VCENTER CORPORATE COLLEGE SEMINAR SERIES Date: April 15-19 Presented by: Lone Star Corporate College Format: Location: Classroom instruction 8 a.m.-5 p.m. (five-day session)

More information

Virtualization. Michael Tsai 2015/06/08

Virtualization. Michael Tsai 2015/06/08 Virtualization Michael Tsai 2015/06/08 What is virtualization? Let s first look at a video from VMware http://bcove.me/x9zhalcl Problems? Low utilization Different needs DNS DHCP Web mail 5% 5% 15% 8%

More information

Comparing Free Virtualization Products

Comparing Free Virtualization Products A S P E I T Tr a i n i n g Comparing Free Virtualization Products A WHITE PAPER PREPARED FOR ASPE BY TONY UNGRUHE www.aspe-it.com toll-free: 877-800-5221 Comparing Free Virtualization Products In this

More information

VMware Cost-Per-Application Calculator Results Report

VMware Cost-Per-Application Calculator Results Report 1 / 12 VMware -Per-Application Calculator Results Report The VMware -Per-Application Calculator compares the cost of virtualizing applications on VMware vsphere 4 versus other commodity virtualization

More information

Effective End-to-End Cloud Security

Effective End-to-End Cloud Security Effective End-to-End Cloud Security Securing Your Journey to the Cloud Trend Micro SecureCloud A Trend Micro & VMware White Paper August 2011 I. EXECUTIVE SUMMARY This is the first paper of a series of

More information

HRG Assessment: Stratus everrun Enterprise

HRG Assessment: Stratus everrun Enterprise HRG Assessment: Stratus everrun Enterprise Today IT executive decision makers and their technology recommenders are faced with escalating demands for more effective technology based solutions while at

More information

VMware vsphere 5.0 Boot Camp

VMware vsphere 5.0 Boot Camp VMware vsphere 5.0 Boot Camp This powerful 5-day 10hr/day class is an intensive introduction to VMware vsphere 5.0 including VMware ESX 5.0 and vcenter. Assuming no prior virtualization experience, this

More information

Taxonomy of Intrusion Detection System

Taxonomy of Intrusion Detection System Taxonomy of Intrusion Detection System Monika Sharma, Sumit Sharma Abstract During the past years, security of computer networks has become main stream in most of everyone's lives. Nowadays as the use

More information

Virtual Machine Protection with Symantec NetBackup 7

Virtual Machine Protection with Symantec NetBackup 7 Overview There s little question that server virtualization is the single biggest game-changing trend in IT today. Budget-strapped IT departments are racing to embrace the promise of virtualization for

More information

Demystifying Virtualization for Small Businesses Executive Brief

Demystifying Virtualization for Small Businesses Executive Brief Demystifying Virtualization for Small Businesses White Paper: Demystifying Virtualization for Small Businesses Demystifying Virtualization for Small Businesses Contents Introduction............................................................................................

More information