Wednesday, September 22, 2010

HyperSentry

HyperSentry is a technology that uses IPMI to allow an out-of-band method for checking hypervisor integrity.

IPMI is a backdoor to the system, so it is something that has to be managed carefully. When I did pen-testing I often found that it was not secured properly. That said, it is a very interesting idea.

I think the hardware "root-of-trust" technology: that has been developed by AMD and Intel is also interesting

I think we will see availability of tools, including Catbird, where a combination of these technologies is built-in to the system. I do have to point out that IPMI based checks have been possible for years and yet no one has touted them as a solution for detecting conventional rootkits. I've learned that anything with "IBM" in the release has a certain amount of FUD factor and it may be a year or longer before we see a real capability that can be built into a product.

Perhaps the broader implication is that work like this is common on open-source hypervisors and is much harder to perform on proprietary systems.

No comments: