VMware ESX Insider Attack: Risks of Admin Access Abuse by IT Staff

The VMware ESX hypervisor could let IT staff steal sensitive data by abusing administrative access, particularly if customers fail to implement role-based access controls, the security vendor BeyondTrust argued last week at VMworld. IT staff with root access to VMware ESX can steal virtual machine disk files and then erase log files and other traces of the illicit activity by manipulating the service console, a Linux-based instance that manages the VMware hypervisor, BeyondTrust says. This could make it easy to steal medical records, financial data, or any other files tied to virtual machines, says Jordan Bean, principal systems engineer for BeyondTrust. Bean provided a demonstration of this type of attack on the VMworld conference exposition floor.

The link for this article located at Network World is no longer available.