Step 5: Secure Your Platform Rootkit attacks are increasing. They are difficult to detect with traditional antivirus products and use various methods to remain undetected. Rootkit attacks infect system components such as hypervisors and operating systems, and the malware can operate in the background and spread throughout a cloud environment, causing increasing damage over time. The best way to secure your platform is to enable a trusted foundation—starting with a root of trust at the platform level and extending the chain of trust through measured firmware, BIOS, and hypervisor virtualization layers. A root of trust hardens the platform against attack and is extremely difficult to defeat or subvert and substantially reduces the security risks of using a remote or virtualized infrastructure. It enables a more secure platform for adding tenants and workloads. Essentially you build protection into your hardware to protect your software. A root of trust helps ensure system integrity within each system. Integrity checking is considered a key capability for software, platform, and infrastructure security.8 Intel Trusted Execution Technology (Intel TXT) checks hypervisor integrity at start-up by measuring the code of the hypervisor and comparing it to a known good value. Launch is blocked if the measurements do not match. The root of trust enables a trusted foundation within your cloud environment so you can: Specify trusted server pools. You can make decisions about how much to expose your data and workload based on whether a trusted pool is established. The most sensitive workloads should always use a trusted pool. Prove host software is good. Although the chain of trust is a hardware-based mechanism, you can use the integrity-checking data with Governance, Risk Management, and Compliance (GRC) or security information and event manager (SIEM) dashboards for audit purposes. Respond quickly to attack and minimize damage. Detect attacks more quickly, contain the spread of malware, and reduce the need to rebuild hypervisors if a compromise is detected. About Intel® TXT Intel® Trusted Execution Technology (Intel TXT) protects against malware, key stealth attacks, and other threats by: Establishing a root of trust Providing a launch environment signature to enable trusted software launch and execution Providing the trust foundation so that policy engines can restrict or allow virtual machine (VM) and data migration based on platform security profiles Providing the trust foundation to enable environment monitoring for auditing function tied to a root of trust Enabling an IT manager to verify that the specific physical machine in the cloud is running the expected operating system or hypervisor 8 Evolution of Integrity Checking with Intel® Trusted Execution Technology: An Intel Perspective. IT@Intel (2010). intel.com/content/www/us/en/pc-security/intel-it-securitytrusted-execution-technology-paper.html 15 Intel IT Center Planning Guide | Cloud Security
Cloud Computing Security Planning Guide - Page 0001.html
Cloud Computing Security Planning Guide - Page 0002.html
Cloud Computing Security Planning Guide - Page 0003.html
Cloud Computing Security Planning Guide - Page 0004.html
Cloud Computing Security Planning Guide - Page 0005.html
Cloud Computing Security Planning Guide - Page 0006.html
Cloud Computing Security Planning Guide - Page 0007.html
Cloud Computing Security Planning Guide - Page 0008.html
Cloud Computing Security Planning Guide - Page 0009.html
Cloud Computing Security Planning Guide - Page 0010.html
Cloud Computing Security Planning Guide - Page 0011.html
Cloud Computing Security Planning Guide - Page 0012.html
Cloud Computing Security Planning Guide - Page 0013.html
Cloud Computing Security Planning Guide - Page 0014.html
Cloud Computing Security Planning Guide - Page 0015.html
Cloud Computing Security Planning Guide - Page 0016.html
Cloud Computing Security Planning Guide - Page 0017.html
Cloud Computing Security Planning Guide - Page 0018.html
Cloud Computing Security Planning Guide - Page 0019.html
Cloud Computing Security Planning Guide - Page 0020.html
Cloud Computing Security Planning Guide - Page 0021.html

A javascript error just appeared or you do not have installed a Flash Player plugin in your browser.

Prestimedia, your interactive publications solution provider, invites you to download the latest Adobe Flash plugin by clicking here

This e.print interactive catalogue is made by Prestimedia