News Stay informed about the latest enterprise technology news and product updates.

Protecting virtual disk files from nosy admins

I recently came across an article revealing that 1 out of 3 IT administrators have used their elevated privileges to snoop on confidential information. It’s always possible to lock out administrators to sensitive data through operating system access controls, however, a virtual environment opens up other avenues for exposing sensitive data.

With physical servers, the task of imaging a server’s hard drive for offline examination is not always easy. An administrator of a virtual environment can easily and stealthily snapshot a virtual machine to temporarily suspend writes to disk file, make a file system copy of the VM’s disk file from the host server while it is running and then take that copy to a workstation where they can mount it and attempt to gain access to information to which they would normally not have access.

Either by mounting the disk file to an existing VM then adding an additional hard drive to access the information on the drive, or creating a new VM and mounting a live CD to utilize hacking utilities to defeat the operating system security, admins can bypass operating system level controls to gain access to the data simply by making a copy of the disk file and mounting it elsewhere .

Virtual servers open up additional attack vectors over physical servers, illustrating why proper security measures must be utilized to ensure that sensitive data is adequately protected in virtual environments. In addition to properly securing host servers, auditing and logging should also be in place to track all logins and activities on host servers. Administrators typically need access to sensitive data to be able to do there jobs but this access should be limited as much as possible to only what they actually need.

Many administrators snoop because they know they can get away with it. By restricting access and logging events, the 2/3rds of IT administrators who set the better example make snooping more difficult for nosey admins.

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

I do NOT believe that 1 in 3 Admins snoop.I think this author and the author of the original article need to do some real journalistic work. The survey was done by a compant (CyberArk) that sells products in the security space to 'solve' this issue. That makes me suspicious or both their methodology and results for this survey.
I never did say I thought 1 in 3 admins snoop, I simply referenced another article that mentioned it. As far as whether it is true or not I would say it is very difficult thing to measure as many admins would probably never admit it even if they did. The point of the article is on protecting virtual disk files which are another attack vector in virtual environments and not on whether or not 1 in 3 admins are actually snooping.