Tresys VM Fortress is a Linux desktop lockdown package and flexible tool that gives administrators the ability to configure Red Hat Enterprise Linux (RHEL) version 4 or 5 systems and make them more secure. Using the power of SELinux and virtual machines, VM Fortress allows administrators to provision and secure “sandboxes” unlike other lockdown products. Sandboxes may be pre-loaded with one or more virtual images, or the end user can be given the ability to instantiate VMs within sandboxes at run-time. Security is also provided when using sandboxes includes cut and paste between VM sessions and access to shared folders. Other system information may also be configured, including user names and passwords. Additional control features include network connections / configurations, access to local folders, USB and removable media device access, and application permissions.
VM Fortress Design
VM Fortress Client Interface
VM Fortress Deployment Management
VM Fortress Admin Interface
Click to enlarge
- Enables flexible lockdown of system functions such as network access, local folders, external devices, and applications
- Provides virtual machine lockdown and inter-VM resource sharing lockdown
- Available for Red Hat Enterprise Linux v5 - 32 & 64 bit x86
- Currently works with VMware Workstation v6 & Player v2 for systems requiring lockdown of virtual machines
- Provides reporting mechanism for user logs and security actions
- Tier three support included
- Administrator and engineering support training available
- Advanced Security · Leverages proven security components that meet DCID 6/3 PL4 requirements using the flexible mandatory access control (MAC) via Security Enhanced Linux (SELinux)
- Unmatched Virtualization Security · VM Fortress confines virtual machines in a strong sandboxing mechanism. This strong, independent control over system resources strictly limits what each virtual machine can access, stopping exploits that virtualization alone cannot
- Ease of Use · Administrators may lockdown the system and/or set up secure virtual machine 'sandboxes' with pre-set security configurations. It also allows for a locked down, simplified user experience upon startup, requiring no interaction with the host OS
- Flexible Deployment · To any endpoint from kiosk-mode workstations, to hardware-sharing ISPs, to secured test environments, administrators can easily deploy locked down systems and instantiate virtual machines in specific sandboxes or let the users select from a list to instantiate them dynamically at-will
1. What does VM Fortress do that is different from other lockdown solutions?
- The unique feature of VM Fortress is an architecture that focuses on providing security among multiple virtual machines --- ensuring separation between the machines while permitting customizable control over the sharing of certain resources. VM Fortress enables sandbox protection of virtual machines to an unequalled degree. Unlike other lockdown solutions that focus simply on the standalone configuration of a server, VM Fortress recognizes the virtualization of the server domains, and permits enterprise architects the flexibility to exploit the benefits of virtualization while retaining sufficient assurance to meet enterprise requirements.
2. Are there different versions available?
- Tresys offers both server and desktop licenses for VM Fortress. While the technology is similar, the licensing programs are different and enable cost-effective deployment of the software of individual workstations.
3. Are there support services available to help customize VM Fortress?
- Tresys is able to provide a wide range of consulting services to assist architects in making the best use of VM Fortress in their solution, up to and including complete customization of the software for a unique situation.