Virtualization Security 101

 
 
By Brian Prince  |  Posted 2008-07-02
 
 
 

Virtualization Security 101

By Brian Prince

Virtualization Security 101

By Brian Prince

 

Virtualization Security 101

Virtualization Security 101 - Segment Virtual Machines

Virtualization Security 101

1. Segment Virtual Machines

It's a good idea to segment VMs (virtual machines) according to the information they handle and their use. (As a general rule, separating resources reduces risk). Any VMs connected to a common network can fall victim to attacks from other VMs on the network. Segregating groups of VMs on their own network segments reduces the danger of data leaks in the event of an attack.

Virtualization Security 101 - Segment Virtual Machines

Virtualization Security 101 - Implement Change Control Processesr

Virtualization Security 101

2. Implement Change-Control Processes

Virtualization can break down the separation of duties, as the virtual-center administrator can potentially create and deploy an unlimited number of virtual machines without the outside authorization governing physical servers. Security pros recommend that organizations audit virtual infrastructures for anomalies and enforce change control with an eye toward managing the VM life cycle and preventing VM sprawl.

Virtualization Security 101 - Implement Change Control Processesr

Virtualization Security 101 - Lock Down Standard Image

Virtualization Security 101

3. Lock Down Standard Image

With a locked-down standard image, you can help ensure that VMs have a known level of security. In a recent article, Matasano security analyst Thomas Ptacek recommended that organizations have one base-line Windows server installation or Linux build that is configured with maximum security controls and as small a footprint as possible.

Virtualization Security 101 - Lock Down Standard Image

Virtualization Security 101 - Ensure Visibility into the Virtual Environment

Virtualization Security 101

4. Ensure Visibility into the Virtual Environment

As with your physical network, virtual environments require continuous monitoring. This means having the right tools to analyze traffic across the network and among virtual machines, an area of growing interest for security vendors such as Altor Networks and Montego Networks. In addition, there's VMware's recently announced VMsafe, which integrates into the hypervisor to provide third-party security vendors visibility into VM operations.

Virtualization Security 101 - Ensure Visibility into the Virtual Environment

Virtualization Security 101 - See More Slideshows Like This One

Rocket Fuel