Virtualization Security 101

Virtualization Security 101By Brian Prince

Virtualization Security 1011. Segment Virtual MachinesIt’s a good idea to segment VMs (virtual machines) according to the information they handle and their use. (As a general rule, separating resources reduces risk). Any VMs connected to a common network can fall victim to attacks from other VMs on the network. Segregating groups of VMs on their own network segments reduces the danger of data leaks in the event of an attack.

Virtualization Security 1012. Implement Change-Control ProcessesVirtualization can break down the separation of duties, as the virtual-center administrator can potentially create and deploy an unlimited number of virtual machines without the outside authorization governing physical servers. Security pros recommend that organizations audit virtual infrastructures for anomalies and enforce change control with an eye toward managing the VM life cycle and preventing VM sprawl.

Virtualization Security 1013. Lock Down Standard ImageWith a locked-down standard image, you can help ensure that VMs have a known level of security. In a recent article, Matasano security analyst Thomas Ptacek recommended that organizations have one base-line Windows server installation or Linux build that is configured with maximum security controls and as small a footprint as possible.

Virtualization Security 1014. Ensure Visibility into the Virtual EnvironmentAs with your physical network, virtual environments require continuous monitoring. This means having the right tools to analyze traffic across the network and among virtual machines, an area of growing interest for security vendors such as Altor Networks and Montego Networks. In addition, there’s VMware’s recently announced VMsafe, which integrates into the hypervisor to provide third-party security vendors visibility into VM operations.

Getting Virtualization Right-