Tip

Virtual machine security best practices

IT Reseller Takeaway: Securing a virtual machines (VM) requires that you understand which web server security threats are specific to the virtual world and which measures you would implement on a physical server. You can provide this service to your customers by knowing how to asses the risk unique to virtualization and understanding which permissions are necessary. This tip, excerpted from our sister site SearchServerVirtualization.com, will get you started.

Bulletproofing a virtual machine requires that you assess the potential security vulnerabilities that are relevant to a particular host and guest OS. Questions to ask include the following:

  • Does the guest of host contain sensitive information, such as logon details or sensitive data? If so, how is this information protected?
  • Does the VM have access to the Internet?
  • Can the VM access other production computers?
  • Is the guest OS running a supported operating system version?
  • Are host and guest OSes updated automatically?

Answering each question can help clue you in to issues that may need to be addressed.

A fundamental aspect of maintaining security is to provide users and systems administrators with the minimal permissions they need to complete their jobs. Figure 1 provides an overview of the types of permissions that should be configured.

Figure 1: Types of permissions to consider when securing virtualization

    Requires Free Membership to View

On virtualization hosts only certain staff members should be able to start, stop and reconfigure VMs. It's also important to configure virtual applications and services using limited system accounts. Finally, you should take into account the real requirements for VM configurations.

Read this tip in its entirety at SearchServerVirtualization.com

This was first published in June 2007

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.