Bulletproofing a virtual machine requires that you assess the potential security vulnerabilities that are relevant to a particular host and guest OS. Questions to ask include the following:
- Does the guest of host contain sensitive information, such as logon details or sensitive data? If so, how is this information protected?
- Does the VM have access to the Internet?
- Can the VM access other production computers?
- Is the guest OS running a supported operating system version?
- Are host and guest OSes updated automatically?
Answering each question can help clue you in to issues that may need to be addressed.
A fundamental aspect of maintaining security is to provide users and systems administrators with the minimal permissions they need to complete their jobs. Figure 1 provides an overview of the types of permissions that should be configured.
Figure 1: Types of permissions to consider when securing virtualization
On virtualization hosts only certain staff members should be able to start, stop and reconfigure VMs. It's also important to configure virtual applications and services using limited system accounts. Finally, you should take into account the real requirements for VM configurations.Read this tip in its entirety at SearchServerVirtualization.com
This was first published in June 2007