IT Reseller Takeaway: Securing a virtual machines (VM) requires that you understand which web server security threats are specific to the virtual world and which measures you would implement on a physical server. You can provide this service to your customers by knowing how to assess the risk unique to virtualization and understanding which permissions are necessary. This tip, excerpted from our sister site SearchServerVirtualization.com, will get you started.
Bulletproofing a virtual machine requires that you assess the potential security vulnerabilities that are relevant to a particular host and guest OS. Questions to ask include the following:
- Does the guest of host contain sensitive information, such as logon details or sensitive data? If so, how is this information protected?
- Does the VM have access to the Internet?
- Can the VM access other production computers?
- Is the guest OS running a supported operating system version?
- Are host and guest OSes updated automatically?
Answering each question can help clue you in to issues that may need to be addressed.
A fundamental aspect of maintaining security is to provide users and systems administrators with the minimal permissions they need to complete their jobs. Figure 1 provides an overview of the types of permissions that should be configured.
Figure 1: Types of permissions to consider when securing virtualization
On virtualization hosts only certain staff members should be able to start, stop and reconfigure VMs. It's also important to configure virtual applications and services using limited system accounts. Finally, you should take into account the real requirements for VM configurations.
Read this tip in its entirety at SearchServerVirtualization.com