5 tips to audit and improve virtual server security
Carol Sliwa |
May 12, 2008
Here is a five-step checklist when securing a virtual server environment.
1. Conduct a full risk assessment to understand how resources have been separated and aggregated."Don't forget what you've learned about risk management and configuration," advises Pete Lindstrom, an analyst at Burton Group. "There's not a whole lot that has changed drastically, except it's sort of mind-expanding to consider the notion that a physical host has an entire network segment sitting inside it. That means you need to evaluate the configurations of the virtual machines themselves. Do that the same way you do any other configuration audit." 2. Validate the process for creating, deploying, managing and making changes to virtual machines.This is particularly important now that steps such as procuring hardware, loading the operating system, testing and arranging for rack space are no longer required, says John Pescatore, an analyst at Gartner. "It's very important that virtual machines don't necessarily belong to one group within an organization," adds Standard Insurance's Love. "From a security standpoint, it helps having a dialog with the people administering the systems and the network group to understand what's changing in the virtual environment."Citing an example of a potential problem, he adds, "You could have a virtual machine come up and be taken offline before you run your scans."3. Securely configure the virtualization layer and keep patches up to date."Read the hardening guidelines as a starting point to develop a baseline and then audit against that to ensure the security of the virtualization layer hasn't drifted," advises Neil MacDonald, an analyst at Gartner. Tools from vendors such as Configuresoft and Tripwire can help with configuration, MacDonald says. 4. Secure the internal virtual switch inside the virtual server. Weigh the need for additional controls such as a virtual firewall or virtualized intrusion protection system."You have to pay attention to how your VMs are communicating with each other and with the outside world, and that means through the virtual switch infrastructure on the physical box," said Lindstrom. "You have to pay attention to the configuration of those switches and the movement of traffic and the accessibility to that traffic, from VM to VM and from VM to external devices."5. Exert tight controls on access to the service console and management tools.You want to thoughtfully control access to consoles and tools, and their equivalents in other environments. Best practice calls for management tools to run on a separate network."This will make sure the virtual machine cannot snoop into the traffic that your management console is having with the servers to control them," says VMware's Mulchandani. "It's almost like tapping into someone else's phone.""Most security problems in the virtual world will be introduced through misadministration, mismanagement or just plain old mistakes," says MacDonald. "The fact that we have to use different tools in the physical world than in the virtual world compounds that problem."