More companies are embracing the virtualization model as a way to reduce costs and many are turning to VMware virtualization options. However, companies need to be cautious with virtualization, as the technology could open up new threat and security vulnerabilities.
The risk of using a virtual machine (VM)
Here are some ways companies can improve the security of their VMware implementations.
Secure the ESXi host
The ESXi host is single point entry to control the entire VM Infrastructure. Authorized users can access almost anything in the system. Lockdown mode can help secure the ESXi host access levels by limiting access and restricting remote login capability. Companies should also configure the firewall rule to restrict access to the host, thus limiting the traffic. Organizations might also want to consider integrating Active Directory for access management because the VMware operating system is compiled as a file. An undetected intruder with access to the system could steal data by copying the VM file.
Review the network security
VMs plugged onto the corporate network are susceptible to the same types of threats as physical machines. Conversely, VMs configured on virtual switches have an additional level of security with virtual LANs (VLANs).
Companies can also segment the network so that two machines cannot communicate with each other unless they are on the same VLAN. To further isolate the network, use dedicated physical network adapters, which can reduce the chance of a network attack. To filter out the unwelcome network traffic, organizations can configure a basic firewall configured to keep network intruders at bay. They can also use the built-in firewall hosted on the ESX server to further restrict traffic. VM zone isolation provides an additional safety-net by separating the VMs and preventing viruses from spreading to other VMs.
Add access management
User access management is a pain point for most companies. In most organizations, access management goes awry because companies haven't formalized account governance and no one is monitoring the access rights.
Privilege accounts are sweet spots for the hackers to gain control of the VMware infrastructure. Integrating Active Directory can centralize user account management, but this should be in tandem with a stringent group policy regarding unwanted services and applications. Using built-in password features, such as password aging and password complexity, can further strengthen the access rights. Also consider limiting ESX system root access to root users, which restricts access to all the VMs, resource pools and servers to only those users with a specific role.
Logging is extremely important when it comes to detecting nefarious activities on the VMware infrastructure. As logs grow, it becomes a daunting task for security administrators to review them. Logging the right components can help security and the IT administrators avoid security issues. Here is the list of components that you can log:
- VMs hosted on ESX servers
- The ESX server and ESXi host
- User authentication logs
A more practical approach is to collate the logs centrally in a Syslog server. Be careful to restrict access on this log server. To analyze the logs for anomalies and threats, consider using a log correlation engine.
This was first published in April 2013