I’ve just gone thru an interesting article about security and virtualization.
Chris Farrow, vice president of market strategy at Configuresoft says “Virtual networks have all of the security vulnerabilities of physical networks, plus some unique ones.”.
The unique one is the hypervisor layer from my PoV. Apart that nothing new regarding security!
You apply the same set of tools, techniques and appliances whether you protect physical or virtual machines.
William Jackson, the author of the article, says: “As with many technologies, virtualization’s features have outpaced security, and vendors are now trying to catch up.”
And to catch up, security folks of any company should meet up with IT guys to modify existing ‘checklists’. Again nothing new to build up from scratch!
“There was no industry guidance on how to secure this technology,” Chris Farrow said.
Best to follow the existing rules, you secure the hosts and the guests as you would do for physical servers.
For example, no root access to the hosts but you SU in, disable telnet, use VLANs to contain virtual networks, install an AV, turn on built-in firewall, patch the OS, etc… This is known guidance, nothing new!
IBM says: “…securing a virtual world is not that difficult”
True, don’t be fooled by all the buzz around virtualization. It won’t break all our guidance and best practices, we just have to adapt them a bit.
The full article here