VI. Hardening Steps to Secure Virtualisation Environment - Virtual Machine
by JUCC ISTF
/* The following article is extracted from the "Information Security Newsletter" published by the JUCC IS Task Force. */
Virtual machines are the containers in which guest operating systems and their applications run. In best practise, all virtual machines are isolated from one another. Virtual machine isolation is imperceptible to the guest operating system. This isolation enables multiple virtual machines to run securely while sharing hardware and ensures both their ability to access hardware and their uninterrupted performance.
1. Set the resource reservation and limits for each virtual machine - Resource reservations and limits can protect virtual machines from performance degradation if one of the virtual machines on the Server host is incapacitated by a denial-of-service or distributed denial-of-service (DoS) attack. It is because a resource limit on that machine prevents the attack from taking up so many shared hardware resources and hence minimize the interruption to other virtual machines.
2. Apply standard infrastructure security measures into virtual infrastructure - Common security measures such as antivirus agents, spyware filters, intrusion detection systems should be installed and kept up to date including patching in each virtual machine to minimize the general security risk.
3. Use native remote management services to interact with virtual machines - Since the VM console allows a user to perform a lot of operations such as power management, it can potentially allow a malicious attacker to bring down the virtual machine. Restricting the connection methodology to VM console by using native remote management services, such as terminal services and ssh only can reduce the possibility of attacks via console.
Reference:
http://xtravirt.com/xd10077
http://technet.microsoft.com/en-us/library/cc264467.aspx
http://download.microsoft.com/download/4/2/9/42995217-e85a-41e9-b530-375a10b800fa/TS_security.doc
http://technet.microsoft.com/en-us/library/cc264467.aspx
http://download.microsoft.com/download/4/2/9/42995217-e85a-41e9-b530-375a10b800fa/TS_security.doc