Security threats and solutions in virtualization
- ConsenSys and AMD develop blockchain-based cloud computing infrastructure
- Google Drive, Apple iCloud and Dropbox: Which is the best cloud storage?
- Benefits of ERP technology in cloud computing
- 5 reasons why enterprises should use cloud computing
- The combination of cloud computing and virtual private network
- Microsoft arrangements to utilize ARM chips for cloud computing
- Cloud computing - A simple explanation
- Adobe earns big on 'the cloud'
- New Window Server: Breakthrough on cloud security (Part 2)
- New Window Server: Breakthrough on cloud security (Part 1)
Virtualized world is having so much progress, and organizations have seen a lot of compelling reasons from virtualization: the coefficient as server consolidation, bills of electricity, faster hardware and ease of use... All of them makes virtualization become much more attractive than ever. In some organizations the virtualization has become a large part of the infrastructure. Once again technology has outrun the best practices of security.
The virtualized environment will gradually become more popular as business solutions provide continuity and disaster recovery, typical in the financial sector. This is entirely appropriate because some solutions are within the environment "direct sale" and are often overlooked in the process of protecting the security and upgrades.
Pitfalls when working with virtual environments:
- If the host is bargained, it can influence the customer that the server has been arranged on the host.
- If the virtual system is traded off, the customer is likewise bargained.
- Client shares and host offers should be ensured in light of the fact that these shares can be misused in both cases. Could conceivably bring about the document being duplicated to share that organizer brimming with drive.
- If the host has an issue, all the virtual machine will quit working.
- Virtual machines are regularly felt to be second grade machines when they have similar qualities and the usage of a comparable path to the physical machine. In the following couple of years there will be a few contrasts between virtual machines and physical machines.
- Least benefit is a strategy that is by all accounts overlooked with regards to the field of virtualization. This procedure lessens the assault surface and ought to be utilized as a part of the virtual environment and the physical environment.
What you can do to better protect virtual server environments:
- Upgrading the operating system and applications; this should be done on all the virtual machine and on the host. The application server should be kept to a minimum, just install what you really need.
- Firewall each virtual computer together, this will isolate virtual machines and ensure that only the procedure was authorized can perform.
- Isolate the servers to each other and the host: Isolation should be looked at in every way possible.
- Install and update antivirus software on virtual machines and hosts, virtual machines can also be infected by viruses and worms just like physical machines.
- Use IPSEC or strong encryption between host and virtual machines: traffic between virtual machines and the host can be adjusted. The best action is the communication between the machines need to be encrypted.
- Do not browse the Internet from the host computer, spyware and malware that could infect the host machine. You need to remember that the host machine to manage virtual machines and problems occur on Virtual Machine Hosts can lead to serious problems and loss of services.
- Secure the Administrator and the administrator account on the host machine: access to elevated accounts by unauthorized users can lead to many significant security vulnerabilities. Research has shown that the Administrator account (root) on the host computer a lot less secure than a virtual machine, or the account and password of the machine in the physical network.
- Fixed the host operating system and stop or disable unnecessary services. Keep compact operating system to ensure the attack surface is minimized smallest.
- Turn off unused virtual machines without really needs it.
- Closely associated virtual machines into an enterprise security policy, although we have the matter of virtual machines.
- Secure the host computer to ensure that when the virtual machines offline for users unauthenticated will not interfere in this virtual machine files.
- Solution isolation processes like the Hyper Visor type implementation is also good, the system is further isolating the environment will be better protected.
- Ensure that the host drivers are upgraded: this will ensure your hardware runs at optimal speed, but more importantly it is the latest software upgrade will ensure that the errors of the old driver software bad guys exploit was patched in time.
- Disable hardware port technology for each VM if not used: technology like USB should be disabled for each VM if the VM environment does not use port technology.
- Check the event log and security events on the host machine and the virtual machine. The test is often ignored in the virtual machine environment, the reason may be related to host-based testing is done by the virtualization software. These records should be stored in an archive logs to their safety is protected and can assess later on.
- In future opt for flash storage for hyper visor software, magnetic media not only have a certain shelf life but also leads to security vulnerabilities.
- Limit and reduce sharing of hardware resources. Security and resource sharing should not go at the same time. Data gaps is one of the few issues but DoS can occur when resources are shared and locked by switching to virtual machines. Because virtual machines share the CPU, RAM, hard drives and other resources so we need to manage resources carefully to ensure the availability of services.
- Make sure the network interface card dedicated to each virtual machine. This can alleviate the problem of sharing resources, ensuring that traffic destined for the organization and from the virtual machine has some isolation.
- Investments in hardware suitable for the purpose and that is knowledge of the virtual machine. Hardware not built to support virtual machines will not be good.
- Partitions create disk boundaries can be used to segregate and secure each virtual machine on their dedicated partition. If a virtual machine beyond the normal limits dedicated partitions will limit the impact on other virtual machines.
- Ensure that the virtual machine is not connected to each other if they are not necessarily connected. Network isolation is an important issue has been introduced above. With this virtual machine communication should use a separate network card on a different network address range, this is a safer way to promote communication traffic between virtual machines on the network was exposed.
- Manage remote access to virtual machines, and especially to the host machine.
- Make sure that the host computer represents a point of failure, technologies like replication and continuity will help reduce the risks.
- Avoid sharing IP addresses.
By: Jimmy Saunders