«

»

Feb 25 2014

The importance of securing your virtual world

vm-thief3

Information security breaches are in the news a lot these days, but for many companies security doesn’t get the attention it deserves, until something bad happens. Let’s face it, implementing better security in a data center is a pain in the ass and inconveniences everyone from administrators to end users. Better security doesn’t make anyone’s job easier and as a result everyone tends to be resistant to it. But the reality is that unless you want to end up in the newspaper headlines you have to do it, and not just make a half-ass effort at it, you need to do it right and you also need to stay vigilant at it. Security isn’t something you do once and you’re done, it’s an ongoing job that requires discipline, time and effort to do.

Implementing virtualization makes security a more difficult job, not only do you have to secure the physical side of your data center but you also have to secure the virtual side. In a traditional non-virtualized environment implementing security was much simpler, adding virtualization to the mix makes it much more difficult and complicated as there are many more attack vectors that you need to protect. You would probably notice someone carrying a physical server out of your data center, but in a virtual environment whole servers can leave your data center in someones pocket, without them even entering your data center.

I did an article a while back for Tech Target, “How To Steal a VM in 3 Easy Steps” that described a simple scenario on how someone could make copy a VM and carry it home with them on a flash drive. From there they could easily power it on in their own environment and access the OS,  applications and data on it. To prevent this you need to start by following security best practices for virtualization and make sure you understand where the weak points are in your virtual environment and secure them properly.

The ESXi hypervisor has good built-in security but it’s easy to change settings to make administration easier that results in weakening it and opening up attack points into your virtual environment. VMware has just updated their Security of the vSphere Hypervisor white paper which provides a good overview of the security things that you need to know in vSphere, definitely give this a read. There are also a number of very good 3rd party virtualization security products from vendors like Catbird and HyTrust that can help provide an additional layer of security and monitoring to improve the security of your virtual environment. Also check out some of the security resources below:

2 comments

  1. Eric Wright (@DiscoPosse)

    Great summary Eric! This is a good roundup of information and often overlooked by many as something they need to be aware of.

  2. Ravi Kumar

    Great blog post, Thanks for the time in put this together.

Comments have been disabled.