When it comes to securing virtual environments, you have to take different measures from those for traditional physical security.
With virtual security, new attack vectors –that is, the means by which a hacker gains control of a server OS — must be protected to prevent breaches. Because of these vectors — and thus risks — virtual security requires you to secure the host and each virtual machine (VM).
In this tip, we cover the kinds of attacks you should be concerned about as you develop a virtualization security strategy as well as considerations and best practices for the various components of your infrastructure.
Physical security
There are many physical attack vectors, from physical consoles to a guest OS to the applications that run on an OS. To secure a physical system, you must have a locked data center that restricts access to the console. Next, you secure the operating system and applications, and finally, you implement security controls — such as a firewall — at the network layer. With virtual security, these breaches still apply, but there are other avenues by which an attacker can gain access to a VM.
Read the full article at searchservervirtualization.com (Part 1 of a 2-part article)
Also read Part 2: Virtual network security best practices