Oct 17, 2011 (04:10 AM EDT)
Virtualization Security Checklist

Read the Original Article at InformationWeek

1   2  
What's the most dangerous threat to your virtualized systems? Hint: it's not the latest zero-day exploit. The most pressing risk is IT staff who have full privileges in these systems.

Take the February 2011 attack by an IT employee who'd been laid off from a pharmaceutical company. The ex- employee logged in remotely and deleted virtual hosts that ran the company's critical applications, including email, financial software, and order tracking. The company sustained about $800,000 in losses from a few keystrokes, the FBI says.

We're not saying your administrators will go rogue, but our September 2010 survey on virtualization security found that access to virtualization systems is fairly widespread: 42% of respondents say administrators have access to guest virtual machines. It only makes sense to take precautions, such as security monitoring, so that one person, whether maliciously or inadvertently, doesn't bring down critical apps and services.

Virtualized systems make it harder to manage risk, but sensible security practices still apply. Here are four steps to help you protect virtual assets and respond to threats and incidents.

1. Secure Layers

Virtual environments are made up of layers, so you'll want to implement security controls at each layer within the virtual architecture, including controls that you already have in your environment. For example, at the virtual switch layer, redirect traffic out to a firewall or an intrusion prevention system to monitor traffic. Alternatively, use a virtual firewall within the VM cluster.

The primary virtual layers to address include the hypervisor and guest operating systems, the virtual network that connects VMs, the physical network, the virtualization management system, and physical storage of VM images.

2. Define And Document

You can't place security controls around elements you don't know are there. Thus, it's vital to have accurate, up-to-date information on your virtual environment. That means being able to identify the components in your virtual infrastructure. Make sure you document the primary functions of these components and their owners and administrators.

It's also critical to understand how data traffic flows through your infrastructure, because the type of data will determine which controls are needed. For example, most companies take extra steps to secure virtual database servers that store critical business data. However, your backups also have copies of this confidential data. Track data flows from start to finish to identify critical areas where additional security measures are needed.

How concerned are you about security?