We had already gone through how virtualization works and the benefits it provides in an earlier blog, ‘Server Virualization Simplified’, in June 2011. Now let us find out how to secure a virtualized environment.
NIST (National Institute of Standards and Technology – an agency of the US Department of Commerce), whose security guidelines for Information Security are widely acclaimed and followed, has prescribed a special publication 800-125 for securing virtualized environments. Gist of the NIST guidelines is given below. Readers may refer to the above mentioned guidelines to know more about each of the following recommendations.
1. Host OS and Guest OS should be secured as per the organization’s security policy and procedures relating to that OS. Best security practices relating to patch management, securing configuration baselines, anti-virus software, etc should be implemented.
2. Application level controls should be implemented on all the applications hosted in the Guest OS.
3. Hypervisor specific security measures:
a. Latest software patches relating to the hypervisor should be applied. Unused virtual hardware and unneeded hypervisor services should be disabled.
b. Physical controls should be applied to the hardware hosting the hypervisor.
c. Access to virtualization management systems should be restricted to only authorized administrators through secure logins.
d. Ensure that the virtualization software is capable of monitoring communications between guest OS within the Host OS.
On a reading of the above. one may observe that most of the security measures are familiar. It is true, except that one should not stop with securing the host OS alone but also secure all the components of the virtual environment including the guest OS, hypervisor and the resident applications.
Comments are closed.