What special steps do you take to ensure network security in a virtual environment?

lbloom

Virtualization makes some things easier in life, but introduces new security issues as well. VMs can be in any location, and out of sight can mean out of control. It was easier when you could walk across an office and lay hands on an individual stationary machine. What special steps do you take to ensure network security in a virtual environment?

Answer this Question

Answers

1 total
jimlynch
Vote Up (23)

Hi lbloom,

Here's a PDF file from the National Institute of Standards and Technology. It's a guide to security for virtualization technologies. It's free and I think it might answer some of your questions and help you develop your own security guidelines and practices.

Guide to Security for Full Virtualization Technologies
http://csrc.nist.gov/publications/nistpubs/800-125/SP800-125-final.pdf

"The recent increase in the use of full virtualization products and services has been driven by many
benefits. One of the most common reasons for adopting full virtualization is operational efficiency:
organizations can use their existing hardware (and new hardware purchases) more efficiently by putting
more load on each computer. In general, servers using full virtualization can use more of the computer’s
processing and memory resources than servers running a single OS instance and a single set of services. A
second common use of full virtualization is for desktop virtualization, where a single PC is running more
than one OS instance. Desktop virtualization can provide support for applications that only run on a
particular OS. It allows changes to be made to an OS and subsequently revert to the original if needed,
such as to eliminate changes that negatively affect security. Desktop virtualization also supports better
control of OSs to ensure that they meet the organization’s security requirements.

Full virtualization has some negative security implications. Virtualization adds layers of technology,
which can increase the security management burden by necessitating additional security controls. Also,
combining many systems onto a single physical computer can cause a larger impact if a security
compromise occurs. Further, some virtualization systems make it easy to share information between the
systems; this convenience can turn out to be an attack vector if it is not carefully controlled. In some
cases, virtualized environments are quite dynamic, which makes creating and maintaining the necessary
security boundaries more complex.

This publication discusses the security concerns associated with full virtualization technologies for server
and desktop virtualization, and provides recommendations for addressing these concerns. Most existing
recommended security practices remain applicable in virtual environments. The practices described in this
document build on and assume the implementation of practices described in other NIST publications."

Ask a question

Join Now or Sign In to ask a question.
Hewlett Packard has unveiled enterprise-class flash-driven storage that is cheaper than traditional storage workloads.
VMware started patching its products against the critical Heartbleed flaw that puts encrypted communications at risk, and plans to have updates ready for all affected products by Saturday.
Running Windows XP in a virtual machine is a safe way to continue using it once support ends. Here's how to do just that.
VMware is about to release a new version of its Horizon VDI (virtual desktop infrastructure) software that will allow administrators to manage VDI and non-VDI deployments in a unified manner, by using multiple VMware technologies.
Greenpeace has marked Google, Apple, and Facebook as the cleanest datacentre operators for transparency, policy, efficiency, and advocacy in its most recent Clicking Clean report, published this month.
Citrix has partnered with Google to deliver business-critical Windows apps to Google Chromebooks, and has already pulled in major clients, such as Woolworths.
IBM has won a five-year contract to manage Coca Cola Amatil's (CCA) mission-critical SAP infrastructure on its private Cloud hosted in its Sydney datacenter.
The focus in SDNs and programmable networking is shifting to application policy, an area where vendors can instill their unique architectures and maintain customer dependency.
Hypervisors that virtualize the compute, networking and storage tiers provide a unique platform for enforcing security policies, VMware executives argued this week at Interop.
Amazon Web Services hopes to entice more Hadoop users to its Elastic MapReduce service with new virtual servers, one of which has 262GB of memory and 6.4TB of storage for big-data analytics.
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+