What special steps do you take to ensure network security in a virtual environment?

lbloom

Virtualization makes some things easier in life, but introduces new security issues as well. VMs can be in any location, and out of sight can mean out of control. It was easier when you could walk across an office and lay hands on an individual stationary machine. What special steps do you take to ensure network security in a virtual environment?

Answer this Question

Answers

1 total
jimlynch
Vote Up (26)

Hi lbloom,

Here's a PDF file from the National Institute of Standards and Technology. It's a guide to security for virtualization technologies. It's free and I think it might answer some of your questions and help you develop your own security guidelines and practices.

Guide to Security for Full Virtualization Technologies
http://csrc.nist.gov/publications/nistpubs/800-125/SP800-125-final.pdf

"The recent increase in the use of full virtualization products and services has been driven by many
benefits. One of the most common reasons for adopting full virtualization is operational efficiency:
organizations can use their existing hardware (and new hardware purchases) more efficiently by putting
more load on each computer. In general, servers using full virtualization can use more of the computer’s
processing and memory resources than servers running a single OS instance and a single set of services. A
second common use of full virtualization is for desktop virtualization, where a single PC is running more
than one OS instance. Desktop virtualization can provide support for applications that only run on a
particular OS. It allows changes to be made to an OS and subsequently revert to the original if needed,
such as to eliminate changes that negatively affect security. Desktop virtualization also supports better
control of OSs to ensure that they meet the organization’s security requirements.

Full virtualization has some negative security implications. Virtualization adds layers of technology,
which can increase the security management burden by necessitating additional security controls. Also,
combining many systems onto a single physical computer can cause a larger impact if a security
compromise occurs. Further, some virtualization systems make it easy to share information between the
systems; this convenience can turn out to be an attack vector if it is not carefully controlled. In some
cases, virtualized environments are quite dynamic, which makes creating and maintaining the necessary
security boundaries more complex.

This publication discusses the security concerns associated with full virtualization technologies for server
and desktop virtualization, and provides recommendations for addressing these concerns. Most existing
recommended security practices remain applicable in virtual environments. The practices described in this
document build on and assume the implementation of practices described in other NIST publications."

Ask a question

Join Now or Sign In to ask a question.
Big Switch Networks this week is unveiling an SDN controller designed to bring Google-like hyperscale networking to enterprises.
Breaking up is hard to do, but could a split be in store soon for EMC and VMware?
ONUG also forms use case working groups for WANs, overlays and services virtualization.
The latest release of Oracle's software for managing virtual machines offers the same set of features to Sparc users as to those who manage virtual machines on x86 servers.
VMware is for the first time inviting anyone to beta test the next version of vSphere, the company's virtualization platform.
Oracle has just released its Communications Application Orchestrator designed to address the Network Functions Virtualization (NFV) requirements for communications service providers. Virtualized infrastructures are increasingly popular, both in the enterprise and in service provider infrastructures. Oracle's new solution is also designed to work with Oracle Communications Core Session Manager, a solution that helps CSPs virtualize network infrastructures to support NFV efforts.
Pluribus Networks lets Arrow spearhead server/switch hardware sales while it focuses on network hypervisor software.
PLUMgrid brings cloud networking to OpenStack, lands another $16M in funding and wins over Swisscom.
Some developers have turned to MIDI devices, for fun or relief, to write software
As if tracking down bugs in a complex application isn't difficult enough, programmers now must worry about a newly emerging and potentially dangerous trap, one in which a program compiler simply eliminates chunks of code it doesn't understand, often without alerting the programmer of the missing functionality.
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

randomness