This Content Component encountered an error

Five virtual sever security oversights that can paralyze a data center

Failing to define and enforce some simple virtual server security policies can leave your infrastructure battered and broken.

As virtualization began to gain traction among enterprise IT, many security experts raised alarm at what they considered to be new potential risks. Virtualization broke many traditional security and compliance rules, but all but the most stringent critics agreed its benefits outweighed the potential risks.  Today, hypervisor updates and virtualization-focused security products have improved virtual machine security, but many security challenges remain. Let's take a look at five common virtual server security oversights you should keep your eye on.

1. Valuing ease of use over security

One of the prime advantages to virtualization is the flexibility and management benefits it offers. But, easier management can sometimes mean a less secure virtual infrastructure. For example, VMware offers many configuration options that may make administration easier, but could hurt security. It's also important not to blindly trust default settings and to consider performing a security hardening review. Some VMware vSwitch settings, for example, default to options that may make management features easier to use, but could open the door to potential attackers.

2. Failing to manage roles and permissions

Choosing to relax some settings to improve management is one thing, but failing to restrict access and permissions to users who don't need it can raise unnecessary security risks. It's all too easy to give low-level staff or junior administrators full administrative rights rather than spend the time to define more specific privileges. In most cases, it's best to start by giving a user no permissions and work to identify what to add rather than work backward.

3. Overlooking resource controls

One of the chief risks to any virtual infrastructure is that workloads are not physically separated. When VMs rely on the same host, a problem with one can extend to the others. Putting limits on VM resources is a simple task that will prevent one VM from starving other -- possibly more important -- VMs or critical resources.  But, don't just focus on limiting CPU and memory access. Storage and network I/O controls can prevent internal problems that could mimic a distributed-denial-of-service attack.

4. Delaying patches or not keeping a maintenance schedule

Maintenance and security patching aren't exciting and can require momentary service disruptions that make end-users unhappy, but they're critical to keeping your infrastructure up-to-date with the latest known security fixes. Just one VM missing a patch can put an entire virtual infrastructure at risk. Nearly everyone has heard about Microsoft's Patch Tuesday, but many VMware administrators don't keep regular maintenance schedules or delay important security patches.

5. Losing sight of drift and configuration changes

Like physical environments, security in a virtual infrastructure is often a matter of defining and adhering to company policies. But over time, small configuration changes can cause you to slowly drift out of compliance. The trick is creating a system -- or turning to a configuration tool -- that checks to make sure a virtual machine's configuration is maintained through its lifecycle.

This was first published in March 2014

Dig deeper on Server virtualization risks and monitoring

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Related Discussions

Nick Martin asks:

What challenges do you have with virtual server security?

0  Responses So Far

Join the Discussion

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchVMware

SearchWindowsServer

SearchCloudComputing

SearchVirtualDesktop

SearchDataCenter

Close