VMware security is critical because VMware is the pre-eminent server virtualization platform. In TechTarget's Virtualization Decisions 2009 Purchasing Intentions Survey, for instance, 72.4% of respondents used a VMware environment as their server virtualization foundation.
While choosing the virtualization market leader brings benefits (i.e., an abundance of third-party products and informational resources), it also poses drawbacks. With a large installation base, for example, VMware environments are prime targets for hackers. As a result, any exploit found in VMware's code leaves countless data center infrastructures vulnerable to attack.
Don't be a victim. There are numerous ways to eliminate VMware security vulnerabilities and unauthorized access to your VMware environment. The following resources provide information on VMware security tools, third-party products and VMware security best practices.
Avoid high-risk data commingling with VMware virtual networks to prevent security vulnerabilities
With data commingling, different data packets run through a wire with spare bandwidth. This practice is not a VMware security concern per se when the data packets share the same security classification. It becomes a problem, however, when data from a hostile environment (e.g., a DMZ) commingles with packets from a secure zone (i.e., a production environment). Learn about proper setup for a VMware environment to prevent security threats from data commingling in this tip.
Preventing VMware virtual machine errors and security breaches
This tip delves into VMware security problems, such as virtual machine errors and security breaches in the layer between the VM and hypervisor. This layer consists of normal and paravirtualized drivers as well as the back door for VMware Tools to execute commands. You can be sure that wherever there is an interaction layer, hackers are researching and developing exploits that compromise virtual environments.
Preventing VMware driver-generated errors and VMware Backdoor misuse
Despite guidelines, benchmarks and security scripts, there will always be an interaction layer between the guest host and the hypervisor. Unless you take steps to harden this area, it will be big a large security vulnerability waiting to be exploited. This article discusses various configurations that enable a more secure interaction between the VM and hypervisor.
Preventing VMware ESX or ESXi network security breaches in DMZs
A demilitarized zone, or DMZ is a hybrid network rather than a single OS or virtual appliance. When placing a VMware host or VM inside a DMZ, be attuned to networking problems that can result. Find out which ESX or ESXi host networks should reside in the DMZ and which ones you can't afford to place in that hostile environment.
Assessing VMware ESX server security with TripWire ConfigCheck
If you want to audit ESX servers, consider TripWire ConfigCheck, a free application that identifies VMware security vulnerabilities. ConfigCheck will even provide instructions on how to fix weak spots in accordance to VMware's hardening guidelines. This tip will show you how to get the most out of TripWire ConfigCheck to secure your company's virtual investment.
VMware vShield Zones: What it is and how it works
VMware's answer to vSphere security concerns was vShield Zones, a virtual firewall that protects virtual machines and analyzes network traffic. For an in-depth look at vShield Zones and its capabilities, check out this SearchVMware.com article.
How VMware vShield Zones aids VM security, monitoring
VMware vShield Zones is a VMware security tool that allows users to monitor network traffic in virtualized environments. Additionally, vShield Zones permits administrators to segment users from sensitive data, as well as create security zones for regulatory compliance purposes. This tip explains how vShield Zones works and what you need to get it up and running.
Installing and configuring vShield Zones
The documentation for installing and configuring vShield Zones can be confusing. If you don't have the patience for reading through a text-heavy manual, check out this walkthrough on how to set up vShield Zones.
Quick tips for managing vShield Zones
If you decide to use VMware vShield Zones, be aware of its limitations. It's not as robust as VMware Data Recovery, for example, and there are some areas that can be tricky to configure. This tip by Eric Siebert highlights some of the trouble spots in vShield Zones and offers some pointers on how to navigate this VMware security tool.
Dig Deeper on Virtualization security and patch management