-
Upgrade operating systems and applications; This should be done on all virtual machines and on hosts. Master applications need to be kept to a minimum, just need to install things that are really needed.
-
Firewall between virtual computers together, this will isolate the virtual machine and ensure that only authorized procedures can be performed.
-
Security and virtualization Picture 1 Separating servers from each other and with the host: Isolation should be considered in each way if possible.
-
Installing and upgrading antivirus software on virtual computers and hosts, virtual computers can also be infected with viruses and worms like physical machines.
-
Using IPSEC or strong encryption between hosts and virtual computers: traffic between virtual machines and hosts can be adjusted. The best action is that communication between machines needs to be encrypted.
-
Without browsing the Internet from host machines, spyware and malware can still be infected on host machines. You need to remember that host machines that manage virtual machines and problems appear on Virtual Machine Host can also lead to serious problems and service losses.
-
Protecting Administrator and admin accounts on the host machine: accessing high-level accounts by unauthorized users can lead to significant security holes. Research has shown that the Administrator (root) account on the host machine is much less secure than the virtual machine or the computer accounts and passwords in the physical network.
-
Fix the host operating system and stop or disable unnecessary services. Keep the operating system compact to ensure that the attack surface area is minimized.
-
Turn off unused virtual machines if you don't really need it.
-
Tighten virtual machines into an enterprise security policy even if they are virtual machines.
-
Protecting host machines to ensure that virtual machines are offline so that unauthorized users cannot interfere with the files of these virtual machines.
-
The solution to isolate processes like the Hyper Visor implementation type is also good, these systems are further isolated, the environment will be better protected.
-
Make sure that the host drivers are upgraded: this will ensure that the hardware runs at the optimum speed but more importantly, the latest software upgrade will ensure that the old driver software errors are compromised. Bad exploits are patched promptly.
-
Disable hardware port technology for each virtual machine if not used: technologies such as USB should be disabled for each virtual machine if the VM environment does not use port technology.
-
Check event logs and security events on both host and virtual machines. Testing is often overlooked in virtual machine environments, the reason may be related to host-based testing performed by virtual software. These records need to be stored in a record store so that they are safe and audited later.
-
In the future, opting to store flash technology for hyper visor software, magnetic media will not only have a certain shelf life but will also include security holes.
-
Limit and reduce the sharing of hardware resources. Security and resource sharing should not go concurrently. Data loophole is one of the few problems but DoS can appear when resources are shared and locked by switching to virtual machines. Because virtual machines share CPUs, RAM, hard drives, and other resources, we need to manage this resource carefully to ensure availability of services.
-
Ensure the network interface card is dedicated to each virtual machine. This can alleviate resource sharing issues, ensuring that traffic is intended and that organization from a virtual machine has some isolation.
-
Investing in hardware is suitable for the purpose and that is the knowledge of virtual machines. Hardware not built to support virtual machines is not good.
-
Partition creates disk boundaries that can be used to isolate and secure each virtual machine on its dedicated partition. If a virtual machine goes beyond the usual limits, dedicated partitions limit the impact on other virtual machines.
-
Ensure that virtual machines do not connect to each other if they do not need to connect. Network isolation is an important issue introduced above. With these virtual machines communication should use a private network card on a different network address range, which is a safer way of pushing the traffic between virtual machines on the exposed network.
-
Manage remote access to virtual machines and especially to host machines.
-
Remember that host machines represent a single point of failure, technologies such as replication and continuity will help reduce risks.
-
Avoid sharing IP addresses.
We need to assume that virtualization technology is not as simple as previously thought and security for it is a really necessary job; In addition, this technology shows many new challenges that need to be addressed.