l
lbloom
Nov 30, 2011

What special steps do you take to ensure network security in a virtual environment?

Virtualization makes some things easier in life, but introduces new security issues as well. VMs can be in any location, and out of sight can mean out of control. It was easier when you could walk across an office and lay hands on an individual stationary machine. What special steps do you take to ensure network security in a virtual environment?

jimlynch
11/30/2011
Hi lbloom,

Here's a PDF file from the National Institute of Standards and Technology. It's a guide to security for virtualization technologies. It's free and I think it might answer some of your questions and help you develop your own security guidelines and practices.

Guide to Security for Full Virtualization Technologies
http://csrc.nist.gov/publications/nistpubs/800-125/SP800-125-final.pdf

"The recent increase in the use of full virtualization products and services has been driven by many
benefits. One of the most common reasons for adopting full virtualization is operational efficiency:
organizations can use their existing hardware (and new hardware purchases) more efficiently by putting
more load on each computer. In general, servers using full virtualization can use more of the computer’s
processing and memory resources than servers running a single OS instance and a single set of services. A
second common use of full virtualization is for desktop virtualization, where a single PC is running more
than one OS instance. Desktop virtualization can provide support for applications that only run on a
particular OS. It allows changes to be made to an OS and subsequently revert to the original if needed,
such as to eliminate changes that negatively affect security. Desktop virtualization also supports better
control of OSs to ensure that they meet the organization’s security requirements.

Full virtualization has some negative security implications. Virtualization adds layers of technology,
which can increase the security management burden by necessitating additional security controls. Also,
combining many systems onto a single physical computer can cause a larger impact if a security
compromise occurs. Further, some virtualization systems make it easy to share information between the
systems; this convenience can turn out to be an attack vector if it is not carefully controlled. In some
cases, virtualized environments are quite dynamic, which makes creating and maintaining the necessary
security boundaries more complex.

This publication discusses the security concerns associated with full virtualization technologies for server
and desktop virtualization, and provides recommendations for addressing these concerns. Most existing
recommended security practices remain applicable in virtual environments. The practices described in this
document build on and assume the implementation of practices described in other NIST publications."
Answer this