Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Sum Of All Virtual Fears: Page 8 of 10

The good news is that we've thus far seen relatively few critical VMware patches.Living In A Virtual World

For now, we're all biding our time, waiting on the first successful compromise of a production hypervisor or VMM. To make sure your network doesn't become a poster child, architect your host implementation to keep the potential attack surface as small as possible. Find out where third-party device drivers reside—within the hypervisor to improve performance or at a higher layer, taking a slight hit while reducing the security risk.

Disable unnecessary emulated devices and lock down extraneous features and unused services on both the host platform and guests. Remember: A virtualized machine is still a machine. While that may seem obvious, IT needs to approach VMs with the same diligence and care offered to traditional servers, including adherence to security policies and guidelines. Thirty-five percent of our survey respondents admit to having no IT security or protection plan in place, with 23% 'fessing up that their policies are works in progress. Considering that upwards of 70% of respondents have deployed at least one host platform, it's clear that unpatched or unprotected virtualized servers represent vulnerabilities just waiting to be exploited.

Ensure that security concerns, permissions and environmental settings are properly configured to follow VMs to new hosts—while environmental flexibility is a key advantage of enterprise-class offerings like VMware ESX, without proper planning the ability to move VMs on the fly can be a curse.

"Along the lines of reducing attack surfaces and general exposure, I've seen organization moving their VMware management segments off from the rest of the network and restricting who and what can gain access," Shipley says. "Clearly, firewalls in the data center is a newer trend, but certainly not one that's being driven solely by VMware. The more progressive IT teams I've seen are really starting to think about the concept of 'least privilege' models when it comes to network segmentation, and organizations can reduce their risk profiles by being diligent about restricting access to the VMware management infrastructure"