VMware

Virtualization Security Troubleshooting

Virtualizing your IT environment typically results in the consolidation of computing, networking and storage systems on to a smaller set of x86 servers, increasing the importance of implementing administrative roles and access controls to support secure and efficient delegation of administration throughout your virtual infrastructure. Read below to find Best Practices for addressing issues such as administrative access control and virtual network visibility, and to discover the truth about common virtualization security myths.

Control Over Administrative Access

Issue	Solution
Delegation of administrative access controls made more complex by consolidation of virtual computing, networking and storage components on to a single piece of hardware.	Follow Best Practices for: Secure Design Secure Deployment Secure Operations
Administrative interfaces present a vector of attack if not properly secured.	Follow Best Practices for: Secure Operations

Issue

Solution

Delegation of administrative access controls made more complex by consolidation of virtual computing, networking and storage components on to a single piece of hardware.

Follow Best Practices for:

Administrative interfaces present a vector of attack if not properly secured.

Follow Best Practices for:

Secure Operations

Virtual Network Visibility

Issue	Solution
Network traffic between virtual machines on a single host is not visible to network-based intrusion detection/prevention systems.	Forward all traffic to outside system for inspection using a special Promiscuous-mode forwarding virtual machine, and utilize 3rd-party NIPS/NIDS tools that run in virtual machines and sit directly on Virtual Switch.

Security Patch Management

Issue	Solution
Virtual machines can fall out of compliance with mandated patch standards if they are left offline for long periods of time.	Use VMware Update Manager to automatically detect out-of-date virtual machine configurations and apply template-based patching to offline virtual machines.
Tracking the provenance and configuration of virtual machines can become difficult as your virtual infrastructure grows.	Follow Best Practices for secure deployment and utilize software tools for virtual machine lifecycle management.

Debunk Virtualization Security Myths

With the value of virtualization becoming so evident in people's minds, there is an ever-increasing amount being written about it, some of which is misleading or just plain wrong. Here are some of the more popularized myths and misconceptions, and the real story on them.

Blue Pill

The supposed threat embodied by Blue Pill is that one could create a piece of malware that also was a Virtual Machine Monitor. If the VMM could take over the host Operating System, then it could potentially hide a virus from that virtual machine by remaining within the VMM. The reality is that the very infection technique to which the creator alludes can be used to discover and disarm the exploit.

Learn more about Blue Pill

Virtual rootkit a.k.a. "SubVirt"

Security researchers describe in a technical paper a virtual machine-based “rootkit” that exploits vulnerabilities in Windows and Linux to insert itself under the OS. However, this threat targets the operating system. It is not about vulnerabilities in virtualization.

Virtual rootkit a.k.a. SubVirt

Take the Next Step

Visit the VMware Security Center to stay up-to-date on all current security issues or visit the VMware Virtual Appliance Marketplace to find certified virtual security appliances.

Home > Technology > Technology and Architecture > Security > Common Issues

Security Center

Stay up-to-date on all current security issues, and to understand considerations related to securing your virtual infrastructure.

Visit the Security Center

Security Blog

Learn about securing your virtualized environments at the VMware Security Blog.

Read Now

Worldwide