Virtualisation is widely used in data centres, but many administrators still find the challenges of the resulting complexity daunting.
By Al De Brito, Availability & Hosting, ContinuitySA
Based on the techniques and thinking we have developed within our own data centres, which of course have to be bullet-proof because they are our clients’ last resort, here are some tips for supporting the security of your virtual environment:
- Segregate virtual networks. Configure each part of the network for maximum security, ensuring that each network components are only visible as necessary.
- Manage virtual network cards carefully. Network cards can be a backdoor into the system.
- Only open firewall ports as needed. Leaving them open is risky.
- Grant user privileges according to role. One-quarter of breaches are traceable to administrators having too many privileges.
- Ensure virtual machines are kept current with all patches and updates. Don’t forget dormant machines, and make it a practice to scan a virtual machine before bringing it up. In addition, like physical machines, virtual machines need to be protected by anti-virus software.
- Physical security should take the virtual environment into account. Physical environments need to be segregated along the same lines as the virtual ones, and firewalls should be used to protect applications that have to break out of the network.
- Use monitoring tools. Good technology now exists to detect malware and intrusion in the virtual environment.
- Use vendor-developed APIs and virtual appliances. Don’t develop your own unless absolutely necessary—the vendor’s solution will have security built into it.
Overall, it makes sense for the change and life cycle management of the virtual environment to be integrated into the overall security administration. It’s a good idea to collaborate with colleagues in the risk management and compliance departments, in order to gain the benefit of their experience and knowledge, and also to ensure that auditors understand the measures taken to secure the virtualisation environment.
Contact us about your virtual environment requirements.