Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Virtual systems

Posted on 2011-09-05
9
Medium Priority
?
367 Views
Last Modified: 2012-05-12
Are there any added areas that auditors would need to check when a windows server goes from physical to a vmware virtual server? Or is it just the same principles as whether it was a physical or virtual device? In terms of data security, just wanted to ensure tehre are no new vmware "features" that if poorly configured would make the server and its data prone to compromise?
0
Comment
Question by:pma111
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
9 Comments
 
LVL 124

Accepted Solution

by:
Andrew Hancock (VMware vExpert / EE MVE^2) earned 1200 total points
ID: 36484335
The same Physical server checks/security policies also apply to Virtual server Guest checks.

But with one additional check, that you may also need to check the security of the Host Hypervisor which hosts all the Virtual Machines, and check that the Host Hypervisor is secure and correctly implemented, and security hardended if required.
0
 
LVL 124
ID: 36484340
Also checkout the VMware Compliance Checker for vSphere

Check the compliance of your IT infrastructure against specific standards and best practices that are applicable for the environment. The Compliance Checker is a free, downloadable, fully-functional product for checking compliance of your environment to help you ensure that it remains secure and compliant.

It's a Free Download here
http://www.vmware.com/products/datacenter-virtualization/vsphere-compliance-checker/overview.html

0
 
LVL 3

Author Comment

by:pma111
ID: 36484341
Physical security is good offsite retina scanners cctv etc
0
2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

 
LVL 3

Author Comment

by:pma111
ID: 36484440
I am not familiar with vSphere - is it a specific virtualisation tool?

0
 
LVL 3

Author Comment

by:pma111
ID: 36484442
I assume its a scanner just for virtual hosts?
0
 
LVL 10

Assisted Solution

by:BloodRed
BloodRed earned 800 total points
ID: 36484481
The same scanning principles apply to the virtual machines, security settings, patch levels and such are still the same as a physical server. The compliance checker linked above is a good way to ensure you are in compliance with best practices for the vSphere hosts (yes, vSphere is a virtualization infrastructure), common things are separation of the VM networks from the managment and storage networks, applying appropriate security patches, separating duties for administrators, etc.  
0
 
LVL 124
ID: 36484504
The Compliance Checker is to check vSphere Hosts (ESX/ESXi) servers.

vSphere is the VMware brand. e.g. VMware vSphere Hypervisor.
0
 
LVL 3

Author Comment

by:pma111
ID: 36486920
http://www.ultimatewindowssecurity.com/webinars/register.aspx?id=142

Interesting comments:

"I’ve always preached that applications and databases are only as secure as the operating system they run on.  Now I find myself preaching that operating systems are only as secure as the virtualization infrastructure they run on. "
0
 
LVL 124
ID: 36487535
It's very true of any IT system. It's not just virtualization, but physical as well.

e.g. one simple security item are ALL the clocks syncronised in your organisation and reading the correct time, otherwise Audits logs will be wrong.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you're a modern-day technology professional, you may be wondering if certifications are really necessary. They are. Here's why.
August and September have been big months for VMware—from VMworld last month to our new Course of the Month in VMware Professional - Data Center Virtualization. We reached out to Andrew Hancock, resident VMware vExpert, to have a more in-depth discu…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question