Solved

Virtual systems

Posted on 2011-09-05
9
358 Views
Last Modified: 2012-05-12
Are there any added areas that auditors would need to check when a windows server goes from physical to a vmware virtual server? Or is it just the same principles as whether it was a physical or virtual device? In terms of data security, just wanted to ensure tehre are no new vmware "features" that if poorly configured would make the server and its data prone to compromise?
0
Comment
Question by:pma111
  • 4
  • 4
9 Comments
 
LVL 119

Accepted Solution

by:
Andrew Hancock (VMware vExpert / EE MVE^2) earned 300 total points
ID: 36484335
The same Physical server checks/security policies also apply to Virtual server Guest checks.

But with one additional check, that you may also need to check the security of the Host Hypervisor which hosts all the Virtual Machines, and check that the Host Hypervisor is secure and correctly implemented, and security hardended if required.
0
 
LVL 119
ID: 36484340
Also checkout the VMware Compliance Checker for vSphere

Check the compliance of your IT infrastructure against specific standards and best practices that are applicable for the environment. The Compliance Checker is a free, downloadable, fully-functional product for checking compliance of your environment to help you ensure that it remains secure and compliant.

It's a Free Download here
http://www.vmware.com/products/datacenter-virtualization/vsphere-compliance-checker/overview.html

0
 
LVL 3

Author Comment

by:pma111
ID: 36484341
Physical security is good offsite retina scanners cctv etc
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 3

Author Comment

by:pma111
ID: 36484440
I am not familiar with vSphere - is it a specific virtualisation tool?

0
 
LVL 3

Author Comment

by:pma111
ID: 36484442
I assume its a scanner just for virtual hosts?
0
 
LVL 10

Assisted Solution

by:BloodRed
BloodRed earned 200 total points
ID: 36484481
The same scanning principles apply to the virtual machines, security settings, patch levels and such are still the same as a physical server. The compliance checker linked above is a good way to ensure you are in compliance with best practices for the vSphere hosts (yes, vSphere is a virtualization infrastructure), common things are separation of the VM networks from the managment and storage networks, applying appropriate security patches, separating duties for administrators, etc.  
0
 
LVL 119
ID: 36484504
The Compliance Checker is to check vSphere Hosts (ESX/ESXi) servers.

vSphere is the VMware brand. e.g. VMware vSphere Hypervisor.
0
 
LVL 3

Author Comment

by:pma111
ID: 36486920
http://www.ultimatewindowssecurity.com/webinars/register.aspx?id=142

Interesting comments:

"I’ve always preached that applications and databases are only as secure as the operating system they run on.  Now I find myself preaching that operating systems are only as secure as the virtualization infrastructure they run on. "
0
 
LVL 119
ID: 36487535
It's very true of any IT system. It's not just virtualization, but physical as well.

e.g. one simple security item are ALL the clocks syncronised in your organisation and reading the correct time, otherwise Audits logs will be wrong.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Worried about if Apple can protect your documents, photos, and everything else that gets stored in iCloud? Read on to find out what Apple really uses to make things secure.
This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
This Micro Tutorial walks you through using a remote console to access a server and install ESXi 5.1. This example is showing remote access and installation using a Dell server. The hypervisor is the very first component of your virtual infrastructu…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

786 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question