Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 368
  • Last Modified:

Virtual systems

Are there any added areas that auditors would need to check when a windows server goes from physical to a vmware virtual server? Or is it just the same principles as whether it was a physical or virtual device? In terms of data security, just wanted to ensure tehre are no new vmware "features" that if poorly configured would make the server and its data prone to compromise?
0
pma111
Asked:
pma111
  • 4
  • 4
2 Solutions
 
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
The same Physical server checks/security policies also apply to Virtual server Guest checks.

But with one additional check, that you may also need to check the security of the Host Hypervisor which hosts all the Virtual Machines, and check that the Host Hypervisor is secure and correctly implemented, and security hardended if required.
0
 
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
Also checkout the VMware Compliance Checker for vSphere

Check the compliance of your IT infrastructure against specific standards and best practices that are applicable for the environment. The Compliance Checker is a free, downloadable, fully-functional product for checking compliance of your environment to help you ensure that it remains secure and compliant.

It's a Free Download here
http://www.vmware.com/products/datacenter-virtualization/vsphere-compliance-checker/overview.html

0
 
pma111Author Commented:
Physical security is good offsite retina scanners cctv etc
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
pma111Author Commented:
I am not familiar with vSphere - is it a specific virtualisation tool?

0
 
pma111Author Commented:
I assume its a scanner just for virtual hosts?
0
 
Justin CAWS Solutions ArchitectCommented:
The same scanning principles apply to the virtual machines, security settings, patch levels and such are still the same as a physical server. The compliance checker linked above is a good way to ensure you are in compliance with best practices for the vSphere hosts (yes, vSphere is a virtualization infrastructure), common things are separation of the VM networks from the managment and storage networks, applying appropriate security patches, separating duties for administrators, etc.  
0
 
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
The Compliance Checker is to check vSphere Hosts (ESX/ESXi) servers.

vSphere is the VMware brand. e.g. VMware vSphere Hypervisor.
0
 
pma111Author Commented:
http://www.ultimatewindowssecurity.com/webinars/register.aspx?id=142

Interesting comments:

"I’ve always preached that applications and databases are only as secure as the operating system they run on.  Now I find myself preaching that operating systems are only as secure as the virtualization infrastructure they run on. "
0
 
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
It's very true of any IT system. It's not just virtualization, but physical as well.

e.g. one simple security item are ALL the clocks syncronised in your organisation and reading the correct time, otherwise Audits logs will be wrong.
0

Featured Post

The Lifecycle Approach to Managing Security Policy

Managing application connectivity and security policies can be achieved more effectively when following a framework that automates repeatable processes and ensures that the right activities are performed in the right order.

  • 4
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now