Solved

Virtual systems

Posted on 2011-09-05
9
356 Views
Last Modified: 2012-05-12
Are there any added areas that auditors would need to check when a windows server goes from physical to a vmware virtual server? Or is it just the same principles as whether it was a physical or virtual device? In terms of data security, just wanted to ensure tehre are no new vmware "features" that if poorly configured would make the server and its data prone to compromise?
0
Comment
Question by:pma111
  • 4
  • 4
9 Comments
 
LVL 118

Accepted Solution

by:
Andrew Hancock (VMware vExpert / EE MVE) earned 300 total points
ID: 36484335
The same Physical server checks/security policies also apply to Virtual server Guest checks.

But with one additional check, that you may also need to check the security of the Host Hypervisor which hosts all the Virtual Machines, and check that the Host Hypervisor is secure and correctly implemented, and security hardended if required.
0
 
LVL 118
ID: 36484340
Also checkout the VMware Compliance Checker for vSphere

Check the compliance of your IT infrastructure against specific standards and best practices that are applicable for the environment. The Compliance Checker is a free, downloadable, fully-functional product for checking compliance of your environment to help you ensure that it remains secure and compliant.

It's a Free Download here
http://www.vmware.com/products/datacenter-virtualization/vsphere-compliance-checker/overview.html

0
 
LVL 3

Author Comment

by:pma111
ID: 36484341
Physical security is good offsite retina scanners cctv etc
0
 
LVL 3

Author Comment

by:pma111
ID: 36484440
I am not familiar with vSphere - is it a specific virtualisation tool?

0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 
LVL 3

Author Comment

by:pma111
ID: 36484442
I assume its a scanner just for virtual hosts?
0
 
LVL 10

Assisted Solution

by:BloodRed
BloodRed earned 200 total points
ID: 36484481
The same scanning principles apply to the virtual machines, security settings, patch levels and such are still the same as a physical server. The compliance checker linked above is a good way to ensure you are in compliance with best practices for the vSphere hosts (yes, vSphere is a virtualization infrastructure), common things are separation of the VM networks from the managment and storage networks, applying appropriate security patches, separating duties for administrators, etc.  
0
 
LVL 118
ID: 36484504
The Compliance Checker is to check vSphere Hosts (ESX/ESXi) servers.

vSphere is the VMware brand. e.g. VMware vSphere Hypervisor.
0
 
LVL 3

Author Comment

by:pma111
ID: 36486920
http://www.ultimatewindowssecurity.com/webinars/register.aspx?id=142

Interesting comments:

"I’ve always preached that applications and databases are only as secure as the operating system they run on.  Now I find myself preaching that operating systems are only as secure as the virtualization infrastructure they run on. "
0
 
LVL 118
ID: 36487535
It's very true of any IT system. It's not just virtualization, but physical as well.

e.g. one simple security item are ALL the clocks syncronised in your organisation and reading the correct time, otherwise Audits logs will be wrong.
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

It’s a strangely common occurrence that when you send someone their login details for a system, they can’t get in. This article will help you understand why it happens, and what you can do about it.
Find out what Office 365 Transport Rules are, how they work and their limitations managing Office 365 signatures.
Teach the user how to edit .vmx files to add advanced configuration options Open vSphere Web Client: Edit Settings for a VM: Choose VM Options -> Advanced: Add Configuration Parameters:
Teach the user how to install log collectors and how to configure ESXi 5.5 for remote logging Open console session and mount vCenter Server installer: Install vSphere Core Dump Collector: Install vSphere Syslog Collector: Open vSphere Client: Config…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

24 Experts available now in Live!

Get 1:1 Help Now