The Center for Internet Security (CIS)
has released some security benchmarks for VMware ESX Server 3.0.x. The
ESX security benchmark joins recommendations and guidelines for
Windows 2000, Windows XP, Windows Server 2003, Red Hat Linux, and
Mac OS X that are also available from the CIS. The CIS has also
published a generic virtual machine (VM) security benchmark as well.
Taken together, the ESX benchmark and the VM benchmark provide good,
solid recommendations around virtualization security.
The ESX/VM benchmarks are available for download here.
With all the hype around virtualization’s impact on
security—positive or negative—it’s good to see some concrete and
actionable recommendations. If nothing else, these documents will at
least provide a starting point for security professionals and
virtualization experts to discuss the best way to architect solutions
without compromising the security of the network/servers. In fact, we might even find ways to enhance the security of the network/servers.