Home > Blogs > VMTN Blog

Virtualization Security Guidelines

Link: Virtualization Security Guidelines – blog.scottlowe.org

The Center for Internet Security (CIS)
has released some security benchmarks for VMware ESX Server 3.0.x.  The
ESX security benchmark joins recommendations and guidelines for
Windows 2000, Windows XP, Windows Server 2003, Red Hat Linux, and
Mac OS X that are also available from the CIS.  The CIS has also
published a generic virtual machine (VM) security benchmark as well.
Taken together, the ESX benchmark and the VM benchmark provide good,
solid recommendations around virtualization security.

The ESX/VM benchmarks are available for download here.

With all the hype around virtualization’s impact on
security—positive or negative—it’s good to see some concrete and
actionable recommendations.  If nothing else, these documents will at
least provide a starting point for security professionals and
virtualization experts to discuss the best way to architect solutions
without compromising the security of the network/servers.  In fact, we might even find ways to enhance the security of the network/servers.

One thought on “Virtualization Security Guidelines

  1. Greg Ness

    The debate about whether virtualization is more or less secure (than physical infrastructure) is kind of a meaningless, theoretical argument. Certainly a VM is different than a physical server as it can move, mutate and transform itself. Existing applications and operating systems have known vulnerabilities. Movement and change erodes the visibility of vulnerability scans (over time at an accelerated rate) and static security signatures (with rules tied to IP address).
    I’ve blogged about this topic at http://www.archimedius.net.

Comments are closed.