A fundamental requirement for a successful virtualization is to establish security mechanismsin order to deal with the loopholes of this fascinating technology. In this regard, in addition tothe traditional techniques some other security measures are necessary to be taken to ensuresecurity of virtualized systems.Hardening Virtual Machines:In server virtualization, users have indirect access to computingresources through the virtual machines. All applications they run or any computations theyperform can be done on VMs only. Robust and properly configured virtual machines will neverallow any application to bypass them to directly access the hypervisor or underlying resources.So, hardening the virtual machines should be a practice as they act as the first layer of defence. Theimplementation may vary according to the vendor’s recommendations. It is also important to keepvirtual machine software updated to ensure that all known vulnerabilities have been corrected.Hardening the Hypervisor:Hypervisor is the key player in virtualization. Any communicationbetween the virtual machines and the underlying resources are directed through the hypervisor.So, it is inevitable to focus on the security of the hypervisor and make sure that the hypervisoris deployed steadily. This ensures that even if any pitfall arises in any of the guest systems (thevirtual machines), the VMM protects the other VMs and the underlying resources from anyattack or further security breach.Hardening the Host Operating System:In hosted server virtualization technique, the hostoperating system plays vital role in managing the security of the physical system. While anypitfall in the configuration of guest operating system can only affect the particular virtualmachine’s environment any pitfall in host OS may affect the entire environment as well as allof the guest machines. Also a flawed host OS can weaken the hypervisor it is hosting to makethe whole environment feeble.Restrictive Physical Access to the Host:Any vulnerability of the host system exposes anentire virtual environment to risks. Host systems must be prevented from all external andunauthorized accesses. Any unauthorized physical access to the host system may easily makeit vulnerable to attack in many ways.Implementation of Single Primary Function Per VM:Although the virtual machines arecapable of handling multiple tasks, it makes the virtualization environment more secure ifprime processes are separated among different VMs. This isolation prevents the processesfrom being exposed and dilutes hacker’s ability to damage multiple essential environmentalfunctions when any weakness arises in one virtual machine.Use of Secured Communications:Establishing secured communication mechanisms provideprotection to computing system. Encryption techniques should be used to frustrate hackers.Techniques like Secure HTTP (HTTPS), encrypted virtual private networks (VPNs),transportlayer security (TLS),secure shell (SSH) etc. help to prevent spoofed attacks and sessionhijacking.Use of SeparateNIC for Sensitive VM:Virtual machines which process sensitive data willattract more attention from hackers over the network. In such scenario, it is better to useseparate physicalnetwork interfaces card (NIC) for this type of virtual machines rather thansharing one NIC among multiple VMs.Apart from the above listed measures, keeping all of the software, like host operatingsystem, hypervisor, guest operating systems and others up-to-date and timely patching,disabling unnecessary services are also very important factors to enhance the security of avirtualized environment.
Guest OS, hypervisor, host OS and the physical system are the four layers in the architecture ofvirtualized environment, and for security measures all of these should be considered separately
A fundamental requirement for a successful virtualization is to establish security mechanismsin order to deal with the loopholes of this fascinating technology. In this regard, in addition tothe traditional techniques some other security measures are necessary to be taken to ensuresecurity of virtualized systems.Hardening Virtual Machines:In server virtualization, users have indirect access to computingresources through the virtual machines. All applications they run or any computations theyperform can be done on VMs only. Robust and properly configured virtual machines will neverallow any application to bypass them to directly access the hypervisor or underlying resources.So, hardening the virtual machines should be a practice as they act as the first layer of defence. Theimplementation may vary according to the vendor’s recommendations. It is also important to keepvirtual machine software updated to ensure that all known vulnerabilities have been corrected.Hardening the Hypervisor:Hypervisor is the key player in virtualization. Any communicationbetween the virtual machines and the underlying resources are directed through the hypervisor.So, it is inevitable to focus on the security of the hypervisor and make sure that the hypervisoris deployed steadily. This ensures that even if any pitfall arises in any of the guest systems (thevirtual machines), the VMM protects the other VMs and the underlying resources from anyattack or further security breach.Hardening the Host Operating System:In hosted server virtualization technique, the hostoperating system plays vital role in managing the security of the physical system. While anypitfall in the configuration of guest operating system can only affect the particular virtualmachine’s environment any pitfall in host OS may affect the entire environment as well as allof the guest machines. Also a flawed host OS can weaken the hypervisor it is hosting to makethe whole environment feeble.Restrictive Physical Access to the Host:Any vulnerability of the host system exposes anentire virtual environment to risks. Host systems must be prevented from all external andunauthorized accesses. Any unauthorized physical access to the host system may easily makeit vulnerable to attack in many ways.Implementation of Single Primary Function Per VM:Although the virtual machines arecapable of handling multiple tasks, it makes the virtualization environment more secure ifprime processes are separated among different VMs. This isolation prevents the processesfrom being exposed and dilutes hacker’s ability to damage multiple essential environmentalfunctions when any weakness arises in one virtual machine.Use of Secured Communications:Establishing secured communication mechanisms provideprotection to computing system. Encryption techniques should be used to frustrate hackers.Techniques like Secure HTTP (HTTPS), encrypted virtual private networks (VPNs),transportlayer security (TLS),secure shell (SSH) etc. help to prevent spoofed attacks and sessionhijacking.Use of SeparateNIC for Sensitive VM:Virtual machines which process sensitive data willattract more attention from hackers over the network. In such scenario, it is better to useseparate physicalnetwork interfaces card (NIC) for this type of virtual machines rather thansharing one NIC among multiple VMs.Apart from the above listed measures, keeping all of the software, like host operatingsystem, hypervisor, guest operating systems and others up-to-date and timely patching,disabling unnecessary services are also very important factors to enhance the security of avirtualized environment.
Guest OS, hypervisor, host OS and the physical system are the four layers in the architecture ofvirtualized environment, and for security measures all of these should be considered separately