VMware is one of the leading virtualization product developers. Virtualization helps make the best use of hardware resources. Implementing and managing VMware infrastructure is simple and provides great performance with high availability and business continuity through simplified disaster recovery solutions. Most critical applications such as Exchange, SQL or SharePoint exist in a VMware environment, so it’s very important to protect it from security breaches. Below are ten simple ways to protect VMware server:
1. Install VMware(ESXi) in high security mode
By default it applies all the security settings on the ESXi host. With these settings, sensitive data is never sent in clear text and all traffic is encrypted.
2. Apply Restrictions on VMware Console
Only administrators should be allowed to connect to the VM console and manage it; user access should be restricted. If needed, a role-based access model can be used to provide ‘Guest OS Owner’ permissions. This allows users to login and manage only the VMs they own. Integrated authentication with Active Directory makes it easier to create local accounts and detect whenever those accounts are being misused.
3. Secure Guest VMs
Update with the latest service packs and patches. Strengthen the security of servers by eliminating unnecessary services and ports. Update with the latest antivirus software versions and also make sure you enable default server firewalls.
4. Use VLAN to restrict access to VM host and Guest machines
It is important to secure VM hosts and guest machines by placing them into separate VLAN’s. If an intruder gets into a guest machine, it would be easy to connect to another host or guest machine, if they are all in the same network.
5. Enable remote syslog
Configure VMware server to use a remote syslog server to forward the syslog messages. It helps to maintain the logs in a centralized location and also helps to determine the health and status of the VMware infrastructure. Monitoring helps administrators to be proactive and also follow compliance regulations — such as PCI DSS, HIPAA, and SOX etc. – which require a centralized logging system.
Restrict unauthorized devices from connecting to the host machines and prevent users from connecting devices from within the guest machines. Always disconnect unused physical devices from the host machines. E.g. a USB device connected to a host machine can be accessed by any guest machine. If it contains business critical information or an un-scanned antivirus, data loss is almost inevitable.
7. Document the environment
Document the environment architecture detailing the configuration on each host and guest machine. This is also known as configuration management. Any change implemented is thoroughly tested before being applied. Make sure to update the document immediately after a successful change. It is also a good practice to have a rollback plan when you make any change to the environment.
8. Encrypt Virtual Machines
Encrypt the data stored on virtual machines to protect it from unauthorized use. Snapshots taken on a virtual machine should also be encrypted.
9. Encrypt Remote Control Connection
ESXi server automatically self-signs certificates as part of the default installation process. These certificates are vulnerable to possible man-in-the-middle attacks. To encrypt remote control connections and to use the certificate properly, install new certificates which are signed by a valid internal certificate authority or purchase a certificate from a trusted certificate authority.
10. Disable root level access through SSH
SSH remote access is disabled by default. If SSH remote root login is enabled, you can track where a root login was initiated, but you cannot track who logged in using the root account or which commands were executed. Hence, it is recommended to disable SSH remote root login access. Any command executed on SU login is logged. Alternatively you can also use the sudo command, which allows normal users to run the commands with root privileges.
More and more business critical applications are supported by VMware platform. VMware knowledge is one of the common skills of an IT administrator and it’s very important for them to understand the process and how to protect VMware environments from security threats.
Don’t hesitate to find out about the ways to avoid security breaches in Active Directory, Exchange 2010, File Server 2012, Windows Server 2012 and SharePoint.
