Ten Simple Ways to Prevent Security Breaches in VMware Server

VMware is one of the leading virtualization product developers. Virtualization helps make the best use of hardware resources. Implementing and managing VMware infrastructure is simple and provides great performance with high availability and business continuity through simplified disaster recovery solutions. Most critical applications such as Exchange, SQL or SharePoint exist in a VMware environment, so it’s very important to protect it from security breaches. Below are ten simple ways to protect VMware server:

1. Install VMware(ESXi) in high security mode

By default it applies all the security settings on the ESXi host. With these settings, sensitive data is never sent in clear text and all traffic is encrypted.

2. Apply Restrictions on VMware Console

Only administrators should be allowed to connect to the VM console and manage it; user access should be restricted. If needed, a role-based access model can be used to provide ‘Guest OS Owner’ permissions. This allows users to login and manage only the VMs they own. Integrated authentication with Active Directory makes it easier to create local accounts and detect whenever those accounts are being misused.

3. Secure Guest VMs

Update with the latest service packs and patches. Strengthen the security of servers by eliminating unnecessary services and ports. Update with the latest antivirus software versions and also make sure you enable default server firewalls.

4. Use VLAN to restrict access to VM host and Guest machines

It is important to secure VM hosts and guest machines by placing them into separate VLAN’s. If an intruder gets into a guest machine, it would be easy to connect to another host or guest machine, if they are all in the same network.

5. Enable remote syslog

Configure VMware server to use a remote syslog server to forward the syslog messages. It helps to maintain the logs in a centralized location and also helps to determine the health and status of the VMware infrastructure. Monitoring helps administrators to be proactive and also follow compliance regulations — such as PCI DSS, HIPAA, and SOX etc. – which require a centralized logging system. 

6. Restrict unauthorized devices connection

Restrict unauthorized devices from connecting to the host machines and prevent users from connecting devices from within the guest machines. Always disconnect unused physical devices from the host machines. E.g. a USB device connected to a host machine can be accessed by any guest machine. If it contains business critical information or an un-scanned antivirus, data loss is almost inevitable. 

7. Document the environment

Document the environment architecture detailing the configuration on each host and guest machine. This is also known as configuration management. Any change implemented is thoroughly tested before being applied. Make sure to update the document immediately after a successful change. It is also a good practice to have a rollback plan when you make any change to the environment.

8. Encrypt Virtual Machines

Encrypt the data stored on virtual machines to protect it from unauthorized use. Snapshots taken on a virtual machine should also be encrypted.

9. Encrypt Remote Control Connection

ESXi server automatically self-signs certificates as part of the default installation process. These certificates are vulnerable to possible man-in-the-middle attacks. To encrypt remote control connections and to use the certificate properly, install new certificates which are signed by a valid internal certificate authority or purchase a certificate from a trusted certificate authority.

10. Disable root level access through SSH

SSH remote access is disabled by default. If SSH remote root login is enabled, you can track where a root login was initiated, but you cannot track who logged in using the root account or which commands were executed. Hence, it is recommended to disable SSH remote root login access. Any command executed on SU login is logged.  Alternatively you can also use the sudo command, which allows normal users to run the commands with root privileges.

More and more business critical applications are supported by VMware platform.  VMware knowledge is one of the common skills of an IT administrator and it’s very important for them to understand the process and how to protect VMware environments from security threats.

Don’t hesitate to find out about the ways to avoid security breaches in Active DirectoryExchange 2010,  File Server 2012Windows Server 2012 and SharePoint.

Krishna has more than 10 years of IT experience, and has hands-on experience with Microsoft Exchange, Active Directory, Office 365, PowerShell, and VMware. Krishna is certified with an MCITP and was also a MVP in PowerShell. Krishna also provides training on various Exchange and PowerShell topics. He also maintains a personal blog that contains dozens of technical articles on various IT topics. Krishna loves to play cricket and badminton, and also enjoys growing organic vegetables in his terrace garden.