What to do about virtual server security? Security’s important, right? Well, so it may be – but when it comes to virtualisation, it’s not hard to get the impression that it isn’t being treated as seriously as it should be. I don’t know about you, but when I read about the take-up of virtualisation, the feeling of foreboding is not unlike seeing a five-year-old play with …
I was expecting some tips on security judging by the title of this article. Well, you don't get anything for free... will continue to use standard best practice for securing servers.
The article has an undertone suggesting that there should be specific things you need to do to secure a VM host. Well?
"It could be worse perhaps – giving control over to developers or researchers with a “There you go, fill your boots” attitude could be a recipe for security disaster." ..... Jon, whereas it could be worse, it will always be better with greatly enhanced security protection with developers and researchers who know exactly what they are doing and why they are doing it.
"And this lack of knowledge will cause problems of its own, in terms of management best practice. As Reg reader Dparker pointed out, for example:
“The points about 'virtual server sprawl' highlight that there are risks, no least of which is the potential for forgotten test applications lurking, unpatched and unattended, in the virtual environment.”" ...... Show me any proficient Virtual Machinery which would not relish a walk on the wild side with lurking forgotten test applications and you will have discovered a Pretender in the Midst of Cloud.
That was a very informed article, Jon, pushing all the right buttons and whilst "The challenge is that while the principles are sound, the practice of managing what promises to be a more dynamic IT environment than in the past remain immature and understood only by a minority." may indeed be so very true, for some in the minority would the IT be extremely well developed and much more novel than immature. When it is thus, do they have a more dynamic IT environment than in the past at their fingertips and if the absolute truth be also told, also at their mercy.
And whether to wear Blinding White or Darkest Black or any variation of colour in between, is very much a personal decision which can be dictated to by Third Party Indifference or Opposition/Competition.
as the virtual infrastructure guy, I'm continuously being asked by devs, app support, testers, etc "can I have the VI console, and access to VM x,y,z?"
no.
Then I tell them the analogy of the "key/swipecard access to the server room" - do you have physical access to our datacentre? no, well the VIC is the same thing... so you won't be getting that either.
So far, so good - it's been a strong enough argument to stop them bitching to their boss, who in turn bitches to mine, and I then go thru my little speech again, and their boss goes away thinking their staff have not been 100% up front to him.....
/Muntz
ah-har
In our environment, we have a set procedure for who is able to access servers, and what level of access they have. It's largely based on industry best-practices, but with a few tweaks for our environment.
Virtual servers are no different, except in one respect: We have a pretty tight control on who is able to access the hardware's console, and we lock down the rights assignments on the vcenter client's per industry best practices and within our own internal controls.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
