Dr. Tom Shinder’s Blog RSS

All Blogs  »  Dr. Tom Shinder's Blog  »  Microsoft Security Space  »  Blog article: Virtual Security Myths

Virtual Security Myths

Kai Axford put together a great article on security myths in a virtual world. It’s come to Kai’s and my attention that some admins who are new, and not so new to virtualization, thinks that there might be some magic security sauce to virtualization. Like most such beliefs (such as the belief that “hardware” firewalls are more secure than “non-hardware” firewalls), these are not true.

Kai points out three common myths about security in a virtual world:

Myth #1: “I only have to patch my host OS / Kernel.”

While you do need to keep the host OS secure so that taking down the host OS doesn’t take down all the guests running on that host, the fact is that the guests also have to be secured, just as they would be if they were running in a non-virtualized environment. There’s nothing inherent in a virtualized environment that would making updating guests any less important than if they weren’t virtualized

Myth #2: “If I just protect my host machine, it will protect my VMs.”

This is a corollary of myth #1. Yes, the host machine must be secured, but the guests also need to be able to defend themselves. Apply the same security requirements to your virtual machines are you would to your physical machines. Examine all points of inbound and outbound access to and from those virtual machines and make sure you have accounted for them and secured them

Myth #3: “Virtual hard disk files are secure by default.”

Not sure where this one came from. It would be like saying “all physical computers are secure by default”. If ten people sent their workstations for you to work on in your lab, would you connect them to your network because you had a belief that they were secure by default? Of course not. The same is true for virtual machines. Don’t trust them and don’t connect them to your network if you know that they’ve fallen out of your hands at any time.

Check out Kai’s excellent article for full coverage on this subject at:

http://technet.microsoft.com/en-us/library/cc974514.aspx

HTH,

Tom

Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer
Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING documentation | integration | virtualization
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)

This entry was posted on Tuesday, September 16th, 2008 at 7:34 am and is filed under Microsoft Security Space. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply

This is a captcha-picture. It is used to prevent mass-access by robots. (see: www.captcha.net)

You must read and type the 6 chars within 0..9 and A..F, and submit the form.

  

If CAPTCHA image is missing or you cannot read the characters above, please generate a


Receive all the latest articles by email!

Receive Real-Time & Monthly WindowSecurity.com article updates in your mailbox. Enter your email below!
Click for Real-Time sample & Monthly sample

Become a WindowSecurity.com member!

Discuss your security issues with thousands of other network security experts. Click here to join!

Community Area

Log in | Register

Solution Center