When it comes to virtualization, the main security touch points are that when the OS and applications of a server are encapsulated in a file, it makes it easier to 'walk off' with, if you will, becauase all of a sudden, they are more portable. You need to ensure that the appropriate physical security controls are in place such that only authorized personnel have physical access to the VM hosts. Some other things to consider are your strategy for landing VM guests. That is, you should try to group related, such as those managed by the same group together, as opposed to mixing and matching. This will also help when it comes to establishing SLAs and the like, which may differ. In addition, watch out for the open gate -- that is access to VM guests over the network such as through file shares, etc. -------------------------------------------------------------------------------- Key security issue with configuration is ensure that your Vswitches have promiscuous mode switched off, this is default setting on ESX however ensure it stays that way, physical access is an issue as is admin rights. ensure low access to physical location, give only permissions on virtualisation product that at most restricive. keep a small list of people that know what is virtualised, a real hacker may want your vm's but most are out to disrupt, what they dont know wont hurt them unless you advertise. dont put all your network cards in the same Vswitch, spread the load accross Vswitches and port groups. the best way to protect is to do as best practise says now, take take of everything in the most secure manner, from the perimeter through to shares and you should do ok. to be dead honest nothing is secure from everyone but if you do the best you can people will move on to poeple who are not as carefull and leave you alone. hope this helps in some way

When it comes to virtualization, the main security touch points are that when the OS and applications of a server are encapsulated in a file, it makes it easier to 'walk off' with, if you will, becauase all of a sudden, they are more portable. You need to ensure that the appropriate physical security controls are in place such that only authorized personnel have physical access to the VM hosts. Some other things to consider are your strategy for landing VM guests. That is, you should try to group related, such as those managed by the same group together, as opposed to mixing and matching. This will also help when it comes to establishing SLAs and the like, which may differ. In addition, watch out for the open gate -- that is access to VM guests over the network such as through file shares, etc. -------------------------------------------------------------------------------- Key security issue with configuration is ensure that your Vswitches have promiscuous mode switched off, this is default setting on ESX however ensure it stays that way, physical access is an issue as is admin rights. ensure low access to physical location, give only permissions on virtualisation product that at most restricive. keep a small list of people that know what is virtualised, a real hacker may want your vm's but most are out to disrupt, what they dont know wont hurt them unless you advertise. dont put all your network cards in the same Vswitch, spread the load accross Vswitches and port groups. the best way to protect is to do as best practise says now, take take of everything in the most secure manner, from the perimeter through to shares and you should do ok. to be dead honest nothing is secure from everyone but if you do the best you can people will move on to poeple who are not as carefull and leave you alone. hope this helps in some way