The Virtualization Room

A SearchServerVirtualization.com and SearchVMware.com blog

» VIEW ALL POSTS Feb 4 2011   3:15PM GMT

NIST issues virtualization security guidelines



Posted by: Colin Steele
Tags:
Colin Steele
Virtualization security

Sure, server virtualization has been around for a while and is very popular in IT. But you know a technology has really hit the big time when it gets its own national standards.

The National Institute of Standards and Technology (NIST) this week released its virtualization security guidelines. The document emphasizes that virtualization involves many moving parts, from the host down to the VM, applications and associated technologies such as storage.

“The security of a full virtualization solution is heavily dependent on the individual security of each of its
components,” the report says.

The NIST virtualization security guidelines focus on these four main areas:

  • Hypervisor security: Keep all hypervisors updated and patched per vendors’ recommendations, and restrict access to its management interface. It’s also important to disconnect or disable all unused hardware and services, which can serve as attack vectors.
  • Guest OS security: Prompt updates are recommended here as well, as is disconnecting unused virtual hardware. You should also back up virtual drives, following the same policies for physical backups. The guidelines warn, “If a guest OS on a hosted virtualization system is compromised, that guest OS can potentially infect other systems on the same hypervisor.”
  • Infrastructure security: Only the guests that use certain storage or networking should have access to that specific hardware.
  • Desktop virtualization security: No two desktop virtualization deployments are the same, and determining how to protect virtual desktops depends on their use cases and sensitivity of their workloads.

The NIST virtualization security guidelines go into much more detail in the full report, “Guide to Security for Full Virtualization Technologies” (PDF). For additional resources, check our our server virtualization security best practices guide.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: