Virtualization technology is common in modern computing environments, and there is a need for sound security in virtual networks. While the architecture and technology can be complex, according to Terminal's support experts, there are industry standard techniques and best practices that can boost the security of virtual machines and virtualized components.
Discovery and Inventory of Virtual Machines
The first step in properly securing your virtual infrastructure is to define where machines are located, what they are doing, and how they are maintained. Most B2B companies have outdated systems, where sysem administrators manually track their inventories on spreadsheets. Virtual environments are dynamic, so it is not uncommon to find virtual machines used for testing purposes are still running and not accounted for in the inventory.
Security of Virtual Networks
Terminal's support experts can consider several options for securing virtual network environments. Unlike physical switches, virtual switches cannot be connected or cascaded. Therefore, a virtual network plan must account for the types and number of virtual switches, the physical NICs that will be used, and the redundancies that will be designed into the system.
By default, virtual systems are separate entities. In addition, most use virtual LANs (VLANs) to add Layer 2 segmentations. Some virtual systems have configurable in-built security settings for preventing spoofing, traffic monitoring and other network security threats. However, the majority of virtual switches on the market have poor security and cannot be relied upon for port level security or dedicated traffic monitoring.
To augment the security of virtual switches, ensure redundancy in the design of the virtual network. There are three types of traffic segments that can be carried over to virtualization platforms: virtual machine migration, production traffic, and traffic management. Those traffic segments need to be secured to avoid being exposed.
Virtualization enables networks and virtual machines to be connected in a single physical platform. Traffic on a virtual network is, by default, managed by the hypervisors. If a hypervisor is compromised, the traffic can be exposed to third parties. If the machines have separate physical switches, virtual machine traffic is usually transmitted separately from the traffic of other machines.
System administrators should keep traffic with different classifications or sensitivity levels on separate hypervisor platforms to reduce risk of exposure.