Deploying virtualization in your infrastructure provides many benefits but can also introduce new risks. Virtualized resources and services should be deployed with the following security considerations:
The host/hypervisor become prime targets; they are often a single point of failure for guests and data.
Virtual machines can interfere with each other in undesirable ways. Assuming no access controls were in place to help prevent this, one malicious guest could bypass a vulnerable hypervisor and directly access other resources on the host system, such as the storage of other guests.
Resources and services can become difficult to track and maintain; with rapid deployment of virtualized systems comes an increased need for management of resources, including sufficient patching, monitoring and maintenance.
Technical staff may lack knowledge, have gaps in skill sets, and have minimal experience in virtual environments. This is often a gateway to vulnerabilities.
Resources such as storage can be spread across, and dependent upon, several machines. This can lead to overly complex environments, and poorly-managed and maintained systems.
Virtualization does not remove any of the traditional security risks present in your environment; the entire solution stack, not just the virtualization layer, must be secured.
This guide aims to assist you in mitigating your security risks by offering a number of virtualization recommended practices for Red Hat Enterprise Linux that will help you secure your virtualized infrastructure.