Remember the email
server or payroll system that you virtualized?
Someone with
administrator access to your virtual environment could easily swipe it and all
the data without anybody knowing.
Stealing a physical
server out of a data center is very difficult and is sure to be noticed,
stealing a virtual machine (VM), however, can be done from anywhere on your
network, and someone could easily walk out with it on a flash drive in their
pocket.
Because a virtual
machine is encapsulated into a single virtual disk file that resides on a host
server it is not all that difficult for someone with access to make a copy of
that disk file and access any of the data on it.
This is a simple
thing to do:
There are two ways
one could access the virtual disk (.vmdk) file of a virtual machine. The first
would be using the ESX Service Console. If someone knew the root password or had
a user account on the host, they could gain access to the VMFS volumes that
contain the virtual machine files and use copy tools like Secure Copy, or SCP,
to copy files from it. The second is using the vSphere/VMware Infrastructure
Client, which contains a built-in datastore browser.
How to protect
against it?
Limit the physical,
network and users access to the ESX and the VC.
Protect the
passwords.
Monitor
AAA (authentication,
authorization and accounting)
VMWARE security Best practices and
recommendations:
No comments:
Post a Comment