【 Weak current College 】 Server virtual machine security management pay matters

Server virtualization only need fewer hardware resources will be able to run multiple programs and operating system used, can allow users according to their own needs high speed deployment of new resources. But such flexibility result in network and security managers cannot help but worry that exist in the virtual environment of security problems will spread throughout the network. Because if the server management programs occur in case of doubt, you'll soon be through virtual machines spread across the network. Next, let us from the following four areas to look at and server virtualization-related questions:

1. virtual machine overflow resulting in the spread of safety questions

Management of the program design process security risk infection with single physical virtual machines on a host, this phenomenon is known as the "overflow" virtual machine.

If the virtual machine to the management procedure of the diversion of independent environment, an intruder will be an opportunity to control the virtual machine Manager, and thus avoid tailored safeguard virtual machine security control system.

Virtual world security questions are attempting to leave the virtual machine's control. Although no company will allow security questions through management programs in the virtual host in the form of skills between transmission and spread, but such a security breach or exist. Because the intruder or security vulnerabilities will be rocking back and forth between the virtual machine, this will become a developer in the development process must face the question.

Now skill engineers generally takes the form of isolated virtual machines to ensure the security of the virtual environment. Ensure that virtual environments secure traditional form is in the database and use the program to configure the firewall between layers. They saved offline from the network virtualization environment helps to alleviate security concerns. This is virtualization environment is a good idea.

2. virtual machine multiplied, patch update burden

A virtual machine of another security concern is: virtual machine repair face greater challenges, because as the virtual machine growth accelerated, patches that doubt is also rising exponentially.

IT also agrees with patch management in a virtualized environment and critical, but in virtual and physical server patch distinction between essence is not in doubt, but a safe amount of doubt. Virtualization server and physical server also needs to patch management and ongoing maintenance. Currently, there are companies take three virtualization environment--both in the internal network, one in the quarantine zone (DMZ)--approximately 150 virtual machine. But this kind of arrangement means that the Manager adds extra layer to use for patch management. But even so, or not change regardless of the physical machine or a virtual machine with the key questions on the patch.

In addition it when the server is multiplied to the skill engineers added patches in a timely manner servers bringing certain pressure, they start getting concerned about the implementation of the process of the birth of automated tools.

3. in the quarantine zone (DMZ) run the virtual machine

Typically, many IT managers are reluctant to quarantine zone (DMZ) on the virtual server. Other IT managers in the quarantine zone (DMZ) virtual machine running critical use program, even for those who have been the company's server or firewall to defend the subject. However, if the user correctly taken security guarantee method, it is possible to do so. User you can quarantine zone (DMZ) running virtualization, even if the firewall or isolation devices are physical machine. In most cases, if the resource is separated from the safer forms. This time, whether it is quarantine area or non-sterile area, you can set up a virtualized environment, he is using the virtual resource cluster restrict access. "Each cluster is its own resources and access, so you cannot cluster back and forth between the in-line," he explained. Many IT managers are committed to their virtual servers, they are placed under the defence of the corporate firewall, and some practice is to use a virtual machine is placed in the isolation zone-only in the above program running non-critical use.

4. the management skills of the new features of the program vulnerable to hacker attack

Any new operating system is flawed and imperfect. This could mean that hackers exploit and found that the virtual operating system defects in turn attack?

Industry observers suggest that safety maintenance personnel should always on virtualization operating systems to remain vigilant, they potentially lead to vulnerability and security implications of potential security maintenance personnel manual patch repair alone is not enough.

Virtualization essentially new operating system, there are many we're missing out on. It will give priority to the hardware and the interaction between the application environment, so that the situation in a mess of things become possible.

Virtualization management procedures are not themselves imagine the kind of security risk. According to Microsoft sales strong understanding of Windows operating system patches, like VMware's virtualization vendors are also committed to the development manager skills control security vulnerability possibilities.